1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

suddenly there was some new software on my computer giving me trouble

Discussion in 'Virus & Other Malware Removal' started by RPMc, Nov 5, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. RPMc

    RPMc Thread Starter

    Joined:
    Oct 14, 2007
    Messages:
    15
    :mad: I walked away from my computer and when i came back i have software called: spyware pro,:confused: mailware alarm and now I seem to be having problems. I dont have any idea where these programs came from I tried to uninstall but they came back, I tried to use a previous restore point but they were there too so please help me.
    Thanks,
    Randy

    here is the HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 1:51:29 AM, on 11/5/2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\COMMON~1\SPYGUA~1\ugcw.exe
    C:\Program Files\Common Files\SpyGuardPro\bm.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\SecCenter\scprot4.exe
    C:\WINDOWS\avp.exe
    C:\WINDOWS\System32\regsvr32.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\WinAble\winable.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\mgrs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Comcast\Desktop Doctor\agent\bin\bcont_nm.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
    O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - C:\WINDOWS\system32\xxyxxur.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: 0 - {DB166F9C-4C49-42B1-E2A2-9230DE6DB172} - C:\Program Files\Windows NT\woquceq555.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
    O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
    O4 - HKLM\..\Run: [SpyGuardPro] C:\Program Files\SpyGuardPro\pgs.exe
    O4 - HKLM\..\Run: [ugcw] "C:\PROGRA~1\COMMON~1\SPYGUA~1\ugcw.exe" -start
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SpyGuardPro\bm.exe" dm=http://spyguardpro.com; ad=http://spyguardpro.com
    O4 - HKLM\..\Run: [snsbmjub] rundll32.exe "C:\Program Files\nifsncxi\lslexyvc.dll",Init
    O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
    O4 - HKLM\..\Run: [jivmvmrq] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\jivmvmrq.dll"
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    O4 - HKCU\..\Run: [Moas] "C:\DOCUME~1\RPM\APPLIC~1\YMBOLS~1\msdtc.exe" -vt yazb
    O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
    O4 - HKCU\..\Run: [Rbzafiu] C:\WINDOWS\A?pPatch\t?skmgr.exe
    O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
    O4 - HKCU\..\Run: [MalwareAlarm] C:\Program Files\MalwareAlarm\MalwareAlarm.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file)
    O9 - Extra 'Tools' menuitem: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
    O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
    O20 - Winlogon Notify: winndy32 - C:\WINDOWS\SYSTEM32\winndy32.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O20 - Winlogon Notify: xxyxxur - C:\WINDOWS\SYSTEM32\xxyxxur.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UmFuZHkgTWNDdWxseQ\command.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - Unknown owner - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe" /service /P ddoctorv2 (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    Let me know where to start you guys have been a tremendous help to me in the past.
     
  2. RPMc

    RPMc Thread Starter

    Joined:
    Oct 14, 2007
    Messages:
    15
    It also has removed my desktop wall paper
     
  3. RPMc

    RPMc Thread Starter

    Joined:
    Oct 14, 2007
    Messages:
    15
    Please HELP I'm drowning I just came home from work and things are even worse.
     
  4. RPMc

    RPMc Thread Starter

    Joined:
    Oct 14, 2007
    Messages:
    15
    combo fix log:

    ComboFix 07-11-06.3 - RPM 2007-11-06 1:15:30.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.941 [GMT -6:00]
    Running from: C:\Documents and Settings\RPM\My Documents\MyDownloads\VirusFIX\ComboFix.exe
    * Created a new restore point
    .

    Unable to gain System Privileges

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data.\jivmvmrq.dll
    C:\Documents and Settings\All Users\Application Data.\salesmonitor
    C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
    C:\Documents and Settings\LocalService\Application Data\NetMon
    C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
    C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
    C:\Documents and Settings\RPM\Application Data\YMBOLS~1
    C:\Documents and Settings\RPM\Application Data\YMBOLS~1\?ymbols\
    C:\Documents and Settings\RPM\Desktop\Live Safety Center.lnk
    C:\Documents and Settings\RPM\Desktop\Online Security Guide.lnk
    C:\Documents and Settings\RPM\Favorites\Online Security Guide.lnk
    C:\Documents and Settings\RPM\Start Menu\Programs\Outerinfo
    C:\Documents and Settings\RPM\Start Menu\Programs\Outerinfo\Terms.lnk
    C:\Documents and Settings\RPM\Start Menu\Programs\Outerinfo\Uninstall.lnk
    C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
    C:\Program Files\Common Files\Yazzle1549OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
    C:\Program Files\folder.js\
    C:\Program Files\ini.ini\
    C:\Program Files\network monitor
    C:\Program Files\network monitor\netmon.exe
    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\FF\chrome.manifest
    C:\Program Files\outerinfo\FF\components\FF.dll
    C:\Program Files\SecCenter
    C:\Program Files\SecCenter\scprot4.exe.bak
    C:\Program Files\Temporary
    C:\Program Files\Temporary\wininstall.exe
    C:\Program Files\ucleaner_setup.exe
    C:\Program Files\Ultimate Cleaner
    C:\Program Files\WinAble
    C:\Program Files\WinAble\winable.exe
    C:\Program Files\Windows NT\woquceq.dll
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\UGA6P
    C:\WINDOWS\appatc~1
    C:\WINDOWS\appatc~1\t?skmgr.exe
    C:\WINDOWS\avp.exe
    C:\WINDOWS\Casino.ico
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\Free Online Dating.ico
    C:\WINDOWS\mgrs.exe
    C:\WINDOWS\Spyware Remover.ico
    C:\WINDOWS\system32\atmtd.dll
    C:\WINDOWS\system32\bvgevqai
    C:\WINDOWS\system32\bvgevqai\bg1.gif
    C:\WINDOWS\system32\bvgevqai\bgtop.gif
    C:\WINDOWS\system32\bvgevqai\bottom1.gif
    C:\WINDOWS\system32\bvgevqai\bvgevqai1.exe
    C:\WINDOWS\system32\bvgevqai\bvgevqai2.exe
    C:\WINDOWS\system32\bvgevqai\bvgevqai3.exe
    C:\WINDOWS\system32\bvgevqai\essentials.gif
    C:\WINDOWS\system32\bvgevqai\icon1.ico
    C:\WINDOWS\system32\bvgevqai\install1.gif
    C:\WINDOWS\system32\bvgevqai\left1.gif
    C:\WINDOWS\system32\bvgevqai\li.gif
    C:\WINDOWS\system32\bvgevqai\logo.gif
