THIS IS MY COMBOFIX LOG
ComboFix 07-11-08.1 - Oscar 2007-11-13 16:53:48.5 - NTFSx86 NETWORK
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.154 [GMT -8:00]
Running from: C:\Documents and Settings\Oscar\Desktop\Programs\Fix Computer\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\SecCenter
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_RUNTIME2
((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 )))))))))))))))))))))))))))))))
.
2007-11-13 16:53 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_1e0.dat
2007-11-13 16:49 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_3ec.dat
2007-11-13 16:41 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_3b8.dat
2007-11-13 16:15 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_420.dat
2007-11-13 14:01 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_368.dat
2007-11-13 10:07 <DIR> d-------- C:\WINNT\system32\uaiodtpw
2007-11-13 10:07 <DIR> d-------- C:\Program Files\Xwubfglr
2007-11-13 10:07 <DIR> d-------- C:\Program Files\Ekpsbfel
2007-11-13 08:57 51,200 --a------ C:\WINNT\NirCmd.exe
2007-11-12 08:14 156,336 --a------ C:\WINNT\dracee.exe
2007-11-12 08:13 55,808 --a------ C:\WINNT\system32\spoolv.exe
2007-11-12 08:13 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_75c.dat
2007-11-12 08:12 16,384 --a------ C:\WINNT\xlaherx.exe
2007-11-06 08:23 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_45c.dat
2007-11-06 07:54 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_4ac.dat
2007-11-02 15:05 54 --ah----- C:\aaw7boot.cmd
2007-11-02 14:05 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_268.dat
2007-11-02 13:53 4,212 ---h----- C:\WINNT\system32\zllictbl.dat
2007-11-02 13:27 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_40c.dat
2007-11-02 13:03 11,264 --a------ C:\WINNT\system32\SpOrder.dll
2007-11-02 13:01 <DIR> d-------- C:\WINNT\system32\ZoneLabs
2007-11-02 13:01 <DIR> d-a------ C:\WINNT\Internet Logs
2007-11-02 12:56 <DIR> d-------- C:\Program Files\Avira
2007-11-02 12:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-02 12:52 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-02 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-02 12:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-02 12:39 41,984 --a------ C:\WINNT\toozfd.exe
2007-11-02 12:35 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_814.dat
2007-11-02 12:30 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_454.dat
2007-11-02 12:23 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_14c.dat
2007-11-02 12:12 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_608.dat
2007-11-02 12:00 <DIR> d-------- C:\Program Files\devedoha
2007-11-02 11:37 <DIR> d-------- C:\WINNT\system32\msvcr61
2007-11-02 11:37 <DIR> d-------- C:\Program Files\Vojqhbxx
2007-11-02 11:37 <DIR> d-------- C:\Program Files\Ckzlenao
2007-11-02 11:37 32,256 --a------ C:\WINNT\system32\msvcr61.dll
2007-11-02 11:36 <DIR> d-------- C:\Program Files\rozqdwfm
2007-11-01 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-26 14:47 --------- d-----w C:\Program Files\MSN Messenger
2003-11-28 22:09 271 ---h--w C:\Program Files\desktop.ini
2003-11-28 22:09 21,952 ---h--w C:\Program Files\folder.htt
1999-12-07 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03E384D6-E1A7-792A-1851-0AC16EF38DE4}]
C:\Program Files\Ekpsbfel\jzsvxyrm.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1888D4BA-8C81-FD13-3C52-03DA8BFFC171}]
C:\Program Files\Vojqhbxx\bcgvbeph.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{696A82AF-3AD8-5A16-A1CA-32A59A63A863}]
C:\WINNT\system\bremct32.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C87FA4A3-2474-4a3f-B413-67D515905024}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DABCE839-3831-3818-AF3A-3837BCD324D2}]
C:\WINNT\system32\mskvtns.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 C:\WINNT\system32\mobsync.exe]
"vptray"="C:\Program Files\NavNT\vptray.exe" [01-09-24 07:59 ]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [02-09-10 20:26 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-01-20 08:29 ]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [06-01-30 08:00 ]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [07-09-04 15:40 ]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 11:10:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Internet Explorer"= {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINNT\system32\Fkqgck32.dll [ ]
R0 avgntmgr;avgntmgr;C:\WINNT\system32\DRIVERS\avgntmgr.sys
R1 avgntdd;avgntdd;C:\WINNT\system32\DRIVERS\avgntdd.sys
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys
S3 S3chipid;S3chipid;\??\C:\WINNT\TEMP\_ISTMP1.DIR\S3chipid.sys
S3 viafilter;VIA USB Filter;C:\WINNT\system32\Drivers\viausb.sys
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-11-13 16:55:08
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-13 16:55:43
.
--- E O F ---
MY NEW HIJACKTHIS LOG
Logfile of HijackThis v1.99.1
Scan saved at 9:02:24 AM, on 11/14/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\mstsc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Oscar\Desktop\Programs\Hijackthis\HijackThis.exe
O2 - BHO: (no name) - {03E384D6-E1A7-792A-1851-0AC16EF38DE4} - C:\Program Files\Ekpsbfel\jzsvxyrm.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1888D4BA-8C81-FD13-3C52-03DA8BFFC171} - C:\Program Files\Vojqhbxx\bcgvbeph.dll (file missing)
O2 - BHO: Explorer Helper - {696A82AF-3AD8-5A16-A1CA-32A59A63A863} - C:\WINNT\system\bremct32.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Flash Module - {C87FA4A3-2474-4a3f-B413-67D515905024} - rasmoesa.dll (file missing)
O2 - BHO: (no name) - {DABCE839-3831-3818-AF3A-3837BCD324D2} - C:\WINNT\system32\mskvtns.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMe ... loader.cabO20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINNT\system32\Fkqgck32.dll (file missing)
O21 - SSODL: cyYGseGjvRl - {1CC95E99-B663-F433-3E92-CB8257FAB21E} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe