Free Malware Removal Forum

[flashneo]

I need help to solve my system problem, my laptop is being flooding with that 50 invalid syntax error and more than 2000 pos1.tmp files on C:\ , system performance is getting slow. pls check my hijackthis.log and assist me on this thread. I used comboFix.txt and so far the 50 invalid syntax error has not pop up yet. pls help me to get my system function as normal again.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:48 AM, on 2/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\LYDIOT~1\LOCALS~1\Temp\tmpD2.tmp.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\txrxfcyb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.8-2.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: txrxfcyb - C:\WINDOWS\SYSTEM32\txrxfcyb.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 5651 bytes

###############################################################


ComboFix 08-02.05.3 - Lydiot's Laptop 2008-02-08 10:35:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.96 [GMT 8:00]
Running from: C:\Documents and Settings\Lydiot's Laptop\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\cbxxwwx.dll
C:\WINDOWS\system32\urssq.dll
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-07_20.10.59.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-08_19.35.18.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-10_10.28.31.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-10_11.38.31.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-10_12.58.31.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-10_15.48.31.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-11_22.39.45.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-11_22.49.45.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-12_18.00.57.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-16_20.55.10.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-21_20.42.56.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-25_22.36.28.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-26_20.43.19.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-27_20.51.47.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-27_21.01.47.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-27_22.32.54.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-28_00.12.54.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-09_22.11.13.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-11_17.36.30.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-11_20.07.19.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-12_20.50.37.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-17_11.24.27.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-17_17.26.53.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-19_21.46.07.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-19_21.56.07.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-21_21.04.57.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-22_22.29.01.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-22_22.39.02.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-24_10.57.06.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-29_22.36.30.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-30_20.10.58.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-30_20.20.58.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-30_20.50.58.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-01_23.00.18.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-02_18.22.32.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-02_18.32.32.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-02_21.32.32.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-02_22.45.10.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-04_00.42.55.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-04_22.41.57.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-07_21.52.50.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-08_17.46.32.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-10_21.54.34.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-13_22.42.02.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-19_17.25.36.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-22_09.30.43.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-23_11.40.27.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-23_16.30.27.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-23_16.50.27.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-23_17.22.35.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-23_19.31.08.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-24_21.48.16.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-24_21.58.16.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-24_22.08.16.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-28_21.23.41.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-28_22.13.41.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-29_12.41.40.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-29_13.41.40.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-29_13.51.40.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-29_14.51.40.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-29_18.01.40.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-29_18.51.40.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-30_15.31.32.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-30_15.41.32.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-30_15.51.32.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-30_16.51.32.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-08-30_21.31.32.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-08-30_22.01.32.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-02_21.51.50.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-03_22.27.34.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_09.34.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_10.44.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_11.34.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_12.04.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_12.14.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_12.44.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_12.54.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_14.44.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_15.54.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_16.34.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_17.44.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_17.54.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_18.34.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-05_07.52.05.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-05_09.02.05.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-05_09.22.05.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-05_17.29.23.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-06_14.57.53.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-06_15.07.53.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-06_15.57.53.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-06_20.06.14.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-06_20.16.14.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-06_20.26.14.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-06_21.26.14.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-07_19.05.17.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-07_21.45.17.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-08_19.18.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-08_19.28.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-10_23.13.06.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-11_16.39.29.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-11_17.09.29.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-11_21.59.30.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-12_09.03.20.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-12_21.53.53.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-12_22.03.53.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-13_12.09.57.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-14_19.33.57.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-14_20.03.57.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-14_21.23.57.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-15_21.03.40.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-15_21.52.36.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-16_20.53.39.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-16_21.23.39.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-17_22.21.35.hl
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\All Users.\documents\settings\rvnzs_a.dat
C:\Documents and Settings\All Users.\documents\settings\rvnzs_b.dat
C:\Documents and Settings\All Users.\documents\settings\rvnzs_f.dat
C:\Documents and Settings\All Users.\documents\settings\rvnzs_v.dat
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\0019B054.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\001D72ED.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\004D0632.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images\004FB19A.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp
C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
C:\Program Files\FunWebProducts\Shared\007306AD.dat
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.htm
C:\WINDOWS\cookies.ini
C:\WINDOWS\mlmnno.dll
C:\WINDOWS\nmpsru.ini
C:\WINDOWS\onnmlm.ini
C:\WINDOWS\system32\bdncqxxg.dll
C:\WINDOWS\system32\cbxxwwx.dll
C:\WINDOWS\system32\gxxqcndb.ini
C:\WINDOWS\system32\iesoojgg.dllbox
C:\WINDOWS\system32\pdluvbbk.dll
C:\WINDOWS\system32\qssru.ini
C:\WINDOWS\system32\qssru.ini2
C:\WINDOWS\system32\qwerty12.exe
C:\WINDOWS\system32\tmp1.tmp.dll
C:\WINDOWS\system32\tmp10.tmp.dll
C:\WINDOWS\system32\tmp11.tmp.dll
C:\WINDOWS\system32\tmp128.tmp.dll
C:\WINDOWS\system32\tmp14.tmp.dll
C:\WINDOWS\system32\tmp16.tmp.dll
C:\WINDOWS\system32\tmp18.tmp.dll
C:\WINDOWS\system32\tmp19.tmp.dll
C:\WINDOWS\system32\tmp1A.tmp.dll
C:\WINDOWS\system32\tmp1C.tmp.dll
C:\WINDOWS\system32\tmp2.tmp.dll
C:\WINDOWS\system32\tmp23.tmp.dll
C:\WINDOWS\system32\tmp26.tmp.dll
C:\WINDOWS\system32\tmp29.tmp.dll
C:\WINDOWS\system32\tmp2A.tmp.dll
C:\WINDOWS\system32\tmp2C.tmp.dll
C:\WINDOWS\system32\tmp2E.tmp.dll
C:\WINDOWS\system32\tmp3.tmp.dll
C:\WINDOWS\system32\tmp4.tmp.dll
C:\WINDOWS\system32\tmp5.tmp.dll
C:\WINDOWS\system32\tmp55.tmp.dll
C:\WINDOWS\system32\tmp6.tmp.dll
C:\WINDOWS\system32\tmp7.tmp.dll
C:\WINDOWS\system32\tmp78B.tmp.dll
C:\WINDOWS\system32\tmp8.tmp.dll
C:\WINDOWS\system32\tmp9.tmp.dll
C:\WINDOWS\system32\tmpA51.tmp.dll
C:\WINDOWS\system32\tmpB.tmp.dll
C:\WINDOWS\system32\tmpC.tmp.dll
C:\WINDOWS\system32\tmpD.tmp.dll
C:\WINDOWS\system32\tmpD3.tmp.dll
C:\WINDOWS\system32\tmpE.tmp.dll
C:\WINDOWS\system32\txrxfcyb.dll
C:\WINDOWS\system32\txrxfcyb.dll . . . . failed to delete
C:\WINDOWS\system32\txrxfcyb.dllbox
C:\WINDOWS\system32\upfpddpk.dllbox
C:\WINDOWS\system32\urssq.dll
C:\WINDOWS\system32\yykkawuo.dll
C:\WINDOWS\urspmn.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 )))))))))))))))))))))))))))))))
.

2008-02-08 11:02 . 2008-02-08 11:06 19,054 ---hs---- C:\WINDOWS\system32\txrxfcyb.dllbox
2008-02-07 23:24 . 2008-02-07 23:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-07 20:46 . 2008-02-08 10:57 163,904 --a------ C:\WINDOWS\system32\txrxfcyb.dll
2008-01-22 21:04 . 2008-02-07 20:47 1,136,307 ---hs---- C:\WINDOWS\badehk.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 13:00 --------- d-----w C:\Program Files\QUICKENW
2008-01-01 06:50 --------- d-----w C:\Program Files\Sim 2 expansion
2008-01-01 05:55 --------- d-----w C:\Program Files\EA GAMES
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 933,888 2005-07-22 13:36:10 C:\Program Files\Brother\ControlCenter2\bak\brctrcen.exe

----a-r 155,648 2003-10-14 02:22:30 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe

----a-w 77,824 2003-10-28 01:23:08 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 40,960 2005-03-17 06:45:52 C:\Program Files\ScanSoft\PaperPort\bak\IndexSearch.exe

----a-w 57,393 2005-03-17 06:25:54 C:\Program Files\ScanSoft\PaperPort\bak\pptd40nt.exe

----a-w 37,023 2007-02-21 13:02:44 C:\WINDOWS\system32\bak\lsasss.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4958ff13-04a8-43da-bbc4-13c7e2745a01}]
C:\WINDOWS\system32\pdluvbbk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65D69901-97B7-4A85-8E1D-2EB2A050E7B1}]
C:\WINDOWS\system32\urssq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2008-02-08 10:57 163904 --a------ C:\WINDOWS\system32\txrxfcyb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-26 20:21 68856]
"SysRestore"="C:\DOCUME~1\LYDIOT~1\LOCALS~1\Temp\tmpD2.tmp.exe" [2007-06-09 23:58 4096]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-07 14:08 4670968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [ ]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [ ]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [ ]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [ ]
"Lexmark_X79-55"="C:\WINDOWS\system32\lsasss.exe" [ ]
"NetService"="C:\DOCUME~1\LYDIOT~1\LOCALS~1\Temp\tmp1.tmp.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"7421f230"="C:\WINDOWS\system32\bdncqxxg.dll" [ ]
"combofix"="C:\WINDOWS\system32\kmd.exe" [2004-08-04 15:56 388608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-10-18 21:34:53 802816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"SFCDisable"=dword:00000004

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxwwx]
cbxxwwx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\txrxfcyb]
txrxfcyb.dll 2008-02-08 10:57 163904 C:\WINDOWS\system32\txrxfcyb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerPanel.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerPanel.lnk
backup=C:\WINDOWS\pss\PowerPanel.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^zakaria^Start Menu^Programs^Startup^Cleanup.lnk]
path=C:\Documents and Settings\zakaria\Start Menu\Programs\Startup\Cleanup.lnk
backup=C:\WINDOWS\pss\Cleanup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2002-03-01 03:27 114688 C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 15:56 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanupProgram]
C:\Sonysys\cleanup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2006-04-06 09:30 3284992 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKSERV.EXE]
--a------ 2002-01-31 02:14 417792 C:\Program Files\Sony\HotKey Utility\HKserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2002-07-11 20:06 188416 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Imatio]
--a------ 2004-03-09 10:17 360613 c:\program files\imation disk manager\imation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JOGSERV2.EXE]
--a------ 2002-03-06 06:26 159744 C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Office]
--a------ 2005-02-05 00:13 27349 C:\WINDOWS\system32\msoff.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
--a------ 2004-11-13 01:24 106557 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A;C:\WINDOWS\system32\drivers\Vch.sys [2002-02-16 16:07]
R3 Ich;Ich;C:\WINDOWS\system32\DRIVERS\Ich.sys [2002-01-25 04:57]
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2003-05-14 16:01]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2001-08-17 20:51]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
S3 LSWPCv4;Wireless-B Notebook Adapter Driver;C:\WINDOWS\system32\DRIVERS\LSRTNDS.SYS [2003-04-14 11:25]
S3 USTOR;Imation USB Flash Drive;C:\WINDOWS\system32\DRIVERS\UStork.sys [2003-07-08 18:30]
S4 Wxhhalikb;Wxhhalikb;C:\WINDOWS\system32\exe2bin.exe [2001-08-18 20:00]

.
Contents of the 'Scheduled Tasks' folder
"2003-10-28 11:35:09 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2003-10-28 11:35:09 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 11:05:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\txrxfcyb.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\txrxfcyb.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\ntvdm.exe
.
**************************************************************************
.
Completion time: 2008-02-08 11:11:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-08 03:11:36
.
2007-10-15 10:47:08 --- E O F ---

[Shaba]

Hi flashneo

Please post back a fresh HijackThis log next

[Shaba]

This topic is now closed due to inactivity. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.