Solved: SLOW -Malware Attack - HJT Included - Page 2

Fesheca · 03:50 AM

UGH! This has been a real doozy. We never were able to install & use ComboFix, so we couldn't use the "Run" part to uninstall it. You will probably see there's multiple programs that DrWeb had to remove and move, and that is due to so many weird things happening. I had to use a different account on the computer to access the internet to get ComboFix, and then when trying to run it, I couldn't be granted permission to do so, so we had to go back and forth several times downloading the program to different places until I could run it...I think the same thing happened with SDFix...that's why so many duplicates of the malware programs. DrWeb showed all these programs as being infected, and when they were "moved," that means they were deleted off the system along with the suspicious files right? Hope so...I still may need to go into add/remove and check to see. I hope that isn't going to cause a problem.

Just an FYI...the program "DrWeb," was a little different when we downloaded it, compared to your instructions, but I "think" we improvised ok. It took 5 hours to complete, seeming to have frozen up for two of the 5, and we were almost ready to shut it down and give up. This is a friend's computer, who has 2 older sons, and they have totally caused havoc on this thing. They need a swift kick in the rear, and i hope this teaches them a lesson. I wanted you to know, that I and their mother know that this is ridiculous & we appreciate all the help you're giving us. They have been forbidden to even touch the computer, and not to look at it either. The system is starting to work much better. At least I can get on the internet now.

Here is the DrWeb & new HiJackThis Logs. Thanks!

aolconnfix.exe;C:\;Trojan.PWS.Gamania.origin;Incurable.Moved.;
gendel32.exe;C:\;Tool.Gendel;;
FIND3M.bat;C:\327882R2FWJFW;Probably SCRIPT.Virus;;
psexec.cfexe;C:\327882R2FWJFW;Program.PsExec.171;;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer\210.5.4.4\suite;Probably BACKDOOR.Trojan;;
avinst.exe\data004;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer\210.5.4.4\suite\comps\avinst.exe;Probably BACKDOOR.Trojan;;
avinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer\210.5.4.4\suite\comps;Archive contains infected objects;Moved.;
data004\data007;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer\210.5.4.4\suite\comps\fwinst.exe\data004;Prob ably BACKDOOR.Trojan;;
data004;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer\210.5.4.4\suite\comps\fwinst.exe;Archive contains infected objects;;
fwinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer\210.5.4.4\suite\comps;Archive contains infected objects;Moved.;
ocpinst.exe\data038;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer\210.5.4.4\suite\comps\ocpinst.exe;Probably DLOADER.Trojan;;
ocpinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer\210.5.4.4\suite\comps;Archive contains infected objects;Moved.;
config.000;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1;Probably BACKDOOR.Trojan;;
avinst.exe\data004;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps\avinst.exe;Probably BACKDOOR.Trojan;;
avinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps;Archive contains infected objects;Moved.;
data004\data007;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps\fwinst.exe\data004;Probably BACKDOOR.Trojan;;
data004;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps\fwinst.exe;Archive contains infected objects;;
fwinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps;Archive contains infected objects;Moved.;
pwinst.exe\data005;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps\pwinst.exe;Probably BACKDOOR.Trojan;;
data008\data006;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps\pwinst.exe\data008;Probably BACKDOOR.Trojan;;
data008;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps\pwinst.exe;Archive contains infected objects;;
pwinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps;Archive contains infected objects;Moved.;
RegUBP2b-Barb Drudge.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Barb Drudge\Desktop\Tech Programs\SDFix.exe;Tool.Prockill;;
SDFix.exe;C:\Documents and Settings\Barb Drudge\Desktop\Tech Programs;Archive contains infected objects;Moved.;
ComboFix.exe\327882R2FWJFW\FIND3M.bat;C:\Documents and Settings\Guest\My Documents\ComboFix.exe;Probably SCRIPT.Virus;;
ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\Guest\My Documents\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\Guest\My Documents;Archive contains infected objects;Moved.;
config.000;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.0;Probably BACKDOOR.Trojan;;
avinst.exe\data004;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.0\comps\avinst.exe;Probably BACKDOOR.Trojan;;
avinst.exe;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.0\comps;Archive contains infected objects;Moved.;
data004\data007;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.0\comps\fwinst.exe\data004;Probably BACKDOOR.Trojan;;
data004;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.0\comps\fwinst.exe;Archive contains infected objects;;
fwinst.exe;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.0\comps;Archive contains infected objects;Moved.;
inst.exe;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.02;Probably BACKDOOR.Trojan;;
avinst.exe\data004;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.02\comps\avinst.exe;Probably BACKDOOR.Trojan;;
avinst.exe;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.02\comps;Archive contains infected objects;Moved.;
data004\data007;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.02\comps\fwinst.exe\data004;Probably BACKDOOR.Trojan;;
data004;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.02\comps\fwinst.exe;Archive contains infected objects;;
fwinst.exe;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.02\comps;Archive contains infected objects;Moved.;
ocpinst.exe\data038;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.02\comps\ocpinst.exe;Probably DLOADER.Trojan;;
ocpinst.exe;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.02\comps;Archive contains infected objects;Moved.;
ppctl.dll;C:\Program Files\Common Files\Scanner;Probably DLOADER.Trojan;;
mpfpinst.exe\data007;C:\Program Files\McAfee.com\mpfpinst\mpfpinst.exe;Probably BACKDOOR.Trojan;;
mpfpinst.exe;C:\Program Files\McAfee.com\mpfpinst;Archive contains infected objects;Moved.;
gendel32.ex_;C:\Program Files\SAM\setup;Tool.Gendel;;
Dc2.exe\327882R2FWJFW\FIND3M.bat;C:\RECYCLER\S-1-5-21-1009865816-3575450268-4158377749-501\Dc2.exe;Probably SCRIPT.Virus;;
Dc2.exe\327882R2FWJFW\psexec.cfexe;C:\RECYCLER\S-1-5-21-1009865816-3575450268-4158377749-501\Dc2.exe;Program.PsExec.171;;
Dc2.exe;C:\RECYCLER\S-1-5-21-1009865816-3575450268-4158377749-501;Archive contains infected objects;Moved.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Moved.;
A0250557.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP519;Trojan.Virtumod.based.18;Deleted.;
A0251628.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP520;Trojan.Virtumod.based.18;Deleted.;
A0255874.reg;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP521;Trojan.StartPage.1505;Deleted.;
A0255886.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP521;BackDoor.IRC.Chazz.38;Deleted.;
A0255887.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP521;Tool.ShutDown.11;;
A0255896.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP521;BackDoor.IRC.Chazz.38;Deleted.;
A0255897.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP521;Tool.ShutDown.11;;
A0255905.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP521;BackDoor.IRC.Chazz.38;Deleted.;
A0255906.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP521;Tool.ShutDown.11;;
A0255932.reg;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP521;Trojan.StartPage.1505;Deleted.;
A0264140.exe\327882R2FWJFW\FIND3M.bat;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP523\A0264140.exe;Probably SCRIPT.Virus;;
A0264140.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP523\A0264140.exe;Program.PsExec.171;;
A0264140.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP523;Archive contains infected objects;Moved.;
A0267465.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530;Trojan.Virtumod.based.18;Deleted.;
A0267467.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0267468.exe\data004;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530\A0267468.exe;Probably BACKDOOR.Trojan;;
A0267468.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530;Archive contains infected objects;Moved.;
data004\data007;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530\A0267469.exe\data004;Probably BACKDOOR.Trojan;;
data004;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530\A0267469.exe;Archive contains infected objects;;
A0267469.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530;Archive contains infected objects;Moved.;
A0267470.exe\data038;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530\A0267470.exe;Probably DLOADER.Trojan;;
A0267470.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530;Archive contains infected objects;Moved.;
A0267471.exe\data004;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530\A0267471.exe;Probably BACKDOOR.Trojan;;
A0267471.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530;Archive contains infected objects;Moved.;
data004\data007;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530\A0267472.exe\data004;Probably BACKDOOR.Trojan;;
data004;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530\A0267472.exe;Archive contains infected objects;;
A0267472.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530;Archive contains infected objects;Moved.;
A0267473.exe\data005;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530\A0267473.exe;Probably BACKDOOR.Trojan;;
data008\data006;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530\A0267473.exe\data008;Probably BACKDOOR.Trojan;;
data008;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530\A0267473.exe;Archive contains infected objects;;
A0267473.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530;Archive contains infected objects;Moved.;
A0267474.reg;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530;Trojan.StartPage.1505;Deleted.;
A0267475.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530\A0267475.exe;Tool.Prockill;;
A0267475.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530;Archive contains infected objects;Moved.;
A0267476.exe\data004;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530\A0267476.exe;Probably BACKDOOR.Trojan;;
A0267476.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530;Archive contains infected objects;Moved.;
data004\data007;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530\A0267477.exe\data004;Probably BACKDOOR.Trojan;;
data004;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530\A0267477.exe;Archive contains infected objects;;
A0267477.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530;Archive contains infected objects;Moved.;
A0267478.exe\data004;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530\A0267478.exe;Probably BACKDOOR.Trojan;;
A0267478.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530;Archive contains infected objects;Moved.;
data004\data007;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530\A0267479.exe\data004;Probably BACKDOOR.Trojan;;
data004;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530\A0267479.exe;Archive contains infected objects;;
A0267479.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530;Archive contains infected objects;Moved.;
A0267480.exe\data038;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530\A0267480.exe;Probably DLOADER.Trojan;;
A0267480.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530;Archive contains infected objects;Moved.;
A0267481.exe\data007;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530\A0267481.exe;Probably BACKDOOR.Trojan;;
A0267481.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530;Archive contains infected objects;Moved.;
A0267482.exe\327882R2FWJFW\FIND3M.bat;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530\A0267482.exe;Probably SCRIPT.Virus;;
A0267482.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530\A0267482.exe;Program.PsExec.171;;
A0267482.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530;Archive contains infected objects;Moved.;
akttkxhq.dll;C:\WINDOWS\system32;Trojan.Virtumod.based.18;Deleted.;
bipvignl.dll;C:\WINDOWS\system32;Trojan.Virtumod.based.18;Deleted.;
ebgnkifv.dll;C:\WINDOWS\system32;Trojan.Virtumod.based.18;Deleted.;
icpniqdw.dll;C:\WINDOWS\system32;Trojan.Virtumod.based.18;Deleted.;
nrhvetiy.dll;C:\WINDOWS\system32;Trojan.Virtumod.based.18;Deleted.;
nuxishfr.dll;C:\WINDOWS\system32;Trojan.Virtumod.based.18;Deleted.;
sbsgdfpl.dll;C:\WINDOWS\system32;Trojan.Virtumod.based.18;Deleted.;
sivhdqwm.dll;C:\WINDOWS\system32;Trojan.Virtumod.based.18;Deleted.;
vhbvygoq.dll;C:\WINDOWS\system32;Trojan.Virtumod.based.18;Deleted.;
yhoafhms.dll;C:\WINDOWS\system32;Trojan.Virtumod.based.18;Deleted.;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:38 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {9F047FC5-D057-442C-928B-5E2BCAB5D25A} - C:\WINDOWS\system32\qoMfcBTM.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - S-1-5-18 Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/pcpitstop.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://cube.northwestcollege.edu/kxhcm10.ocx
O16 - DPF: {4C563F3F-5621-4F23-BAC8-6B84DCA61AB2} (GoonzuGlobal_downloader Control) - http://cdn.goonzu.com/gscdnSkins/Goo...loader1222.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46.../bejeweled.cab
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/gh...ball/abxgh.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E6879C7-F36D-4C26-8A48-CB7428A763BC}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{94707EC3-37FE-41D2-A889-DCE653062924}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll,
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\Mabinogi\npkcmsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9573 bytes

**cybertech** · 01-Jul-2008, 01:55 PM **#17**

Kids will be kids. *sigh*

Run HJT again and put a check in the following:

O2 - BHO: (no name) - {9F047FC5-D057-442C-928B-5E2BCAB5D25A} - C:\WINDOWS\system32\qoMfcBTM.dll (file missing)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -

Close all applications and browser windows before you click "fix checked".

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Close any open browsers.
If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
Open the OTScanit folder and double-click on OTScanit.exe to start the program.
Now click the Run Scan button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file

If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.

Fesheca · 06-Jul-2008, 04:05 PM **#18**

Wow, it only took 10 seconds to run the OTScanIt program...I hope that's because we've cleaned out so much, and not because something is wrong!

A HiJackThis Log and the OTScanIt Log is attached...Thanks!

**cybertech** · 06-Jul-2008, 05:49 PM **#19**

Hijackthis looks good.

Start OTScanIt. Copy/Paste the information in the Code box below into the pane where it says "Paste fix here" and then click the Run Fix button.

Code:

[Files/Folders - Created Within 30 days]
NY -> 327882R2FWJFW -> %SystemDrive%\327882R2FWJFW
NY -> hyituixh.ini -> %SystemRoot%\System32\hyituixh.ini

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTScanIt scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Fesheca · 09-Jul-2008, 09:48 PM **#20**

Ok, I usually visit and do this, but since my friend lives in another town, I had to instruct her how to do this over the phone. Hope we did it right. They say they are seeing no other problems and the computer is working very well.

Here's the FIX scan (not much in this one) & the new OTScanIt file is attached:

[Files/Folders - Created Within 30 days]
C:\327882R2FWJFW folder moved successfully.
C:\WINDOWS\System32\hyituixh.ini moved successfully.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.16.1 fix logfile created on 07092008_202514

**cybertech** · 10-Jul-2008, 01:40 PM **#21**

Start OTScanIt. Copy/Paste the information in the Code box below into the pane where it says "Paste fix here" and then click the Run Fix button.

Code:

[Kill Explorer]
[Unregister Dlls]
[Files/Folders - Created Within 30 days]
NY -> noflwmqf.ini -> %SystemRoot%\System32\noflwmqf.ini
NY -> pvplfkof.ini -> %SystemRoot%\System32\pvplfkof.ini
NY -> tddjrgnm.ini -> %SystemRoot%\System32\tddjrgnm.ini
NY -> wmmxtrpe.ini -> %SystemRoot%\System32\wmmxtrpe.ini
NY -> xuswtqed.ini -> %SystemRoot%\System32\xuswtqed.ini
NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 days]
NY -> sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm
NY -> sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm
NY -> sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm
NY -> sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm
NY -> sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm
NY -> sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm
NY -> sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm
NY -> sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm
NY -> sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm
NY -> sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm
NY -> sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm
NY -> sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm
NY -> sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm
NY -> sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm
NY -> sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm
NY -> sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm
NY -> sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm
NY -> sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm
NY -> sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm
NY -> sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm
NY -> sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm
NY -> sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm
NY -> sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm
NY -> sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm
NY -> sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm
NY -> sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm
NY -> sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm
NY -> sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm
NY -> sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm
NY -> sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm
NY -> sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm
NY -> sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm
NY -> sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm
NY -> sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm
NY -> sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm
NY -> sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm
NY -> sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm
NY -> sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> MTBcfMoq.ini -> %SystemRoot%\System32\MTBcfMoq.ini
NY -> MTBcfMoq.ini2 -> %SystemRoot%\System32\MTBcfMoq.ini2
NY -> noflwmqf.ini -> %SystemRoot%\System32\noflwmqf.ini
NY -> pvplfkof.ini -> %SystemRoot%\System32\pvplfkof.ini
NY -> tddjrgnm.ini -> %SystemRoot%\System32\tddjrgnm.ini
NY -> WINCNMDB.DLL -> %SystemRoot%\System32\WINCNMDB.DLL
NY -> wmmxtrpe.ini -> %SystemRoot%\System32\wmmxtrpe.ini
NY -> xuswtqed.ini -> %SystemRoot%\System32\xuswtqed.ini
NY -> BM7f4a93ad.xml -> %SystemRoot%\BM7f4a93ad.xml
NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> pskt.ini -> %SystemRoot%\pskt.ini
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTScanIt scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Fesheca · 10-Jul-2008, 10:43 PM **#22**

When first running the fix, an error message came up saying an image was not a windows file, and referred to a .dll I asked her if she got all of the code pasted in, and it turned out that she didn't. Didn't know what to do at that point, so I had her close OTScanIt out....when doing so, the first Notepad log came up & I had her save it.---no reboot was done at that point.

Then I had her restart OTScanit, and made sure she pasted the "whole" code into the box, and run the fix again...that worked fine, and after rebooting, we got the second Notepad log which I had her save with a small "a" at the end of the file name. Those are attached in case you need to look at both, along with the new OTScanIt log.

I am suspecting that something isn't right because of the way the first scan turned out.
So far, the computer is running very well. No problems reported. We will rerun everything again if you need us to do so. Thank you!

**cybertech** · 11-Jul-2008, 08:24 AM **#23**

Logs look fine. Please post a new hijackthis log.

Fesheca · 12-Jul-2008, 01:42 PM **#24**

Hopefully this will do it! They say they aren't having any further problems pop up.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:47 PM, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/pcpitstop.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://cube.northwestcollege.edu/kxhcm10.ocx
O16 - DPF: {4C563F3F-5621-4F23-BAC8-6B84DCA61AB2} (GoonzuGlobal_downloader Control) - http://cdn.goonzu.com/gscdnSkins/Goo...loader1222.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46.../bejeweled.cab
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/gh...ball/abxgh.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E6879C7-F36D-4C26-8A48-CB7428A763BC}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{94707EC3-37FE-41D2-A889-DCE653062924}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll,
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\Mabinogi\npkcmsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8781 bytes

**cybertech** · 12-Jul-2008, 02:50 PM **#25**

Looks fine.

You should remove all of the tools I requested you to download and/or folders associated with them now. It is pointless to keep these tools around as they are updated so frequently that the tools can be outdated within a few days, sometimes within just hours.

OTMoveIt2 by OldTimer has a CleanUp! option you can use to remove most of the fixes and associated files and folders.

Make sure you have an Internet Connection.
Double-click OTMoveIt2.exe to run it.
Click on the CleanUp! button
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
Click Yes to beging the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

It's a good idea to Flush your System Restore after removing malware:
Turn off system restore, restart the machine and then turn it back on: http://support.microsoft.com/kb/310405

Now you should Clean up your PC

Here are some additional links for you to check out to help you with your computer security.

How did I get infected in the first place.

Secunia software inspector & update checker

Good free tools and advice on how to tighten your security settings.

Security Help Tools

Also check out TSG Library of Knowledge It's new but we hope to get more information added there.

Search
Search in:
Show Threads Show Posts
Advanced Search

Tag Cloud
acer blue screen boot computer connection cpu crash css dell display driver drivers email error ethernet excel firefox firefox 3 game hard drive hardware internet internet explorer itunes laptop lcd malware monitor network networking outlook outlook 2003 outlook express password printer problem problems router security slow software sound trojan usb video virus vista windows windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)