    C:\WINDOWS\system32\bvgevqai\main.htm
    C:\WINDOWS\system32\bvgevqai\mainframe.htm
    C:\WINDOWS\system32\bvgevqai\reinstall1.gif
    C:\WINDOWS\system32\bvgevqai\right1.gif
    C:\WINDOWS\system32\bvgevqai\s1.htm
    C:\WINDOWS\system32\bvgevqai\s2.htm
    C:\WINDOWS\system32\bvgevqai\s3.htm
    C:\WINDOWS\system32\bvgevqai\SMTop1.gif
    C:\WINDOWS\system32\bvgevqai\SMTop2.gif
    C:\WINDOWS\system32\bvgevqai\SMTop3.gif
    C:\WINDOWS\system32\bvgevqai\SMTop4.gif
    C:\WINDOWS\system32\bvgevqai\soft1_off.gif
    C:\WINDOWS\system32\bvgevqai\soft1_off_ext.gif
    C:\WINDOWS\system32\bvgevqai\soft1_on.gif
    C:\WINDOWS\system32\bvgevqai\soft1_on_ext.gif
    C:\WINDOWS\system32\bvgevqai\soft2_off.gif
    C:\WINDOWS\system32\bvgevqai\soft2_off_ext.gif
    C:\WINDOWS\system32\bvgevqai\soft2_on.gif
    C:\WINDOWS\system32\bvgevqai\soft2_on_ext.gif
    C:\WINDOWS\system32\bvgevqai\soft3_off.gif
    C:\WINDOWS\system32\bvgevqai\soft3_off_ext.gif
    C:\WINDOWS\system32\bvgevqai\soft3_on.gif
    C:\WINDOWS\system32\bvgevqai\soft3_on_ext.gif
    C:\WINDOWS\system32\bvgevqai\softbottom_off.gif
    C:\WINDOWS\system32\bvgevqai\softbottom_on.gif
    C:\WINDOWS\system32\bvgevqai\softleft_off.gif
    C:\WINDOWS\system32\bvgevqai\softleft_on.gif
    C:\WINDOWS\system32\bvgevqai\top1.gif
    C:\WINDOWS\system32\bvgevqai\top2.gif
    C:\WINDOWS\system32\bvgevqai\turnoff1.gif
    C:\WINDOWS\system32\bvgevqai\turnon1.gif
    C:\WINDOWS\system32\drivers\fmtr.sys
    C:\WINDOWS\system32\egjlm.bak1
    C:\WINDOWS\system32\egjlm.ini
    C:\WINDOWS\system32\egjlm.ini2
    C:\WINDOWS\system32\egjlm.tmp
    C:\WINDOWS\system32\gjllm.bak1
    C:\WINDOWS\system32\gjllm.ini
    C:\WINDOWS\system32\jmhlhzlp.dllbox
    C:\WINDOWS\system32\ldcore.dll
    C:\WINDOWS\system32\ldinfo.ldr
    C:\WINDOWS\system32\m2
    C:\WINDOWS\system32\meporbgw.exe
    C:\WINDOWS\system32\mlljg.dll
    C:\WINDOWS\system32\mlnmp.bak1
    C:\WINDOWS\system32\mlnmp.bak2
    C:\WINDOWS\system32\mlnmp.ini
    C:\WINDOWS\system32\o1
    C:\WINDOWS\system32\o1\wr31drs.exe
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\pfkegxkh.dll
    C:\WINDOWS\system32\pfkegxkh.dllbox
    C:\WINDOWS\system32\pmnlm.dll
    C:\WINDOWS\system32\RunOnce3.tmp
    C:\WINDOWS\system32\tefnaoom.dllbox
    C:\WINDOWS\system32\v4
    C:\WINDOWS\system32\v4\caws83122.exe
    C:\WINDOWS\system32\veuaexgm.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_CMDSERVICE
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_FMTR
    -------\LEGACY_NETWORK_MONITOR
    -------\cmdService
    -------\DomainService
    -------\fmtr
    -------\Network Monitor


    ((((((((((((((((((((((((( Files Created from 2007-10-06 to 2007-11-06 )))))))))))))))))))))))))))))))
    .

    2007-11-05 14:47 <DIR> d-------- C:\WINDOWS\system32\Mz12r
    2007-11-05 14:46 148,622 --a------ C:\Documents and Settings\RPM\p4ck.exe
    2007-11-05 14:16 83,008 --a------ C:\WINDOWS\system32\dlwuiqrm.dll
    2007-11-05 14:15 85,568 --a------ C:\WINDOWS\system32\ekfsfbmh.dll
    2007-11-05 14:05 340,032 --a------ C:\WINDOWS\system32\jmhlhzlp.dll
    2007-11-05 14:04 340,032 --a------ C:\WINDOWS\system32\toksvion.dll
    2007-11-05 11:33 3,473 --a------ C:\Documents and Settings\RPM\ie_update3r.exe
    2007-11-05 08:24 <DIR> d--hs---- C:\WINDOWS\system32\wsnpoem
    2007-11-05 00:56 <DIR> d-------- C:\Program Files\MalwareAlarm
    2007-11-05 00:45 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\DivX
    2007-11-04 22:27 <DIR> d-------- C:\Program Files\Xjfciara
    2007-11-04 22:27 36,864 --a------ C:\WINDOWS\system32\qomjifc.dll
    2007-11-04 22:26 <DIR> d-------- C:\Program Files\nifsncxi
    2007-11-04 22:25 <DIR> d-------- C:\Program Files\SpyGuardPro
    2007-11-04 22:25 <DIR> d-------- C:\Program Files\Common Files\SpyGuardPro
    2007-11-04 22:25 <DIR> d-------- C:\Documents and Settings\RPM\Application Data\SpyGuardPro
    2007-11-04 22:25 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
    2007-11-04 22:23 <DIR> d-------- C:\WINDOWS\system32\Mz08r
    2007-11-04 22:23 36,352 --a------ C:\WINDOWS\system32\nnnommk.dll
    2007-11-04 22:22 36,352 --a------ C:\WINDOWS\system32\ddcccda.dll
    2007-11-04 22:21 <DIR> d--hs---- C:\WINDOWS\UmFuZHkgTWNDdWxseQ
    2007-11-04 22:21 35,840 --a------ C:\WINDOWS\mrofinu572.exe
    2007-11-04 22:21 35,840 --a------ C:\WINDOWS\mrofinu1000106.exe
    2007-11-04 22:20 <DIR> d-------- C:\WINDOWS\system32\Mz02r
    2007-11-04 22:20 <DIR> d-------- C:\Temp\mZOr
    2007-11-04 22:20 36,352 --a------ C:\WINDOWS\system32\xxyxxur.dll
    2007-10-29 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
    2007-10-28 20:37 <DIR> d-------- C:\WINDOWS\system32\BWKDLogs
    2007-10-28 20:37 290,816 --a------ C:\WINDOWS\system32\KPDPM.dll
    2007-10-28 20:37 225,280 --a------ C:\WINDOWS\system32\KPDPMUI.dll
    2007-10-28 20:37 64,512 --a------ C:\WINDOWS\system32\PTPITCP.dll
    2007-10-28 20:36 <DIR> d-------- C:\WINDOWS\system32\color
    2007-10-28 20:36 <DIR> d-------- C:\Program Files\Common Files\Kodak
    2007-10-28 20:36 <DIR> d-------- C:\KPCMS
    2007-10-28 20:35 <DIR> d-------- C:\Program Files\Kodak
    2007-10-28 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
    2007-10-26 00:08 <DIR> d-------- C:\BOSSFonts
    2007-10-20 22:18 7,831 --a------ C:\syspxdi.exe
    2007-10-19 12:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2007-10-19 12:27 <DIR> d-------- C:\Program Files\iPod
    2007-10-18 04:47 202,240 --a------ C:\WINDOWS\system32\Dr Pepper Go For More.scr
    2007-10-18 04:46 <DIR> d-------- C:\WINDOWS\system32\Dr Pepper Go For More dir
    2007-10-18 04:46 <DIR> d-------- C:\WINDOWS\system32\Dr Pepper Go For More 23 dir
    2007-10-18 04:46 202,240 --a------ C:\WINDOWS\system32\Dr Pepper Go For More 23.scr
    2007-10-17 10:10 <DIR> d-------- C:\Documents and Settings\RPM\Application Data\Grisoft
    2007-10-17 10:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-17 10:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-10-17 05:40 <DIR> d-------- C:\Documents and Settings\RPM\Application Data\Turbine
    2007-10-17 05:35 <DIR> d-------- C:\WINDOWS\system32\URTTemp
    2007-10-17 03:34 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot
    2007-10-15 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-10-15 15:13 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-10-15 15:13 <DIR> d-------- C:\Documents and Settings\RPM\Application Data\SUPERAntiSpyware.com
    2007-10-15 14:52 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-13 23:49 <DIR> d-------- C:\Program Files\Lavasoft
    2007-10-13 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-10-10 17:36 <DIR> d-------- C:\Documents and Settings\RPM\Application Data\Talkback
    2007-10-10 17:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
    2007-10-09 06:16 <DIR> d--hs---- C:\WINDOWS\system32\Sys
    2007-10-09 06:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
    2007-10-06 21:48 94,480 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2007-10-06 21:47 <DIR> d-------- C:\Documents and Settings\RPM\Application Data\HouseCall 6.6

