Help Please..

[cauzomb]

I'd also check into the free spyhunter software, I was reading through some recent logs on other forums that suggested trend micro, avg and others missed the zlob variant, whereas spyhunter finds it BUT your Hijackthis log shows "FILE MISSING" after the suspect wxdbpfvo.dll listed as [Parasite causing false spyware warnings and connecting to fake "security sites" - member of the FakeAlert aka SmitFraud malware family]

The file missing part means your apps found the infected file and removed them, or your suspect file is hiding itself until later...

[ou8it]

About the Wild Tangent? and the imt.damit.dll error I get on startup? Are they related and how do I fix the dll error on startup.

Thank you very much for your response and personal time to help others.

Frank

[jholland1964]

Frank, don't worry about those errors now. I need you to run that Combofix program following the directions given exactly. We will take care of the others shortly.

[ou8it]

After Combo Fix I still get this error on startup: On pop up error header is "RUNDLL" The error message is (Error Loading C:\windows\system 32\imt.damit.dll, The specific module could not be found). Also would like to know if Wild Tangent is ok.

Here is Combo Fix Log:

ComboFix 08-05-15.3 - Robert 2008-05-19 15:25:52.1 - NTFSx86
Running from: C:\Documents and Settings\Robert\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Robert\My Documents\Spyware&Malware Protection.url
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\egnpfdmw.ini
C:\WINDOWS\system32\emwugfel.ini
C:\WINDOWS\system32\fgagnayc.ini
C:\WINDOWS\system32\hRrsrBeg.ini
C:\WINDOWS\system32\hRrsrBeg.ini2
C:\WINDOWS\system32\lwibjlsd.ini
C:\WINDOWS\system32\osmwogvk.ini
C:\WINDOWS\system32\qkfevswi.ini
C:\WINDOWS\system32\qqjjywlj.ini
C:\WINDOWS\system32\sdmhmpcx.ini
C:\WINDOWS\system32\tduhlfnr.ini
C:\WINDOWS\system32\temadtmi.ini

----- BITS: Possible infected sites -----

hxxp://onsafepro.com
.
((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.

2008-05-19 06:05 . 2008-05-19 06:05 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-19 05:48 . 2008-05-19 06:05 <DIR> d-------- C:\Program Files\Internet Spy Hunter
2008-05-18 18:15 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-18 18:14 . 2008-05-18 18:14 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-18 16:13 . 2008-05-18 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-05-18 06:54 . 2008-05-18 06:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-18 06:54 . 2008-05-18 06:54 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Malwarebytes
2008-05-18 06:54 . 2008-05-18 06:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-18 06:54 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-18 06:54 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-17 19:18 . 2008-05-18 20:01 <DIR> d-------- C:\Hi Jack This
2008-05-17 19:18 . 2005-02-16 11:06 218,112 --a------ C:\Program Files\HijackThis.exe
2008-05-14 17:44 . 2008-05-14 17:44 <DIR> d-------- C:\ie-spyad_zo
2008-05-14 17:39 . 2008-05-14 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-05-14 17:38 . 2008-05-14 17:39 <DIR> d-------- C:\Program Files\Dell Games
2008-05-14 17:30 . 2008-05-14 22:01 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-14 17:30 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-05-14 16:53 . 2008-05-14 16:53 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-05-13 21:02 . 2008-05-13 21:05 202 --a------ C:\WINDOWS\wininit.ini
2008-05-13 19:55 . 2008-05-13 19:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-13 19:55 . 2008-05-13 21:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-13 19:49 . 2008-05-13 19:49 <DIR> d-------- C:\Program Files\CCleaner
2008-05-13 19:23 . 2008-05-13 19:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-13 19:22 . 2008-05-13 19:22 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-13 19:22 . 2008-05-13 19:22 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\SUPERAntiSpyware.com
2008-05-13 17:43 . 2008-05-13 19:19 <DIR> d-------- C:\Documents and Settings\Robert\.housecall6.6
2008-05-13 17:05 . 2007-12-27 21:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-05-13 17:05 . 2008-05-13 17:05 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-13 17:05 . 2008-05-19 15:25 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-05-04 12:29 . 2008-05-04 12:29 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\McAfee
2008-05-01 13:37 . 2008-05-09 04:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\kgvsrrma
2008-05-01 13:29 . 2008-05-09 04:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\uzkiodzh
2008-05-01 13:07 . 2008-05-12 08:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\odavibsv

