virtumonde help

Status
Not open for further replies.
L

lizardlize

New member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:37 PM, on 9/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\windows\system32\svchost.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\1191778237\ee\AOLSoftware.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\windows\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\windows\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: (no name) - {00F51FCC-F7C6-465A-8269-C76504C291F1} - (no file)
O2 - BHO: (no name) - {01E96A3D-6B63-49DF-BBBF-EEB3F84E1CBa} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {634F0B47-2F41-4429-BE86-83321CE674E6} - C:\windows\system32\vtUlJyAT.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {9548C5B1-FBCA-49CF-816B-53A7765859EC} - (no file)
O2 - BHO: (no name) - {CF867B3F-CF9B-4CF8-81AE-295FA59C02B3} - C:\windows\system32\xxyxVOIX.dll (file missing)
O2 - BHO: (no name) - {E538488B-36AB-42FF-8498-271810C9C599} - C:\windows\system32\ssqNHwTm.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [AOLAspSunset] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1191778237\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LVCOMSX] C:\windows\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [BM57247bb3] Rundll32.exe "C:\windows\system32\vrsbnfdq.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA3615] command /c del "C:\WINDOWS\system32\ssqNHwTm.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC255] cmd /c del "C:\WINDOWS\system32\ssqNHwTm.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services6] dllhosts.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/J...28/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O20 - AppInit_DLLs: pahqhe.dll iacgms.dll
O20 - Winlogon Notify: ssqNHwTm - C:\windows\SYSTEM32\ssqNHwTm.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Fix-It Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9944 bytes
 
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Make sure you read and follow the directions, anything else will slow the process and waste both of our time. I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
The junk can be tough to remove, so do not expect fast or easy.

This is a really nasty infection and there is not even an antivirus program in Running Processes?

C:\Program Files\ewido anti-spyware 4.0\guard.exe <<< this is obsolete

I am not about to waste my time and yours cleaning a computer not running an antivirus. I see McAfee in the bottom of the log and services, but something is wrong if it is not showing in Running processes.

Suppose you tell me what is going on here, with more information I may take another look.

Thanks
 
I have mirco trend as my antivirus.

My computer started running slow. Microtrend found something in McAfee. It deleted it. I will still having problems with IE and Opera. It would not open any pages in IE, and the only ones in Opera were the ones that were in my history. I updated the spybot I had and it found virtmonde, Astakiller, and win32.Agent.bm, along with a few others that I deleted. Virtumonde will not disapear from spybot.
 
You are infected and I am willing to help you if you will slow down and communicate with me, you said:

I have mirco trend as my antivirus.
Click to expand...
<<< what is that "mirco trend" if you are trying to say "Trend Micro" where is that program in the HJT log? This:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Has nothing to do with the antivirus program, that is simply a folder created to store HJT in.

You said this:
Microtrend found something in McAfee
Click to expand...

Are you saying you no longer use McAfee? If so, uninstall the program in Add Remove Programs. If you can not uninstall it, use the tool from McAfee:
McAfee Consumer Products Removal tool
http://www.majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html

Once that is done, I would like to see what is installed on this computer, show me like this:

Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
(You may edit out Microsoft, Hotfixes, Security Update for Windows XP,
Update for Windows XP and Windows XP Hotfix to shorten the list)

uninstall-man.jpg



Once you post the uninstall list and any information I reqested, then do this.

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.
(leave TT disabled until we finish)

Thanks
 
pskelley said:
<<< what is that "mirco trend" if you are trying to say "Trend Micro" where is that program in the HJT log? This:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Has nothing to do with the antivirus program, that is simply a folder created to store HJT in.
Click to expand...

I don't know where it is in the hijack this. I am using "world-class anti-virus & anti-spyware protection from Trend Micro" or so the box says. Windows Security center also says my virus protection is on. "Avanquest Virus Scanner Pro is up to date and the virus scanning is on."


pskelley said:
Are you saying you no longer use McAfee? If so, uninstall the program in Add Remove Programs. If you can not uninstall it, use the tool from McAfee:
McAfee Consumer Products Removal tool
http://www.majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html
Click to expand...
I was no longer using McAfee. I was able to remove it using the url.

Once that is done, I would like to see what is installed on this computer, show me like this:

pskelley said:
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
(You may edit out Microsoft, Hotfixes, Security Update for Windows XP,
Update for Windows XP and Windows XP Hotfix to shorten the list)
Click to expand...
This is where I do not know what I am doing wrong. When I Click the "Save List..." Button, the program just closes and it don't save. I search my computer for it too and couldnt find a log. Then I unistalled it and redownloaded it and then tried again. It produced the same result.

I did run a new hijack this log. Will this help?

Then I will disable TeaTimer.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:34 AM, on 9/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\windows\system32\svchost.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Common Files\AOL\1191778237\ee\AOLSoftware.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\windows\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\windows\system32\Rundll32.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\windows\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Opera\opera.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [AOLAspSunset] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1191778237\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LVCOMSX] C:\windows\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [BM57247bb3] Rundll32.exe "C:\windows\system32\tmgaebio.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services6] dllhosts.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/J...28/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O20 - AppInit_DLLs: pahqhe.dll iacgms.dll jahxmi.dll rcuiue.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Fix-It Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8427 bytes
 
1) C:\Program Files\ewido anti-spyware 4.0\ <<< this program is obsolete, uninstall it in Add Remove programs.

2) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.
(leave TT disabled until we finish)

3) A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.

Tutorial
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Remove any old copies of combofix before you proceed.

Thanks to sUBs and anyone else who helped with this fix.

It is important that it is saved directly to your Desktop.

Download ComboFix from Here to your Desktop
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Post the combofix log and a new HJT log.

Thanks
 
ComboFix 08-09-26.06 - Owner 2008-09-27 12:06:54.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Program Files\WinBudget
C:\windows\BM57247bb3.txt
C:\windows\BM57247bb3.xml
C:\windows\cookies.ini
C:\windows\pskt.ini
C:\windows\system32\components
C:\windows\system32\dao350.dll
C:\windows\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2008-08-27 to 2008-09-27 )))))))))))))))))))))))))))))))
.

2008-09-27 11:53 . 2008-09-27 11:52 46,080 --a------ C:\WINDOWS\system32\rqRIxuTM.dll
2008-09-27 11:52 . 2008-09-27 11:52 46,080 --a------ C:\WINDOWS\system32\rqRhIBSk.dll
2008-09-27 11:24 . 2008-09-27 11:24 46,080 --a------ C:\WINDOWS\system32\nnnkJAsP.dll
2008-09-27 11:24 . 2008-09-27 11:24 46,080 --a------ C:\WINDOWS\system32\khfDTNEt.dll
2008-09-27 09:48 . 2008-09-27 09:48 46,080 --a------ C:\WINDOWS\system32\nnnoPgHA.dll
2008-09-27 09:48 . 2008-09-27 09:48 46,080 --a------ C:\WINDOWS\system32\nnnoLEWo.dll
2008-09-27 09:17 . 2008-09-27 09:17 155,648 --a------ C:\WINDOWS\system32\gcfkfrvj.dll
2008-09-27 09:14 . 2008-09-27 09:14 112,640 --a------ C:\WINDOWS\system32\tehogmas.dll
2008-09-27 09:14 . 2008-09-27 09:14 112,640 --a------ C:\WINDOWS\system32\rcuiue.dll
2008-09-27 09:11 . 2008-09-27 09:11 107,008 --a------ C:\WINDOWS\system32\tmgaebio.dll
2008-09-27 09:11 . 2008-09-27 12:07 919 --ahs---- C:\WINDOWS\system32\xIiijmSs.ini2
2008-09-27 09:11 . 2008-09-27 12:07 919 --ahs---- C:\WINDOWS\system32\xIiijmSs.ini
2008-09-27 09:10 . 2008-09-27 09:10 253,440 --a------ C:\WINDOWS\system32\sSmjiiIx.dll
2008-09-27 09:10 . 2008-09-27 09:10 46,080 --a------ C:\WINDOWS\system32\iiFUmMfd.dll
2008-09-27 09:10 . 2008-09-27 09:10 46,080 --a------ C:\WINDOWS\system32\hggeBsPj.dll
2008-09-26 23:10 . 2008-09-26 23:10 112,640 --a------ C:\WINDOWS\system32\jahxmi.dll
2008-09-26 23:10 . 2008-09-26 23:10 112,640 --a------ C:\WINDOWS\system32\hpepyvtt.dll
2008-09-26 23:07 . 2008-09-27 09:01 875,539 --ahs---- C:\WINDOWS\system32\ddLUvyay.ini
2008-09-26 23:07 . 2008-09-27 08:59 875,488 --ahs---- C:\WINDOWS\system32\ddLUvyay.ini2
2008-09-26 18:02 . 2008-09-26 18:02 113,152 --a------ C:\WINDOWS\system32\swlhpwhw.dll
2008-09-26 18:02 . 2008-09-26 18:02 113,152 --a------ C:\WINDOWS\system32\iacgms.dll
2008-09-26 17:59 . 2008-09-26 17:59 988,183 --ahs---- C:\WINDOWS\system32\ytmwjacr.ini
2008-09-26 17:59 . 2008-09-26 17:59 77,312 --a------ C:\WINDOWS\system32\rcajwmty.dll
2008-09-26 17:58 . 2008-09-27 10:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-26 17:47 . 2008-09-26 18:41 876,450 --ahs---- C:\WINDOWS\system32\XIOVxyxx.ini2
2008-09-26 17:47 . 2008-09-26 18:47 876,103 --ahs---- C:\WINDOWS\system32\XIOVxyxx.ini
2008-09-26 10:28 . 2008-09-27 08:57 427 --a------ C:\WINDOWS\wininit.ini
2008-09-26 09:59 . 2008-09-26 09:59 113,152 --a------ C:\WINDOWS\system32\pahqhe.dll
2008-09-26 09:59 . 2008-09-26 09:59 113,152 --a------ C:\WINDOWS\system32\nghlvivg.dll
2008-09-26 09:56 . 2008-09-26 09:56 985,753 --ahs---- C:\WINDOWS\system32\srqginiw.ini
2008-09-26 09:56 . 2008-09-26 09:56 77,312 --a------ C:\WINDOWS\system32\winigqrs.dll
2008-09-26 07:19 . 2008-09-26 07:19 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-25 17:42 . 2008-09-26 09:50 951,033 --ahs---- C:\WINDOWS\system32\iiqnshct.ini
2008-09-25 17:42 . 2008-09-25 17:42 88,576 --a------ C:\WINDOWS\system32\tchsnqii.dll
2008-09-25 17:39 . 2008-09-25 17:39 112,128 --a------ C:\WINDOWS\system32\hohqil.dll
2008-09-25 17:39 . 2008-09-25 17:39 112,128 --a------ C:\WINDOWS\system32\gsybahph.dll
2008-09-25 17:39 . 2008-09-25 17:39 98,816 --a------ C:\WINDOWS\system32\blqsdmbn.dll
2008-09-25 16:26 . 2008-09-25 17:37 950,724 --ahs---- C:\WINDOWS\system32\xtcbmxkr.ini
2008-09-25 16:26 . 2008-09-25 16:26 112,128 --a------ C:\WINDOWS\system32\ujyjlj.dll
2008-09-25 16:26 . 2008-09-25 16:26 112,128 --a------ C:\WINDOWS\system32\rgkjuxjs.dll
2008-09-25 16:26 . 2008-09-25 16:26 98,816 --a------ C:\WINDOWS\system32\njslkici.dll
2008-09-25 15:50 . 2008-09-25 15:50 112,128 --a------ C:\WINDOWS\system32\nnicsm.dll
2008-09-25 15:49 . 2008-09-25 15:50 112,128 --a------ C:\WINDOWS\system32\xcbwtqed.dll
2008-09-25 15:47 . 2008-09-25 16:23 950,544 --ahs---- C:\WINDOWS\system32\swgatpcp.ini
2008-09-25 15:44 . 2008-09-25 15:44 98,816 --a------ C:\WINDOWS\system32\xjbmwcgl.dll
2008-09-25 15:21 . 2008-09-25 15:41 950,424 --ahs---- C:\WINDOWS\system32\hyuxwaak.ini
2008-09-25 15:21 . 2008-09-25 15:21 112,128 --a------ C:\WINDOWS\system32\hfbpzu.dll
2008-09-25 15:21 . 2008-09-25 15:21 112,128 --a------ C:\WINDOWS\system32\eqlrtjwc.dll
2008-09-25 15:18 . 2008-09-25 15:18 98,816 --a------ C:\WINDOWS\system32\mdygoxfe.dll
2008-09-25 14:55 . 2008-09-25 15:15 950,304 --ahs---- C:\WINDOWS\system32\qpityipw.ini
2008-09-25 14:52 . 2008-09-25 14:52 112,128 --a------ C:\WINDOWS\system32\ffmlux.dll
2008-09-25 14:52 . 2008-09-25 14:52 112,128 --a------ C:\WINDOWS\system32\dowdrmdm.dll
2008-09-25 14:49 . 2008-09-25 14:49 98,816 --a------ C:\WINDOWS\system32\frjdpkfp.dll
2008-09-25 14:37 . 2008-09-25 14:48 950,184 --ahs---- C:\WINDOWS\system32\scckgugp.ini
2008-09-25 14:34 . 2008-09-25 14:34 112,128 --a------ C:\WINDOWS\system32\vhypgmdj.dll
2008-09-25 14:34 . 2008-09-25 14:34 112,128 --a------ C:\WINDOWS\system32\kugnlc.dll
2008-09-25 14:31 . 2008-09-25 14:31 98,816 --a------ C:\WINDOWS\system32\jflphxuo.dll
2008-09-25 14:08 . 2008-09-25 14:29 950,064 --ahs---- C:\WINDOWS\system32\niesnuco.ini
2008-09-25 14:05 . 2008-09-25 14:05 112,128 --a------ C:\WINDOWS\system32\leulfi.dll
2008-09-25 14:05 . 2008-09-25 14:05 112,128 --a------ C:\WINDOWS\system32\htyoltvx.dll
2008-09-25 14:02 . 2008-09-25 14:02 98,816 --a------ C:\WINDOWS\system32\oikednnm.dll
2008-09-25 14:00 . 2008-09-25 14:00 112,128 --a------ C:\WINDOWS\system32\xacykm.dll
2008-09-25 14:00 . 2008-09-25 14:00 112,128 --a------ C:\WINDOWS\system32\dldjdgpb.dll
2008-09-25 13:58 . 2008-09-25 14:05 949,944 --ahs---- C:\WINDOWS\system32\xtvdjaij.ini
2008-09-25 13:58 . 2008-09-25 13:58 98,816 --a------ C:\WINDOWS\system32\sxksoonm.dll
2008-09-25 13:46 . 2007-08-13 18:45 78,336 --a------ C:\WINDOWS\system32\ieencode.dll
2008-09-25 13:25 . 2008-09-25 13:25 98,816 --a------ C:\WINDOWS\system32\mcuiivho.dll
2008-09-25 13:23 . 2008-09-25 13:23 112,128 --a------ C:\WINDOWS\system32\yvwepumr.dll
2008-09-25 13:23 . 2008-09-25 13:23 112,128 --a------ C:\WINDOWS\system32\qkiizc.dll
2008-09-25 13:21 . 2008-09-25 13:56 949,652 --ahs---- C:\WINDOWS\system32\bskxlmrh.ini
2008-09-25 13:21 . 2008-09-25 13:21 98,816 --a------ C:\WINDOWS\system32\mdldtxkb.dll
2008-09-25 13:03 . 2008-09-25 13:03 112,128 --a------ C:\WINDOWS\system32\vfexxy.dll
2008-09-25 13:03 . 2008-09-25 13:03 112,128 --a------ C:\WINDOWS\system32\btedxycx.dll
2008-09-25 13:00 . 2008-09-25 13:00 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-09-25 13:00 . 2008-09-25 13:19 949,352 --ahs---- C:\WINDOWS\system32\fiqhlfgs.ini
2008-09-25 12:58 . 2008-09-25 12:58 98,816 --a------ C:\WINDOWS\system32\kyikvrpi.dll
2008-09-25 12:19 . 2008-09-25 12:19 98,816 --a------ C:\WINDOWS\system32\jihrwqmq.dll
2008-09-25 11:42 . 2008-09-25 12:57 949,232 --ahs---- C:\WINDOWS\system32\omcyibwl.ini
2008-09-25 11:42 . 2008-09-25 11:42 112,128 --a------ C:\WINDOWS\system32\phmkln.dll
2008-09-25 11:42 . 2008-09-25 11:42 112,128 --a------ C:\WINDOWS\system32\kxkgphkq.dll
2008-09-25 11:41 . 2008-09-25 11:41 98,816 --a------ C:\WINDOWS\system32\jdsyhtrr.dll
2008-09-24 22:18 . 2008-09-24 22:18 116,224 --a------ C:\WINDOWS\system32\ntcxws.dll
2008-09-24 22:18 . 2008-09-24 22:18 116,224 --a------ C:\WINDOWS\system32\gogtflpg.dll
2008-09-24 22:15 . 2008-09-25 11:36 939,533 --ahs---- C:\WINDOWS\system32\ydpoidih.ini
2008-09-24 22:12 . 2008-09-24 22:12 97,280 --a------ C:\WINDOWS\system32\vsalhfng.dll
2008-09-24 21:18 . 2008-09-24 22:09 939,353 --ahs---- C:\WINDOWS\system32\gndewlnl.ini
2008-09-24 21:15 . 2008-09-24 21:15 116,224 --a------ C:\WINDOWS\system32\vobkrdoi.dll
2008-09-24 21:15 . 2008-09-24 21:15 116,224 --a------ C:\WINDOWS\system32\nmemoh.dll
2008-09-24 21:12 . 2008-09-24 21:12 97,280 --a------ C:\WINDOWS\system32\epttasrt.dll
2008-09-24 18:51 . 2008-09-24 21:09 939,233 --ahs---- C:\WINDOWS\system32\icpwhfeh.ini
2008-09-24 18:48 . 2008-09-24 18:48 116,224 --a------ C:\WINDOWS\system32\knvknwjd.dll
2008-09-24 18:48 . 2008-09-24 18:48 116,224 --a------ C:\WINDOWS\system32\akcskd.dll
2008-09-24 18:47 . 2008-09-24 18:47 97,280 --a------ C:\WINDOWS\system32\kesxfccs.dll
2008-09-24 17:13 . 2008-09-24 17:13 116,224 --a------ C:\WINDOWS\system32\mskqmb.dll
2008-09-24 17:13 . 2008-09-24 17:13 116,224 --a------ C:\WINDOWS\system32\hjrcmntv.dll
2008-09-24 17:10 . 2008-09-24 18:39 939,439 --ahs---- C:\WINDOWS\system32\wokfjqqd.ini
2008-09-24 17:08 . 2008-09-24 17:08 97,280 --a------ C:\WINDOWS\system32\pwhepwsr.dll
2008-09-24 17:06 . 2008-09-24 17:06 97,280 --a------ C:\WINDOWS\system32\bwfytjkn.dll
2008-09-24 08:16 . 2008-09-24 17:07 937,333 --ahs---- C:\WINDOWS\system32\tcgqauvy.ini
2008-09-24 08:14 . 2008-09-24 08:14 116,224 --a------ C:\WINDOWS\system32\vppgnbit.dll
2008-09-24 08:14 . 2008-09-24 08:14 116,224 --a------ C:\WINDOWS\system32\hijyqy.dll
2008-09-24 08:14 . 2008-09-24 08:14 97,280 --a------ C:\WINDOWS\system32\sdxhrljf.dll
2008-09-24 00:09 . 2008-09-24 00:09 116,224 --a------ C:\WINDOWS\system32\zewzrl.dll
2008-09-24 00:09 . 2008-09-24 00:09 116,224 --a------ C:\WINDOWS\system32\hejwhasx.dll
2008-09-24 00:03 . 2008-09-24 08:07 921,425 --ahs---- C:\WINDOWS\system32\aqkrohsi.ini
2008-09-24 00:02 . 2008-09-24 00:02 97,280 --a------ C:\WINDOWS\system32\mcsfqram.dll
2008-09-23 21:45 . 2008-09-23 23:55 921,305 --ahs---- C:\WINDOWS\system32\cfioldln.ini
2008-09-23 21:42 . 2008-09-23 21:42 111,616 --a------ C:\WINDOWS\system32\qlnbcmqq.dll
2008-09-23 21:42 . 2008-09-23 21:42 111,616 --a------ C:\WINDOWS\system32\onlbgw.dll
2008-09-23 21:41 . 2008-09-23 21:41 97,280 --a------ C:\WINDOWS\system32\eysijgoc.dll
2008-09-23 21:27 . 2008-09-23 21:27 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Avanquest
2008-09-23 21:26 . 2008-09-23 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-09-23 21:21 . 2008-09-23 21:21 <DIR> dr-hs---- C:\_Backup.RC
2008-09-23 21:21 . 2008-09-24 00:20 <DIR> d--h----- C:\_Backup
2008-09-23 21:19 . 2008-09-23 21:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Avanquest
2008-09-23 21:14 . 2008-09-23 21:14 <DIR> d-------- C:\Program Files\Avanquest
2008-09-23 21:10 . 2008-09-23 21:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-23 20:45 . 2008-09-23 21:31 921,125 --ahs---- C:\WINDOWS\system32\lcisicjc.ini
2008-09-23 20:45 . 2008-09-23 20:44 111,616 --a------ C:\WINDOWS\system32\hxwaap.dll
2008-09-23 20:44 . 2008-09-23 20:44 111,616 --a------ C:\WINDOWS\system32\nrvprgka.dll
2008-09-23 20:41 . 2008-09-23 20:41 97,280 --a------ C:\WINDOWS\system32\qtpfopgn.dll
2008-09-23 20:27 . 2008-09-23 20:27 97,280 --a------ C:\WINDOWS\system32\jbksnxhl.dll
2008-09-23 08:42 . 2008-09-23 08:42 97,280 --a------ C:\WINDOWS\system32\pbbwacnk.dll
2008-09-22 20:31 . 2008-09-22 20:31 113,152 --a------ C:\WINDOWS\system32\hucofkti.dll
2008-09-22 20:31 . 2008-09-22 20:31 113,152 --a------ C:\WINDOWS\system32\cdezcp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 18:38 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
2008-09-27 03:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2008-09-27 01:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-26 16:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-25 22:30 --------- d-----w C:\Program Files\xxx.xxx
2008-09-25 19:47 --------- d-----w C:\Program Files\Opera
2008-09-24 02:55 --------- d-----w C:\Program Files\Symantec
2008-09-24 02:28 --------- d-----w C:\Program Files\Photo Manager
2008-09-24 02:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-22 00:02 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-08-24 16:43 --------- d-----w C:\Program Files\Sun
2008-08-24 16:42 --------- d-----w C:\Program Files\Java
2008-08-22 18:00 29,600 ----a-w C:\windows\system32\mxntdfg.exe
2008-08-06 00:55 265,720 ----a-w C:\windows\system32\msdbg2.dll
2008-07-19 05:10 94,920 ----a-w C:\windows\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\windows\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\windows\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\windows\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\windows\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\windows\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\windows\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\windows\system32\wuaueng.dll
2008-07-09 00:10 129,784 ----a-w C:\windows\system32\pxafs.dll
2008-07-09 00:09 118,520 ----a-w C:\windows\system32\pxinsi64.exe
2008-07-09 00:09 116,472 ----a-w C:\windows\system32\pxcpyi64.exe
2008-07-07 20:32 253,952 ----a-w C:\windows\system32\es.dll
2008-03-26 15:20 228,336 -c--a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-03-09 01:48 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2005-12-18 18:20 0 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2002-07-26 22:02 153,088 -c--a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 63,712 2007-03-09 15:09:58 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe

----a-w 40,048 2007-05-11 07:06:32 C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
----a-w 40,048 2007-05-11 10:06:32 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

----a-w 1,450,096 2004-09-13 16:51:06 C:\Program Files\Ahead\InCD\bak\InCD.exe

----a-w 1,945,600 2004-11-30 17:36:56 C:\Program Files\Ahead\Nero BackItUp\bak\NBJ.exe

----a-w 196,608 2004-05-12 20:04:54 C:\Program Files\Ahead\Nero PhotoShow\data\Xtras\bak\mssysmgr.exe

----a-w 50,688 2003-06-07 10:32:32 C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe

----a-w 180,269 2006-08-19 17:20:33 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

----a-w 32,768 2003-11-01 02:42:40 C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe

----a-w 135,168 2004-03-11 22:18:54 C:\Program Files\Digital Media Reader\bak\shwiconem.exe

----a-w 49,152 2005-02-17 03:11:42 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe

----a-w 241,664 2004-05-12 19:18:56 C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe

----a-w 324 2007-10-30 19:32:45 C:\Program Files\HP\hpcoretech\bak\data\EvntData-1047924175.xml

----a-w 278,528 2006-06-14 20:24:14 C:\Program Files\iTunes\bak\iTunesHelper.exe

----a-w 83,608 2007-03-14 07:43:44 C:\Program Files\Java\jre1.6.0_01\bin\bak\jusched.exe

----a-w 118,784 2004-01-26 14:46:48 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe

----a-w 49,152 2004-02-03 19:13:18 C:\Program Files\Pinnacle\PPE\bak\PPE.EXE

----a-w 192,512 2004-04-23 16:00:36 C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\bak\USBTip.exe

----a-w 99,480 2004-06-30 17:49:30 C:\Program Files\Pure Networks\Port Magic\bak\PortAOL.exe

----a-w 282,624 2006-07-31 00:48:00 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 3,756,102 2007-05-04 20:52:43 C:\Program Files\Zinio\bak\ZinioReader.exe

----a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\ctfmon.exe

-c--a-w 155,648 2001-07-09 15:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

-c--a-w 406,016 2004-03-10 21:26:10 C:\WINDOWS\system32\bak\PSDrvCheck.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00F51FCC-F7C6-465A-8269-C76504C291F1}]
2008-09-27 09:17 155648 --a------ C:\windows\system32\gcfkfrvj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A66A3C7-3E78-43E6-95F7-DE6A8BF9AC3D}]
2008-09-27 09:10 253440 --a------ C:\windows\system32\sSmjiiIx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E538488B-36AB-42FF-8498-271810C9C599}]
2008-09-22 14:10 43008 --a------ C:\windows\system32\ssqNHwTm.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\windows\system32\dumprep 0 -u" [X]
"AOLAspSunset"="C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp.exe" [N/A]
"HostManager"="C:\Program Files\Common Files\AOL\1191778237\ee\AOLSoftware.exe" [2006-09-25 50736]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"LVCOMSX"="C:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"VirusScannerPro"="C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe" [2008-08-26 173312]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-10-02 67488]
"BM57247bb3"="C:\windows\system32\tmgaebio.dll" [2008-09-27 107008]
"ShowWnd"="ShowWnd.exe" [2003-09-19 C:\WINDOWS\ShowWnd.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NT Printing Services6"="dllhosts.exe" [2008-09-21 C:\WINDOWS\system32\dllhosts.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E538488B-36AB-42FF-8498-271810C9C599}"= "C:\windows\system32\ssqNHwTm.dll" [2008-09-22 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqNHwTm]
2008-09-22 14:10 43008 C:\WINDOWS\system32\ssqNHwTm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 LStone;Pinnacle Systems Studio AV/DV Overlay;C:\windows\system32\DRIVERS\lstone2k.sys [2002-12-10 11:20]
R3 I97DRIVER;I97DRIVER;C:\PROGRA~1\AVANQU~1\Fix-It\dgs.sys [2007-08-31 11:18]
S1 MemAlloc;MemAlloc;C:\windows\system32\DRIVERS\memalloc.sys [2002-08-26 04:51]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 14:46]
S2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 09:20]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17147075-1ead-11d9-bea6-806d6172696f}]
\Shell\AutoRun\command - F:\cdplayer.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{01E96A3D-6B63-49DF-BBBF-EEB3F84E1CBa} - (no file)
BHO-{216E95D7-B7A3-4D60-8883-07A37E2EE1C2} - (no file)
BHO-{634F0B47-2F41-4429-BE86-83321CE674E6} - C:\windows\system32\vtUlJyAT.dll
BHO-{80D48F93-A5A9-4A99-B180-0DD7A1A5F199} - (no file)
BHO-{9548C5B1-FBCA-49CF-816B-53A7765859EC} - (no file)
BHO-{C04826B7-53BE-4EBA-8ED5-55593DC28E67} - C:\windows\system32\yayvULdd.dll
BHO-{CF867B3F-CF9B-4CF8-81AE-295FA59C02B3} - C:\windows\system32\xxyxVOIX.dll
WebBrowser-{A057A204-BACC-4D26-CEC4-75A487FD6484} - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R1 -: HKCU-SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

O16 -: {A7EA8AD2-287F-11D3-B120-006008C39542}
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 12:22:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\windows\BM57247bb3.txt 74 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\windows\system32\winlogon.exe
-> C:\windows\system32\ssqNHwTm.dll

PROCESS: C:\windows\explorer.exe
-> C:\windows\system32\tmgaebio.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-27 12:36:04 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-09-27 19:35:45

Pre-Run: 117,595,660,288 bytes free
Post-Run: 117,498,556,416 bytes free

312 --- E O F --- 2008-09-10 10:01:09
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:50 PM, on 9/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\windows\system32\svchost.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\AOL\1191778237\ee\AOLSoftware.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\windows\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\windows\system32\Rundll32.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\windows\system32\svchost.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\wuauclt.exe
C:\windows\explorer.exe
C:\windows\system32\notepad.exe
C:\Program Files\Opera\opera.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\windows\system32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: (no name) - {00F51FCC-F7C6-465A-8269-C76504C291F1} - C:\windows\system32\gcfkfrvj.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {9A66A3C7-3E78-43E6-95F7-DE6A8BF9AC3D} - C:\windows\system32\sSmjiiIx.dll
O2 - BHO: (no name) - {E538488B-36AB-42FF-8498-271810C9C599} - C:\windows\system32\ssqNHwTm.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [AOLAspSunset] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1191778237\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [LVCOMSX] C:\windows\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [BM57247bb3] Rundll32.exe "C:\windows\system32\tmgaebio.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services6] dllhosts.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/J...28/&filename=jinstall-6u7-windows-i586-jc.cab
O20 - Winlogon Notify: ssqNHwTm - C:\windows\SYSTEM32\ssqNHwTm.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Fix-It Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8276 bytes
 
Thanks for returning your information and the feedback. You have a very, badly infected computer and this cleanup is going to be tough. Not only do you have many Vundo files that need to be removed manually but you also have another bad file infecting trojan called AWF (Downloader-AWF), read about it here:
http://vil.nai.com/vil/content/v_139503.htm
http://research.sunbelt-software.co...Downloader.Agent.AWF&threatid=134083nextfirst
combo fix will usually remove the infection but if not there is a complex manual proceedure. You do have the option to reformat the computer, let me know if you would prefer to do that.
I will post the next step in the cleanup process later in the morning.
I am suggesting the computer be kept offline at all times unless your are troubleshooting this issue, and that there be no computer activity that does not relate directly to the cleanup. This infection will continue to grow.
 
Last edited:
I have posted instructions for TeaTimer to be disabled:
In this HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:05:50 PM, on 9/27/2008
it is still running:
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

When you have followed the directions post a new HJT log.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:13 AM, on 9/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\AOL\1191778237\ee\AOLSoftware.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\windows\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\windows\system32\Rundll32.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\windows\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [AOLAspSunset] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1191778237\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [LVCOMSX] C:\windows\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [BM57247bb3] Rundll32.exe "C:\windows\system32\wfmfoavm.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services6] dllhosts.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/J...28/&filename=jinstall-6u7-windows-i586-jc.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Fix-It Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7179 bytes
 
http://forums.spybot.info/showthread.php?t=282 <<< see this
If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.
Click to expand...
LimeWire <<< uninstall all p2p programs on the computer

This is a lot for combofix "CFScript" to remove at once and it may take a while. It is very important that you read and do what you are told. There will be a lot of information in the codebox, you must make sure you copy/paste it all into the notepad for CFScript. Please read the directions a couple of time before starting to be sure you understand. If has to be done as it is posted to work.

Open notepad and copy/paste the text in the codebox below into it:

Code: 
AWF::
C:\Program Files\Pinnacle\PPE\bak\PPE.EXE
C:\Program Files\QuickTime\bak\qttask.exe
C:\Program Files\Zinio\bak\ZinioReader.exe
C:\WINDOWS\system32\bak\ctfmon.exe
C:\WINDOWS\system32\bak\NeroCheck.exe
C:\WINDOWS\system32\bak\PSDrvCheck.exe
C:\Program Files\iTunes\bak\iTunesHelper.exe
C:\Program Files\Ahead\InCD\bak\InCD.exe
C:\Program Files\Java\jre1.6.0_01\bin\bak\jusched.exe
C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe
C:\Program Files\Ahead\Nero BackItUp\bak\NBJ.exe
C:\Program Files\Digital Media Reader\bak\shwiconem.exe
C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
C:\Program Files\Ahead\Nero PhotoShow\data\Xtras\bak\mssysmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe
C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\bak\data\EvntData-1047924175.xml
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\bak\USBTip.exe
C:\Program Files\Pure Networks\Port Magic\bak\PortAOL.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe

File::
C:\windows\BM57247bb3.txt 
C:\WINDOWS\system32\rqRIxuTM.dll
C:\WINDOWS\system32\rqRhIBSk.dll
C:\WINDOWS\system32\nnnkJAsP.dll
C:\WINDOWS\system32\khfDTNEt.dll
C:\WINDOWS\system32\nnnoPgHA.dll
C:\WINDOWS\system32\nnnoLEWo.dll
C:\WINDOWS\system32\gcfkfrvj.dll
C:\WINDOWS\system32\tehogmas.dll
C:\WINDOWS\system32\rcuiue.dll
C:\WINDOWS\system32\tmgaebio.dll
C:\WINDOWS\system32\xIiijmSs.ini2
C:\WINDOWS\system32\xIiijmSs.ini
C:\WINDOWS\system32\sSmjiiIx.dll
C:\WINDOWS\system32\iiFUmMfd.dll
C:\WINDOWS\system32\hggeBsPj.dll
C:\WINDOWS\system32\jahxmi.dll
C:\WINDOWS\system32\hpepyvtt.dll
C:\WINDOWS\system32\ddLUvyay.ini
C:\WINDOWS\system32\ddLUvyay.ini2
C:\WINDOWS\system32\swlhpwhw.dll
C:\WINDOWS\system32\iacgms.dll
C:\WINDOWS\system32\ytmwjacr.ini
C:\WINDOWS\system32\rcajwmty.dll
C:\WINDOWS\system32\XIOVxyxx.ini2
C:\WINDOWS\system32\XIOVxyxx.ini
C:\WINDOWS\system32\pahqhe.dll
C:\WINDOWS\system32\nghlvivg.dll
C:\WINDOWS\system32\srqginiw.ini
C:\WINDOWS\system32\winigqrs.dll
C:\WINDOWS\system32\iiqnshct.ini
C:\WINDOWS\system32\tchsnqii.dll
C:\WINDOWS\system32\hohqil.dll
C:\WINDOWS\system32\gsybahph.dll
C:\WINDOWS\system32\blqsdmbn.dll
C:\WINDOWS\system32\xtcbmxkr.ini
C:\WINDOWS\system32\ujyjlj.dll
C:\WINDOWS\system32\rgkjuxjs.dll
C:\WINDOWS\system32\njslkici.dll
C:\WINDOWS\system32\nnicsm.dll
C:\WINDOWS\system32\xcbwtqed.dll
C:\WINDOWS\system32\swgatpcp.ini
C:\WINDOWS\system32\xjbmwcgl.dll
C:\WINDOWS\system32\hyuxwaak.ini
C:\WINDOWS\system32\hfbpzu.dll
C:\WINDOWS\system32\eqlrtjwc.dll
C:\WINDOWS\system32\mdygoxfe.dll
C:\WINDOWS\system32\qpityipw.ini
C:\WINDOWS\system32\ffmlux.dll
C:\WINDOWS\system32\dowdrmdm.dll
C:\WINDOWS\system32\frjdpkfp.dll
C:\WINDOWS\system32\scckgugp.ini
C:\WINDOWS\system32\vhypgmdj.dll
C:\WINDOWS\system32\kugnlc.dll
C:\WINDOWS\system32\jflphxuo.dll
C:\WINDOWS\system32\niesnuco.ini
C:\WINDOWS\system32\leulfi.dll
C:\WINDOWS\system32\htyoltvx.dll
C:\WINDOWS\system32\oikednnm.dll
C:\WINDOWS\system32\xacykm.dll
C:\WINDOWS\system32\dldjdgpb.dll
C:\WINDOWS\system32\xtvdjaij.ini
C:\WINDOWS\system32\sxksoonm.dll
C:\WINDOWS\system32\ieencode.dll
C:\WINDOWS\system32\mcuiivho.dll
C:\WINDOWS\system32\yvwepumr.dll
C:\WINDOWS\system32\qkiizc.dll
C:\WINDOWS\system32\bskxlmrh.ini
C:\WINDOWS\system32\mdldtxkb.dll
C:\WINDOWS\system32\vfexxy.dll
C:\WINDOWS\system32\btedxycx.dll
C:\WINDOWS\system32\fiqhlfgs.ini
C:\WINDOWS\system32\kyikvrpi.dll
C:\WINDOWS\system32\jihrwqmq.dll
C:\WINDOWS\system32\omcyibwl.ini
C:\WINDOWS\system32\phmkln.dll
C:\WINDOWS\system32\kxkgphkq.dll
C:\WINDOWS\system32\jdsyhtrr.dll
C:\WINDOWS\system32\ntcxws.dll
C:\WINDOWS\system32\gogtflpg.dll
C:\WINDOWS\system32\ydpoidih.ini
C:\WINDOWS\system32\vsalhfng.dll
C:\WINDOWS\system32\gndewlnl.ini
C:\WINDOWS\system32\vobkrdoi.dll
C:\WINDOWS\system32\nmemoh.dll
C:\WINDOWS\system32\epttasrt.dll
C:\WINDOWS\system32\icpwhfeh.ini
C:\WINDOWS\system32\knvknwjd.dll
C:\WINDOWS\system32\akcskd.dll
C:\WINDOWS\system32\kesxfccs.dll
C:\WINDOWS\system32\mskqmb.dll
C:\WINDOWS\system32\hjrcmntv.dll
C:\WINDOWS\system32\wokfjqqd.ini
C:\WINDOWS\system32\pwhepwsr.dll
C:\WINDOWS\system32\bwfytjkn.dll
C:\WINDOWS\system32\tcgqauvy.ini
C:\WINDOWS\system32\vppgnbit.dll
C:\WINDOWS\system32\hijyqy.dll
C:\WINDOWS\system32\sdxhrljf.dll
C:\WINDOWS\system32\zewzrl.dll
C:\WINDOWS\system32\hejwhasx.dll
C:\WINDOWS\system32\aqkrohsi.ini
C:\WINDOWS\system32\mcsfqram.dll
C:\WINDOWS\system32\cfioldln.ini
C:\WINDOWS\system32\qlnbcmqq.dll
C:\WINDOWS\system32\onlbgw.dll
C:\WINDOWS\system32\eysijgoc.dll
C:\WINDOWS\system32\lcisicjc.ini
C:\WINDOWS\system32\hxwaap.dll
C:\WINDOWS\system32\nrvprgka.dll
C:\WINDOWS\system32\qtpfopgn.dll
C:\WINDOWS\system32\jbksnxhl.dll
C:\WINDOWS\system32\pbbwacnk.dll
C:\WINDOWS\system32\hucofkti.dll
C:\WINDOWS\system32\cdezcp.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00F51FCC-F7C6-465A-8269-C76504C291F1}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A66A3C7-3E78-43E6-95F7-DE6A8BF9AC3D}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E538488B-36AB-42FF-8498-271810C9C599}]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E538488B-36AB-42FF-8498-271810C9C599}"=- 

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqNHwTm]

Folder::
C:\Program Files\ewido anti-spyware 4.0

Save this as CFScript

CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
 
Hello, i ran combo fix and at the end it said it was rebooting, then a blue screen came up and said " if this is the first time seeing this restart if not do following steps" I watied and it stayed in that screen so i hit the power button and restarted. Combo fix did not produce a log?
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20, on 2008-09-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1191778237\ee\AOLSoftware.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\windows\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\BigFix\BigFix.exe
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\windows\system32\svchost.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Opera\opera.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [AOLAspSunset] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1191778237\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [LVCOMSX] C:\windows\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BM57247bb3] Rundll32.exe "C:\windows\system32\euvcndwv.dll",s
O4 - HKLM\..\Run: [5417482f] rundll32.exe "C:\windows\system32\lubrmqjd.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services6] dllhosts.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/J...28/&filename=jinstall-6u7-windows-i586-jc.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Fix-It Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7396 bytes
 
i found it at c:\combofix.txt


ComboFix 08-09-26.06 - Owner 2008-09-28 9:31:12.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\windows\BM57247bb3.txt
C:\WINDOWS\system32\akcskd.dll
C:\WINDOWS\system32\aqkrohsi.ini
C:\WINDOWS\system32\blqsdmbn.dll
C:\WINDOWS\system32\bskxlmrh.ini
C:\WINDOWS\system32\btedxycx.dll
C:\WINDOWS\system32\bwfytjkn.dll
C:\WINDOWS\system32\cdezcp.dll
C:\WINDOWS\system32\cfioldln.ini
C:\WINDOWS\system32\ddLUvyay.ini
C:\WINDOWS\system32\ddLUvyay.ini2
C:\WINDOWS\system32\dldjdgpb.dll
C:\WINDOWS\system32\dowdrmdm.dll
C:\WINDOWS\system32\epttasrt.dll
C:\WINDOWS\system32\eqlrtjwc.dll
C:\WINDOWS\system32\eysijgoc.dll
C:\WINDOWS\system32\ffmlux.dll
C:\WINDOWS\system32\fiqhlfgs.ini
C:\WINDOWS\system32\frjdpkfp.dll
C:\WINDOWS\system32\gcfkfrvj.dll
C:\WINDOWS\system32\gndewlnl.ini
C:\WINDOWS\system32\gogtflpg.dll
C:\WINDOWS\system32\gsybahph.dll
C:\WINDOWS\system32\hejwhasx.dll
C:\WINDOWS\system32\hfbpzu.dll
C:\WINDOWS\system32\hggeBsPj.dll
C:\WINDOWS\system32\hijyqy.dll
C:\WINDOWS\system32\hjrcmntv.dll
C:\WINDOWS\system32\hohqil.dll
C:\WINDOWS\system32\hpepyvtt.dll
C:\WINDOWS\system32\htyoltvx.dll
C:\WINDOWS\system32\hucofkti.dll
C:\WINDOWS\system32\hxwaap.dll
C:\WINDOWS\system32\hyuxwaak.ini
C:\WINDOWS\system32\iacgms.dll
C:\WINDOWS\system32\icpwhfeh.ini
C:\WINDOWS\system32\ieencode.dll
C:\WINDOWS\system32\iiFUmMfd.dll
C:\WINDOWS\system32\iiqnshct.ini
C:\WINDOWS\system32\jahxmi.dll
C:\WINDOWS\system32\jbksnxhl.dll
C:\WINDOWS\system32\jdsyhtrr.dll
C:\WINDOWS\system32\jflphxuo.dll
C:\WINDOWS\system32\jihrwqmq.dll
C:\WINDOWS\system32\kesxfccs.dll
C:\WINDOWS\system32\khfDTNEt.dll
C:\WINDOWS\system32\knvknwjd.dll
C:\WINDOWS\system32\kugnlc.dll
C:\WINDOWS\system32\kxkgphkq.dll
C:\WINDOWS\system32\kyikvrpi.dll
C:\WINDOWS\system32\lcisicjc.ini
C:\WINDOWS\system32\leulfi.dll
C:\WINDOWS\system32\mcsfqram.dll
C:\WINDOWS\system32\mcuiivho.dll
C:\WINDOWS\system32\mdldtxkb.dll
C:\WINDOWS\system32\mdygoxfe.dll
C:\WINDOWS\system32\mskqmb.dll
C:\WINDOWS\system32\nghlvivg.dll
C:\WINDOWS\system32\niesnuco.ini
C:\WINDOWS\system32\njslkici.dll
C:\WINDOWS\system32\nmemoh.dll
C:\WINDOWS\system32\nnicsm.dll
C:\WINDOWS\system32\nnnkJAsP.dll
C:\WINDOWS\system32\nnnoLEWo.dll
C:\WINDOWS\system32\nnnoPgHA.dll
C:\WINDOWS\system32\nrvprgka.dll
C:\WINDOWS\system32\ntcxws.dll
C:\WINDOWS\system32\oikednnm.dll
C:\WINDOWS\system32\omcyibwl.ini
C:\WINDOWS\system32\onlbgw.dll
C:\WINDOWS\system32\pahqhe.dll
C:\WINDOWS\system32\pbbwacnk.dll
C:\WINDOWS\system32\phmkln.dll
C:\WINDOWS\system32\pwhepwsr.dll
C:\WINDOWS\system32\qkiizc.dll
C:\WINDOWS\system32\qlnbcmqq.dll
C:\WINDOWS\system32\qpityipw.ini
C:\WINDOWS\system32\qtpfopgn.dll
C:\WINDOWS\system32\rcajwmty.dll
C:\WINDOWS\system32\rcuiue.dll
C:\WINDOWS\system32\rgkjuxjs.dll
C:\WINDOWS\system32\rqRhIBSk.dll
C:\WINDOWS\system32\rqRIxuTM.dll
C:\WINDOWS\system32\scckgugp.ini
C:\WINDOWS\system32\sdxhrljf.dll
C:\WINDOWS\system32\srqginiw.ini
C:\WINDOWS\system32\sSmjiiIx.dll
C:\WINDOWS\system32\swgatpcp.ini
C:\WINDOWS\system32\swlhpwhw.dll
C:\WINDOWS\system32\sxksoonm.dll
C:\WINDOWS\system32\tcgqauvy.ini
C:\WINDOWS\system32\tchsnqii.dll
C:\WINDOWS\system32\tehogmas.dll
C:\WINDOWS\system32\tmgaebio.dll
C:\WINDOWS\system32\ujyjlj.dll
C:\WINDOWS\system32\vfexxy.dll
C:\WINDOWS\system32\vhypgmdj.dll
C:\WINDOWS\system32\vobkrdoi.dll
C:\WINDOWS\system32\vppgnbit.dll
C:\WINDOWS\system32\vsalhfng.dll
C:\WINDOWS\system32\winigqrs.dll
C:\WINDOWS\system32\wokfjqqd.ini
C:\WINDOWS\system32\xacykm.dll
C:\WINDOWS\system32\xcbwtqed.dll
C:\WINDOWS\system32\xIiijmSs.ini
C:\WINDOWS\system32\xIiijmSs.ini2
C:\WINDOWS\system32\XIOVxyxx.ini
C:\WINDOWS\system32\XIOVxyxx.ini2
C:\WINDOWS\system32\xjbmwcgl.dll
C:\WINDOWS\system32\xtcbmxkr.ini
C:\WINDOWS\system32\xtvdjaij.ini
C:\WINDOWS\system32\ydpoidih.ini
C:\WINDOWS\system32\ytmwjacr.ini
C:\WINDOWS\system32\yvwepumr.dll
C:\WINDOWS\system32\zewzrl.dll
.
 
Status
Not open for further replies.
Back
Top