More viruses and things.

Unknown · July 2007

This is a different computer, so its completely separate from anything on my other thread.

I have several different popups, My Documents freezes and closes itself automatically about 3/4 of the time right when I open it and kills explorer.exe until it reloads itself.
The computer is very slow now.
I have no anti-virus currently.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:08 AM, on 7/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\HPHipm11.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://music.yahoo.com/
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\winBAC.tmp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [UpgConfVer] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\UpgConf.exe" /v:10.02.00
O4 - HKLM\..\Run: [PPFW] c:\program files\panda software\panda platinum 2006 internet security\firewall\PPFW.EXE PPFW.EXE /cmd:allowpandarules /prod:platinum /mod:3 /flg:2 /ver:10.2.0
O4 - HKLM\..\Run: [spoolsev] C:\WINDOWS\system32\javaup.exe
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\apvlhgrb.dll",forkonce
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\system32\TSKS~1\winword.exe" -vt yazb
O4 - HKLM\..\Policies\Explorer\Run: [svchost.exe] C:\WINDOWS\svchost.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182629349421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182631205140
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - F:\Programs\Alcohol\StarWind\StarWindService.exe (file missing)

--
End of file - 4563 bytes

Nuppi · July 2007

Hi bowhuntakilla,

And welcome to icrontic.

First, rename hijackthis to scanner

Second:
Please, Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

bowhuntakilla · July 2007

Combofix

"Dan" - 2007-07-25 9:57:36 [GMT -7:00] - ComboFix 07-07-24 - Service Pack 2 NTFS

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\lbwubbpn.dll
C:\WINDOWS\system32\lfonkiyd.dll
C:\WINDOWS\system32\mhfqkscy.dll
C:\WINDOWS\system32\thrvgeyp.dll
C:\WINDOWS\system32\tjwfuvvi.dll
C:\WINDOWS\system32\yrbqusus.dll
C:\WINDOWS\system32\moyynxjp.dll
C:\WINDOWS\system32\sugbfsaq.dll
C:\WINDOWS\system32\bbadd.bak1
C:\WINDOWS\system32\bbadd.ini
C:\WINDOWS\system32\cccdd.bak1
C:\WINDOWS\system32\cccdd.bak2
C:\WINDOWS\system32\cccdd.ini
C:\WINDOWS\system32\cccdd.ini2
C:\WINDOWS\system32\cccdd.tmp
C:\WINDOWS\system32\npbbuwbl.ini
C:\WINDOWS\system32\dyiknofl.ini
C:\WINDOWS\system32\ycskqfhm.ini
C:\WINDOWS\system32\pyegvrht.ini
C:\WINDOWS\system32\ivvufwjt.ini
C:\WINDOWS\system32\susuqbry.ini
C:\WINDOWS\system32\cccdd.bak1
C:\WINDOWS\system32\cccdd.bak2
C:\WINDOWS\system32\cccdd.ini
C:\WINDOWS\system32\cccdd.ini2
C:\WINDOWS\system32\cccdd.tmp
C:\WINDOWS\system32\cccdd.bak1
C:\WINDOWS\system32\cccdd.bak2
C:\WINDOWS\system32\cccdd.ini
C:\WINDOWS\system32\cccdd.ini2
C:\WINDOWS\system32\cccdd.tmp
C:\WINDOWS\system32\ddccc.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Mike\APPLIC~1\SpamBlockerUtility
C:\DOCUME~1\Mike\APPLIC~1\SpamBlockerUtility\SpamBlockerUtility.log
C:\DOCUME~1\Mom\APPLIC~1\SpamBlockerUtility
C:\DOCUME~1\Mom\APPLIC~1\SpamBlockerUtility\SpamBlockerUtility.log
C:\Program Files\spamblockerutility
C:\Program Files\spamblockerutility\Bin\4.8.4.0\1_Trash.wav
C:\Program Files\spamblockerutility\Bin\4.8.4.0\2_Balloon.wav
C:\Program Files\spamblockerutility\Bin\4.8.4.0\3_Shot Gun.wav
C:\WINDOWS\system32\aistjgxr.exe
C:\WINDOWS\system32\aspqvmqb.exe
C:\WINDOWS\system32\bayoobwt.exe
C:\WINDOWS\system32\bwriajcj.exe
C:\WINDOWS\system32\cjjhxtvg.exe
C:\WINDOWS\system32\cshnfypg.exe
C:\WINDOWS\system32\euverdlq.exe
C:\WINDOWS\system32\fbgklats.exe
C:\WINDOWS\system32\fyoomxko.exe
C:\WINDOWS\system32\gmc.exe.exe
C:\WINDOWS\system32\hdltftlq.exe
C:\WINDOWS\system32\ixqpktof.exe
C:\WINDOWS\system32\jfoseyrs.exe
C:\WINDOWS\system32\jftqvkte.exe
C:\WINDOWS\system32\kbtnwdig.exe
C:\WINDOWS\system32\kmyjwrnb.exe
C:\WINDOWS\system32\ksdqfvfk.exe
C:\WINDOWS\system32\kxhjeopq.exe
C:\WINDOWS\system32\kxvioyvf.exe
C:\WINDOWS\system32\lckgpsdw.exe
C:\WINDOWS\system32\lwlvkepf.exe
C:\WINDOWS\system32\mit.bat
C:\WINDOWS\system32\mwgncvka.exe
C:\WINDOWS\system32\nfutpvca.exe
C:\WINDOWS\system32\nliyjiae.exe
C:\WINDOWS\system32\nvlctmoe.exe
C:\WINDOWS\system32\nxtneihl.exe
C:\WINDOWS\system32\oqnjccsl.exe
C:\WINDOWS\system32\owdvjseg.exe
C:\WINDOWS\system32\pcxbkrot.exe
C:\WINDOWS\system32\qcifosbs.exe
C:\WINDOWS\system32\qfyrdymm.exe
C:\WINDOWS\system32\qudbkjjd.exe
C:\WINDOWS\system32\qyfrjwmk.exe
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\tsks~1
C:\WINDOWS\system32\usvhwbsy.exe
C:\WINDOWS\system32\vkfmqvas.exe
C:\WINDOWS\system32\vmlmclle.exe
C:\WINDOWS\system32\vshevbjy.exe
C:\WINDOWS\system32\vuqahxoj.exe
C:\WINDOWS\system32\vvbumxqq.exe
C:\WINDOWS\system32\vwytriat.exe
C:\WINDOWS\system32\wdyqmsrk.exe
C:\WINDOWS\system32\windev-peers.ini
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\wjmnyoej.exe
C:\WINDOWS\system32\yilocutj.exe

((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 )))))))))))))))))))))))))))))))

2007-07-25 09:56 51,200 --a

C:\WINDOWS\nircmd.exe
2007-07-25 00:32 126,016 --a

C:\WINDOWS\system32\hyrjcqsd.dll
2007-07-25 00:28 126,016 --a

C:\WINDOWS\system32\miybihbl.dll
2007-07-24 00:09 126,016 --a

C:\WINDOWS\system32\lwlvdxaq.dll
2007-07-23 22:47 126,016 --a

C:\WINDOWS\system32\heigdafj.dll
2007-07-23 19:41 126,016 --a

C:\WINDOWS\system32\wuldipgo.dll
2007-07-23 15:39 126,016 --a

C:\WINDOWS\system32\fcswsedx.dll
2007-07-23 15:22 126,016 --a

C:\WINDOWS\system32\nkxygqgf.dll
2007-07-23 12:05 126,016 --a

C:\WINDOWS\system32\dgbgpdwc.dll
2007-07-23 10:54 126,016 --a

C:\WINDOWS\system32\kiijdrho.dll
2007-07-23 10:52 <DIR> d

C:\Program Files\Trend Micro
2007-07-23 10:49 126,016 --a

C:\WINDOWS\system32\apvlhgrb.dll
2007-07-23 10:19 126,016 --a

C:\WINDOWS\system32\tcokmlts.dll
2007-07-23 09:47 126,016 --a

C:\WINDOWS\system32\trgoomrr.dll
2007-07-21 01:44 <DIR> d

C:\DOCUME~1\Jeremy\APPLIC~1\Talkback
2007-07-15 15:57 <DIR> d---s---- C:\DOCUME~1\Mom\UserData
2007-07-15 15:48 <DIR> d

C:\DOCUME~1\Mom\APPLIC~1\Share-to-Web Upload Folder
2007-07-15 10:29 147,340 --a

C:\WINDOWS\system32\drivers\APPFCONT.DAT
2007-07-10 12:20 <DIR> d

C:\DOCUME~1\Dan\APPLIC~1\DAEMON Tools Pro
2007-07-10 12:15 <DIR> d

C:\Program Files\DAEMON Tools Pro
2007-07-10 12:15 <DIR> d

C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Pro
2007-07-10 12:09 3,670,016 --a

C:\DOCUME~1\Dan\ntuser.dat
2007-07-10 00:15 26,752 -ra

C:\WINDOWS\system32\drivers\ShldDrv.sys
2007-07-10 00:15 163,856 -ra

C:\WINDOWS\system32\drivers\PavProc.sys
2007-07-09 21:35 0 --a

C:\WINDOWS\system32\drivers\wnmsav.dat
2007-07-09 21:27 4,682 --a

C:\WINDOWS\system32\npptNT2.sys
2007-07-09 21:11 <DIR> d

C:\ijji
2007-07-09 20:45 <DIR> d--h

C:\DOCUME~1\Dan\APPLIC~1\ijjigame
2007-07-09 12:12 639,224 --a

C:\WINDOWS\system32\drivers\sptd.sys
2007-07-09 11:20 <DIR> d

C:\WINDOWS\.jagex_cache_32
2007-07-08 22:56 <DIR> d

C:\DOCUME~1\Dan\APPLIC~1\ACD Systems
2007-07-08 22:55 <DIR> d

C:\Program Files\Common Files\ACD Systems
2007-07-08 22:55 <DIR> d

C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
2007-07-07 22:35 <DIR> d

C:\DOCUME~1\Dan\APPLIC~1\MySpace
2007-07-07 13:22 5,632 --a

C:\WINDOWS\system32\ptpusb.dll
2007-07-07 13:22 159,232 --a

C:\WINDOWS\system32\ptpusd.dll
2007-07-07 13:22 15,104 --a

C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-06 13:16 <DIR> d

C:\DOCUME~1\Jeremy\APPLIC~1\Share-to-Web Upload Folder
2007-07-05 14:55 7,987 --a

C:\WINDOWS\system32\pyuvpimo.exe
2007-07-05 14:49 <DIR> d---s---- C:\DOCUME~1\Mike\UserData
2007-07-05 14:26 <DIR> d

C:\DOCUME~1\Mike\APPLIC~1\Talkback
2007-07-05 14:24 786,432 --ah

C:\DOCUME~1\Mike\ntuser.dat
2007-07-05 14:24 <DIR> d

C:\DOCUME~1\Mike\APPLIC~1\Share-to-Web Upload Folder
2007-07-03 11:36 <DIR> d--h

C:\WINDOWS\PIF
2007-07-03 10:09 <DIR> d

C:\DOCUME~1\Dan\APPLIC~1\Share-to-Web Upload Folder
2007-07-03 10:08 <DIR> d

C:\Program Files\Hewlett-Packard
2007-07-03 10:04 <DIR> d

C:\Program Files\HP Photosmart 11
2007-06-28 11:20 786,432 --ah

C:\DOCUME~1\Jeremy\ntuser.dat
2007-06-27 16:44 786,432 --ah

C:\DOCUME~1\Mom\ntuser.dat
2007-06-27 16:44 221,184 --a

C:\WINDOWS\system32\wmpns.dll
2007-06-25 00:42 23,808 --a

C:\WINDOWS\system32\drivers\Dot4usb.sys
2007-06-25 00:42 207,360 --a

C:\WINDOWS\system32\drivers\Dot4.sys
2007-06-25 00:42 12,928 --a

C:\WINDOWS\system32\drivers\Dot4Prt.sys

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-24 03:48:58

d

w C:\DOCUME~1\Dan\APPLIC~1\uTorrent
2007-07-16 23:06:52

d

w C:\Program Files\Warcraft III
2007-07-16 22:28:05

d

w C:\Program Files\Common Files\Panda Software
2007-07-16 22:27:05

d

w C:\Program Files\Common Files\InstallShield
2007-07-16 22:23:41 1,084 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
2007-07-15 19:48:57

d

w C:\Program Files\iTunes
2007-07-13 03:11:33

d--h--w C:\Program Files\InstallShield Installation Information
2007-07-10 07:27:24

d

w C:\Program Files\QuickTime
2007-07-10 07:16:20

d

w C:\Program Files\MSN Messenger
2007-07-10 05:48:20 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-05 22:37:16

d

w C:\Program Files\Messenger
2007-06-25 04:56:37

d

w C:\DOCUME~1\Dan\APPLIC~1\vlc
2007-06-25 02:38:54 1,286 ----a-w C:\WINDOWS\mozver.dat
2007-06-24 22:00:25 30,839 ----a-w C:\WINDOWS\DIIUnin.dat
2007-06-24 21:46:13 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll
2007-06-24 21:46:12 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll
2007-06-24 21:46:12 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll
2007-06-24 21:09:44 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2007-06-24 21:09:44 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2007-06-24 07:53:27

d

w C:\DOCUME~1\Dan\APPLIC~1\Apple Computer
2007-06-24 07:31:18

d

w C:\DOCUME~1\Dan\APPLIC~1\Google
2007-06-24 07:30:52

d

w C:\Program Files\Google
2007-06-24 05:30:58

d

w C:\Program Files\iPod
2007-06-24 05:30:04

d

w C:\Program Files\Apple Software Update
2007-06-24 03:13:16

d

w C:\DOCUME~1\Dan\APPLIC~1\Ventrilo
2007-06-24 00:45:58

d

w C:\Program Files\WC3Banlist
2007-06-24 00:45:46

d

w C:\Program Files\WinPcap
2007-06-23 22:00:11

d

w C:\Program Files\Ventrilo
2007-06-23 21:59:59

d

w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-23 21:50:09

d

w C:\Program Files\Yahoo!
2007-06-23 21:37:32

d

w C:\Program Files\Windows Media Connect 2
2007-06-23 21:02:57

d

w C:\Program Files\Movie Maker
2007-06-23 21:01:01

d

w C:\Program Files\Windows NT
2007-06-23 20:54:52

d

w C:\DOCUME~1\Dan\APPLIC~1\WinRAR
2007-06-23 19:43:44 92,926 ----a-w C:\WINDOWS\War3Unin.dat
2007-06-23 18:42:00 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2007-06-23 18:42:00 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2007-06-23 18:18:39

d

w C:\Program Files\Panda Software
2007-06-23 18:06:23 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-06-23 18:06:08

d

w C:\Program Files\ATI Technologies
2007-06-23 17:57:57

d

w C:\Program Files\Combined Community Codec Pack
2007-06-23 08:49:21

d

w C:\DOCUME~1\Dan\APPLIC~1\Talkback
2007-06-23 08:49:15 0 ----a-w C:\WINDOWS\nsreg.dat
2007-06-23 08:40:45 552 ----a-w C:\WINDOWS\system32\d3d8caps.dat
2007-06-23 08:04:44

d

w C:\Program Files\CONEXANT
2007-06-23 07:31:30

d

w C:\Program Files\Intel
2007-06-23 07:25:23

d

w C:\Program Files\Analog Devices
2007-06-23 07:23:03

d

w C:\DOCUME~1\Dan\APPLIC~1\GTek
2007-06-23 07:23:01

d

w C:\Program Files\DellConnect
2007-06-23 06:56:29

d

w C:\Program Files\microsoft frontpage
2007-06-23 06:52:08 0 --sha-r C:\MSDOS.SYS
2007-06-23 06:52:08 0 --sha-r C:\IO.SYS
2007-06-23 06:52:08 0 ----a-w C:\CONFIG.SYS
2007-06-23 06:52:08 0 ----a-w C:\AUTOEXEC.BAT
2007-06-23 06:50:09

d

w C:\Program Files\Common Files\MSSoap
2007-06-23 06:49:37 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-06-23 06:48:51

d--h--w C:\Program Files\WindowsUpdate
2007-06-23 06:48:51

d

w C:\Program Files\Online Services
2007-06-23 06:48:42

d

w C:\Program Files\MSN Gaming Zone
2007-06-22 23:43:45

d

w C:\Program Files\Common Files\ODBC
2007-06-22 23:43:42

d

w C:\Program Files\Common Files\SpeechEngines
2007-06-01 02:30:22 266,088 ----a-w C:\WINDOWS\system32\xactengine2_8.dll
2007-06-01 02:30:16 66,408 ----a-w C:\WINDOWS\system32\dxdllreg.exe
2007-06-01 02:29:42 18,280 ----a-w C:\WINDOWS\system32\x3daudio1_2.dll
2007-05-16 23:45:16 443,752 ----a-w C:\WINDOWS\system32\d3dx10_34.dll
2007-05-16 23:45:16 3,497,832 ----a-w C:\WINDOWS\system32\d3dx9_34.dll
2007-05-16 23:45:16 1,124,720 ----a-w C:\WINDOWS\system32\D3DCompiler_34.dll
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77701e16-9bfe-4b63-a5b4-7bd156758a37}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 21:05]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 12:50]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42]
"UpgConfVer"="C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\UpgConf.exe" []
"PPFW"="c:\program files\panda software\panda platinum 2006 internet security\firewall\PPFW.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmljk]
nnnmljk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwim32]
winwim32.dll

R1 AFD;AFD Networking Support Environment;C:\WINDOWS\system32\drivers\afd.sys
R1 mnmdd;mnmdd;C:\WINDOWS\system32\drivers\mnmdd.sys
R1 Npfs;Npfs;C:\WINDOWS\system32\drivers\Npfs.sys
R2 lanmanserver;Server;C:\WINDOWS\System32\svchost.exe -k netsvcs
R2 lanmanworkstation;Workstation;C:\WINDOWS\System32\svchost.exe -k netsvcs
R2 winmgmt;Windows Management Instrumentation;C:\WINDOWS\system32\svchost.exe -k netsvcs
R3 Dot4 HPH11;Dot4 HPH11;C:\WINDOWS\system32\DRIVERS\hphid411.sys
R3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11;C:\WINDOWS\system32\DRIVERS\hphipr11.sys
R3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11);C:\WINDOWS\system32\Drivers\hphs2k11.sys
R3 Dot4Usb HPH11;Dot4Usb HPH11;C:\WINDOWS\system32\drivers\hphius11.sys
R3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
R3 wdmaud;Microsoft WINMM WDM Audio Compatibility Driver;C:\WINDOWS\system32\drivers\wdmaud.sys
S2 GSDQZIYZ;GSDQZIYZ;\??\C:\WINDOWS\system32\gsdqziyz.wbi
S2 windev-7211-1f5f;windev-7211-1f5f;\??\C:\WINDOWS\system32\windev-7211-1f5f.sys
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys
S3 bvrp_pci;bvrp_pci;\??\C:\WINDOWS\System32\drivers\bvrp_pci.sys
S3 dot4;MS IEEE-1284.4 Driver;C:\WINDOWS\system32\DRIVERS\Dot4.sys
S3 Dot4Print;Print Class Driver for IEEE-1284.4;C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
S3 dot4usb;Dot4USB Filter Dot4USB Filter;C:\WINDOWS\system32\DRIVERS\dot4usb.sys
S3 dump_wmimmc;dump_wmimmc;\??\C:\ijji\ENGLISH\U_SF\GameGuard\dump_wmimmc.sys
S3 mnmsrvc;NetMeeting Remote Desktop Sharing;C:\WINDOWS\System32\mnmsrvc.exe
S3 nm;Network Monitor Driver;C:\WINDOWS\system32\DRIVERS\NMnt.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 NPPTNT2;NPPTNT2;\??\C:\WINDOWS\system32\npptNT2.sys
S3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\system32\PavSRK.sys
S3 vaxscsi;vaxscsi;C:\WINDOWS\system32\Drivers\vaxscsi.sys
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment;C:\WINDOWS\system32\drivers\ws2ifsl.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0bb47c4-2e51-11dc-bbd8-0007e94df883}]
AutoRun\command- H:\autorun.exe

Contents of the 'Scheduled Tasks' folder
2007-07-23 01:30:05 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-25 10:03:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-25 10:04:50 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-25 10:04

--- E O F ---

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:20 AM, on 7/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://music.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [UpgConfVer] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\UpgConf.exe" /v:10.02.00
O4 - HKLM\..\Run: [PPFW] c:\program files\panda software\panda platinum 2006 internet security\firewall\PPFW.EXE PPFW.EXE /cmd:allowpandarules /prod:platinum /mod:3 /flg:2 /ver:10.2.0
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182629349421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182631205140
O20 - Winlogon Notify: nnnmljk - nnnmljk.dll (file missing)
O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - F:\Programs\Alcohol\StarWind\StarWindService.exe (file missing)

--
End of file - 4361 bytes

Nuppi · July 2007

Hi, there was lot off lurks

Open Notepad and copy and paste quote boxes text:

2007-07-25 00:32 126,016 --a
C:\WINDOWS\system32\hyrjcqsd.dll
2007-07-25 00:28 126,016 --a
C:\WINDOWS\system32\miybihbl.dll
2007-07-24 00:09 126,016 --a
C:\WINDOWS\system32\lwlvdxaq.dll
2007-07-23 22:47 126,016 --a
C:\WINDOWS\system32\heigdafj.dll
2007-07-23 19:41 126,016 --a
C:\WINDOWS\system32\wuldipgo.dll
2007-07-23 15:39 126,016 --a
C:\WINDOWS\system32\fcswsedx.dll
2007-07-23 15:22 126,016 --a
C:\WINDOWS\system32\nkxygqgf.dll
2007-07-23 12:05 126,016 --a
C:\WINDOWS\system32\dgbgpdwc.dll
2007-07-23 10:54 126,016 --a
C:\WINDOWS\system32\kiijdrho.dll
2007-07-23 10:49 126,016 --a
C:\WINDOWS\system32\apvlhgrb.dll
2007-07-23 10:19 126,016 --a
C:\WINDOWS\system32\tcokmlts.dll
2007-07-23 09:47 126,016 --a
C:\WINDOWS\system32\trgoomrr.dll

Save to nameCFScript

Then drag and drop CFScript to ComboFix.exe As shows below.

Reboot your comp and send contens off combofix.txt file to responce.

bowhuntakilla · July 2007

"Dan" - 2007-07-30 17:08:50 [GMT -7:00] - ComboFix 07-07-24 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Dan\Desktop\CFScript.txt

((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-31 )))))))))))))))))))))))))))))))

2007-07-25 09:56 51,200 --a