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-19 00:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-18 22:15 --------- d-----w C:\Program Files\Java
2008-05-18 16:53 --------- d-----w C:\Program Files\Dl_cats
2008-05-15 21:31 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-15 21:29 --------- d-----w C:\Documents and Settings\Robert\Application Data\AdobeUM
2008-05-15 02:06 --------- d-----w C:\Program Files\Microsoft Picture It! PhotoPub
2008-05-14 19:56 --------- d-----w C:\Program Files\Trend Micro
2008-05-14 09:39 --------- d-----w C:\Program Files\FinePixViewer
2008-05-13 23:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-22 23:32 --------- d-----w C:\Program Files\McAfee
2008-04-01 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE78B4A0-9873-4C13-ACC2-D898536C9798}]
C:\WINDOWS\system32\geBrsrRh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C3169036-557E-45E1-840F-C845DC406C55}"= "C:\WINDOWS\wxdbpfvo.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{c3169036-557e-45e1-840f-c845dc406c55}]
[HKEY_CLASSES_ROOT\wxdbpfvo.1]
[HKEY_CLASSES_ROOT\TypeLib\{D95C697F-D985-4AB1-92B5-40DF04BBE322}]
[HKEY_CLASSES_ROOT\wxdbpfvo]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"sqrjigmy"="C:\WINDOWS\system32\alabqbkn.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 21:42 1404928]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X 86\3\DLCCtime.dll" [2005-06-07 08:38 69632]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 12:44 249856]
"ece3c94e"="C:\WINDOWS\system32\imtdamet.dll" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run]
"tE19RMf3nt"= C:\Documents and Settings\All Users\Application Data\odavibsv\idenurst.exe

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcBSIbb]
ddcBSIbb.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]
--a------ 2007-05-23 11:41 1798656 C:\Program Files\Advanced Registry Optimizer\aro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cafw]
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\capfasem]
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\capfupgrade]
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray]
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2006-02-09 18:34 106496 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 07:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCCCATS]
--a------ 2005-06-07 08:38 69632 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtim e.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
--a------ 2005-07-22 09:03 425984 C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-01-27 03:02 86016 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
--a------ 2007-03-15 19:16 454784 C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1170429915\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a------ 2003-09-03 22:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 12:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 12:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-05-04 18:21 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2005-09-08 21:20 8192 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2005-09-08 21:20 110592 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QOELOADER]
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.32\QOELoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-12-27 22:08 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-11-29 23:04 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
--------- 2002-02-04 23:32 53248 C:\Program Files\REGSHAVE\REGSHAVE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-05-13 12:43 1510640 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=


.
Contents of the 'Scheduled Tasks' folder
"2008-05-15 05:10:57 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-05-01 05:00:25 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 15:35:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\McAfee\MPS\mpsevh.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
.
************************************************** ************************
.
Completion time: 2008-05-19 15:41:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-19 19:41:20

Pre-Run: 63,735,238,656 bytes free
Post-Run: 63,683,579,904 bytes free

244 --- E O F --- 2008-05-16 07:02:20

[jholland1964]

Give me a bit to go through this log and work up a fix for you.

On pop up error header is "RUNDLL" The error message is (Error Loading C:\windows\system 32\imt.damit.dll, The specific module could not be found). Also would like to know if Wild Tangent is ok.

Will be taking care of the imt.damit.dll, problem with the fix. Generally I would say get rid of Wild Tangent.

[jholland1964]

Know this is taking me awhile but sorry, these are hard logs to work with. I will get back to you ASAP.
Judy

[jholland1964]

Open notepad and copy/paste the text in the quote box below into it:

File::
C:\Documents and Settings\All Users\Application Data\WildTangent
C:\Documents and Settings\All Users\Application Data\kgvsrrma
C:\Documents and Settings\All Users\Application Data\uzkiodzh
C:\Documents and Settings\All Users\Application Data\odavibsv
C:\WINDOWS\system32\geBrsrRh.dll
C:\WINDOWS\wxdbpfvo.dll
C:\WINDOWS\system32\alabqbkn.exe
C:\WINDOWS\system32\imtdamet.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE78B4A0-9873-4C13-ACC2-D898536C9798}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C3169036-557E-45E1-840F-C845DC406C55}"=-

[-HKEY_CLASSES_ROOT\clsid\{c3169036-557e-45e1-840f-c845dc406c55}]

[-HKEY_CLASSES_ROOT\wxdbpfvo.1]

[-HKEY_CLASSES_ROOT\TypeLib\{D95C697F-D985-4AB1-92B5-40DF04BBE322}]

[-HKEY_CLASSES_ROOT\wxdbpfvo]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"sqrjigmy"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ece3c94e"=-

Save this as CFScript on your desktop.



Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log with a fresh copy of HijackThis.

[ou8it]

[ou8it]

I'm at a loss as to why my post are not showing up. Any Ideas JH?

[ou8it]