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-05 07:00 57 ----a-w C:\Program Files\ini.ini
    2007-11-05 06:46 --------- d-----w C:\Program Files\Morpheus
    2007-10-25 10:07 --------- d-----w C:\Program Files\DivX
    2007-10-19 18:50 --------- d-----w C:\Program Files\Apple Software Update
    2007-10-19 18:33 --------- d-----w C:\Program Files\iTunes
    2007-10-17 16:03 --------- d-----w C:\Program Files\McAfee
    2007-10-17 15:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-10-17 15:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-10-17 11:37 --------- d-----w C:\Documents and Settings\RPM\Application Data\GetRightToGo
    2007-10-15 21:12 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-10-14 00:56 --------- d-----w C:\Program Files\World of Warcraft
    2007-10-09 12:35 --------- d-----w C:\Program Files\Canon
    2007-10-09 12:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
    2007-10-09 12:11 --------- d-----w C:\Documents and Settings\RPM\Application Data\Lavasoft
    2007-10-09 05:37 --------- d-----w C:\Program Files\Common Files\Adobe
    2007-09-28 23:49 --------- d-----w C:\Documents and Settings\RPM\Application Data\MSN6
    2007-09-28 23:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
    2007-09-28 23:36 --------- d-----w C:\Program Files\support.com
    2007-09-21 07:08 --------- d-----w C:\Program Files\Common Files\xing shared
    2007-09-21 07:07 --------- d-----w C:\Program Files\Real
    2007-09-21 07:05 --------- d-----w C:\Program Files\Common Files\Real
    2007-09-15 19:17 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
    2007-09-15 18:50 --------- d-----w C:\Program Files\Comcast
    2007-09-15 18:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
    2007-09-15 18:44 --------- d-----w C:\Program Files\Common Files\SupportSoft
    2007-09-15 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Support.com
    2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll
    2007-06-14 09:22 2,231 ----a-w C:\Program Files\folder.js
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{634BBAB7-3F60-4426-944F-A62B9007F67F}]
    2007-11-04 22:20 36352 --a------ C:\WINDOWS\system32\xxyxxur.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    2007-11-05 14:05 340032 --a------ C:\WINDOWS\system32\jmhlhzlp.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB166F9C-4C49-42B1-E2A2-9230DE6DB172}]
    C:\Program Files\Windows NT\woquceq555.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\jmhlhzlp.dll [2007-11-05 14:05 340032]

    [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\jmhlhzlp.dll [2007-11-05 14:05 340032]

    [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" []
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
    "ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 13:21]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-21 01:04]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-27 19:14]
    "041157f7"="C:\WINDOWS\System32\ekfsfbmh.dll" [2007-11-05 14:15]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2001-08-23 01:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06]
    "Moas"="C:\DOCUME~1\RPM\APPLIC~1\YMBOLS~1\msdtc.exe" []
    "Rbzafiu"="C:\WINDOWS\A?pPatch\t?skmgr.exe" []

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-07-22 03:47:22]
    Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08]

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= C:\Program Files\Windows NT\bazyqak.html
    FriendlyName=

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
    "{634BBAB7-3F60-4426-944F-A62B9007F67F}"= C:\WINDOWS\system32\xxyxxur.dll [2007-11-04 22:20 36352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "DNDLGYkGGmZkIFsxm"= {04115759-AEBB-FDF3-080E-59024B9EAE7E} - C:\WINDOWS\System32\rp.dll [2006-11-05 05:10 25088]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jmhlhzlp]
    jmhlhzlp.dll 2007-11-05 14:05 340032 C:\WINDOWS\system32\jmhlhzlp.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winndy32]
    winndy32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxxur]
    xxyxxur.dll 2007-11-04 22:20 36352 C:\WINDOWS\system32\xxyxxur.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\System32\pmnlm.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
    "C:\Program Files\Common Files\SpyGuardPro\bm.exe" dm=http://spyguardpro.com; ad=http://spyguardpro.com

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]
    mgrs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyGuardPro]
    "C:\Program Files\SpyGuardPro\pgs.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ugcw]
    "C:\PROGRA~1\COMMON~1\SPYGUA~1\ugcw.exe" -start

    R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\System32\drivers\sis7012.sys
    S2 Microsoft Internet Service;Microsoft Internet Service;C:\WINDOWS\System32\_svchost.exe -A

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-02 15:46:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-11-05 14:00:21 C:\WINDOWS\Tasks\wrSpySweeper_L3A78E134FCB8411EAA5CCF1C74205591.job"
    - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-06 01:35:56
    Windows 5.1.2600 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-06 1:40:20 - machine was rebooted
    C:\ComboFix2.txt ... 2007-10-15 15:06
    .
    --- E O F ---
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/647947

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice