Login  Malware Removal & HijackThis Logs |
| |
| |
| | Thread Tools |
11-Jun-2008, 03:44 PM
#31 | |||||
| Please visit Combofix Guide & Instructions for instructions for downloading and running ComboFix: Post the log from ComboFix when you've accomplished that along with a new HijackThis log. Important notes regarding ComboFix: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished. ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.
__________________ Microsoft MVP - Consumer Security Alliance of Security Analysis Professionals |
| |
11-Jun-2008, 08:33 PM
#32 | |||||
| ComboFix 08-06-10.5 - Prestwood Family 2008-06-11 19:04:12.7 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.251 [GMT -4:00] Running from: D:\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ADS - svchost.exe: deleted 28160 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Rabio C:\Documents and Settings\Prestwood Family\My Documents\YMANTE~1 C:\Documents and Settings\Prestwood Family\My Documents\YMANTE~1\?ymantec\ C:\Documents and Settings\Prestwood Family\Start Menu\Programs\Outerinfo C:\Documents and Settings\Prestwood Family\Start Menu\Programs\Outerinfo\Uninstall.lnk C:\Program Files\IE Extensions C:\Program Files\iSecurity C:\Program Files\iSecurity\iSecurity.dat C:\Program Files\iSecurity\ucleaner.bmp C:\Program Files\iSecurity\ucleaner.ico C:\Program Files\iSecurity\ucleaneri.bmp C:\Program Files\iSecurity\udefender.bmp C:\Program Files\iSecurity\udefender.ico C:\Program Files\iSecurity\udefenderi.bmp C:\Program Files\iSecurity\winifixer.bmp C:\Program Files\iSecurity\winifixer.ico C:\Program Files\iSecurity\winifixeri.bmp C:\Program Files\JavaCore C:\Program Files\JavaCore\UnInstall.exe C:\Program Files\Temporary C:\WINDOWS\a.bat C:\WINDOWS\base64.tmp C:\WINDOWS\bdn.com C:\WINDOWS\BMc3b6b99e.xml C:\WINDOWS\FVProtect.exe C:\WINDOWS\iTunesMusic.exe C:\WINDOWS\mslagent C:\WINDOWS\mslagent\2_mslagent.dll C:\WINDOWS\mslagent\mslagent.exe C:\WINDOWS\mslagent\uninstall.exe C:\WINDOWS\mssecu.exe C:\WINDOWS\pskt.ini C:\WINDOWS\resources\SysCheck.dll C:\WINDOWS\stem~1 C:\WINDOWS\system32\172135 C:\WINDOWS\SYSTEM32\172135\172135.dll C:\WINDOWS\system32\609856 C:\WINDOWS\SYSTEM32\609856\609856.dll C:\WINDOWS\system32\adbssrjg.ini C:\WINDOWS\system32\ahnlnryc.ini C:\WINDOWS\system32\aibltfdg.dll C:\WINDOWS\system32\akttzn.exe C:\WINDOWS\system32\anticipator.dll C:\WINDOWS\system32\awtoolb.dll C:\WINDOWS\system32\bdn.com C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe C:\WINDOWS\system32\bnxghcoj.ini C:\WINDOWS\system32\bqgixert.dll C:\WINDOWS\system32\bsva-egihsg52.exe C:\WINDOWS\system32\cohoarca.ini C:\WINDOWS\system32\ctfmona.exe C:\WINDOWS\system32\dkfmvada.ini C:\WINDOWS\system32\dndbvtcv.ini C:\WINDOWS\system32\dpcproxy.exe C:\WINDOWS\system32\drivers\svchost.exe C:\WINDOWS\system32\dwfwrunj.ini C:\WINDOWS\system32\dxgdqqjp.dll C:\WINDOWS\system32\einmeewq.dll C:\WINDOWS\system32\ektiwfcq.ini C:\WINDOWS\system32\emesx.dll C:\WINDOWS\system32\ernivmxf.dll C:\WINDOWS\system32\fvfagpsa.ini C:\WINDOWS\SYSTEM32\fxmvinre.ini C:\WINDOWS\system32\gcpilmqy.dll C:\WINDOWS\system32\gflsubpr.ini C:\WINDOWS\system32\gfmikaji.dll C:\WINDOWS\system32\gkaumkdj.ini C:\WINDOWS\system32\h@tkeysh@@k.dll C:\WINDOWS\system32\hffnefqs.ini C:\WINDOWS\system32\hkdggsfi.ini C:\WINDOWS\system32\hoproxy.dll C:\WINDOWS\system32\hsurityh.ini C:\WINDOWS\system32\hxiwlgpm.dat C:\WINDOWS\system32\hxiwlgpm.exe C:\WINDOWS\system32\iDlo01 C:\WINDOWS\system32\iexplorer.dll .dbt C:\WINDOWS\system32\ISECUR~1.CPL C:\WINDOWS\system32\iSecurity.cpl C:\WINDOWS\system32\jnfbekqv.dll C:\WINDOWS\system32\kddza.exe C:\WINDOWS\system32\kkugaaql.dll C:\WINDOWS\system32\kr_done1 C:\WINDOWS\system32\lbxbxllu.ini C:\WINDOWS\system32\lmhbacnj.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\medup012.dll C:\WINDOWS\system32\medup020.dll C:\WINDOWS\system32\mqrirpee.ini C:\WINDOWS\system32\msgp.exe C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\msnbho.dll C:\WINDOWS\system32\mssecu.exe C:\WINDOWS\system32\msvchost.exe C:\WINDOWS\system32\mtr2.exe C:\WINDOWS\system32\mwin32.exe C:\WINDOWS\system32\n.ini C:\WINDOWS\system32\netode.exe C:\WINDOWS\system32\newsd32.exe C:\WINDOWS\system32\nuhftrtn.dll C:\WINDOWS\system32\nvrsma.dll C:\WINDOWS\system32\nwmtgwep.ini C:\WINDOWS\system32\odcmasmn.dll C:\WINDOWS\SYSTEM32\oqtss.bak1 C:\WINDOWS\SYSTEM32\oqtss.ini C:\WINDOWS\system32\oqveshwe.ini C:\WINDOWS\system32\oyqvvxho.ini C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\pcnedsrqtsnep.dll C:\WINDOWS\system32\pfgrlmqh.ini C:\WINDOWS\system32\pjsapdg.sys C:\WINDOWS\system32\pnucikks.ini C:\WINDOWS\system32\pqrqmuau.dll C:\WINDOWS\system32\ps1.exe C:\WINDOWS\system32\psof1.exe C:\WINDOWS\system32\psoft1.exe C:\WINDOWS\system32\pvsrkwvn.ini C:\WINDOWS\system32\qkpqsrvh.dll C:\WINDOWS\system32\qqknhrqg.dll C:\WINDOWS\system32\qrfsjgjm.ini C:\WINDOWS\system32\qrrbtcee.ini C:\WINDOWS\system32\rcrjuaaf.ini C:\WINDOWS\system32\regc64.dll C:\WINDOWS\system32\regm64.dll C:\WINDOWS\system32\rmqcjetg.ini C:\WINDOWS\system32\Rundl1.exe C:\WINDOWS\system32\rwsyytsa.dll C:\WINDOWS\system32\ryfutvxk.dll C:\WINDOWS\system32\smp C:\WINDOWS\system32\smp\msrc.exe C:\WINDOWS\system32\sncntr.exe C:\WINDOWS\system32\ssurf022.dll C:\WINDOWS\system32\ssvchost.com C:\WINDOWS\system32\ssvchost.exe C:\WINDOWS\system32\suaxztpv.dll C:\WINDOWS\system32\svcp.csv C:\WINDOWS\system32\syikvdua.dll C:\WINDOWS\system32\sysreq.exe C:\WINDOWS\system32\taack.dat C:\WINDOWS\system32\taack.exe C:\WINDOWS\system32\temp#01.exe C:\WINDOWS\system32\tgwcgrbf.ini C:\WINDOWS\system32\thun.dll C:\WINDOWS\system32\thun32.dll C:\WINDOWS\system32\tpvridvj.dll C:\WINDOWS\SYSTEM32\ucdljwyu.ini C:\WINDOWS\SYSTEM32\ucdljwyu.ini2 C:\WINDOWS\SYSTEM32\ucdljwyu.tmp C:\WINDOWS\system32\ukogyuqo.ini C:\WINDOWS\system32\unnvavmw.ini C:\WINDOWS\system32\VBIEWER.OCX C:\WINDOWS\system32\vbsys2.dll C:\WINDOWS\system32\vcatchpi.dll C:\WINDOWS\system32\vhdryeby.ini C:\WINDOWS\system32\vulmsqnj.ini C:\WINDOWS\system32\wdkwkjjf.ini C:\WINDOWS\system32\wducihah.ini C:\WINDOWS\system32\wfinsmlx.ini C:\WINDOWS\system32\winlogonpc.exe C:\WINDOWS\system32\winsub.xml C:\WINDOWS\system32\winsystem.exe C:\WINDOWS\system32\winupdate.exe C:\WINDOWS\system32\WINWGPX.EXE C:\WINDOWS\system32\wmbpiogl.ini C:\WINDOWS\system32\wscmp.dll C:\WINDOWS\system32\wsnpoem\audio.dll C:\WINDOWS\system32\wsnpoem\video.dll C:\WINDOWS\system32\xaycsfux.dll C:\WINDOWS\system32\xbbefgix.ini C:\WINDOWS\system32\xuqcxndj.ini C:\WINDOWS\system32\xvsnodei.dll C:\WINDOWS\SYSTEM32\xyadd.ini C:\WINDOWS\SYSTEM32\xyadd.ini2 C:\WINDOWS\userconfig9x.dll C:\WINDOWS\Web\def.htm C:\WINDOWS\winsystem.exe C:\WINDOWS\zip1.tmp C:\WINDOWS\zip2.tmp C:\WINDOWS\zip3.tmp C:\WINDOWS\zipped.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ICF -------\Service_ICF -------\Service_pjsapdg ((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 ))))))))))))))))))))))))))))))) . 2008-06-10 18:03 . 2008-06-11 10:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-06-10 17:31 . 2008-06-10 17:31 16,244 --a------ C:\WINDOWS\SYSTEM32\rrt_is.wav 2008-06-10 17:31 . 2008-06-10 17:31 7,302 --a------ C:\WINDOWS\SYSTEM32\rrt_vf.wav 2008-06-10 17:31 . 2008-06-10 17:31 7,148 --a------ C:\WINDOWS\SYSTEM32\rrt_tv.wav 2008-06-10 17:31 . 2008-06-10 17:31 6,282 --a------ C:\WINDOWS\SYSTEM32\rrt_tn.wav 2008-06-10 17:29 . 2008-06-11 19:04 2,188 --a------ C:\WINDOWS\SYSTEM32\OAKLEHP.dat 2008-06-10 17:29 . 2008-06-11 11:46 2,120 --a------ C:\WINDOWS\SYSTEM32\MSTLSXPI.dat 2008-06-10 17:29 . 2008-06-11 11:46 2,044 --a------ C:\WINDOWS\SYSTEM32\ICWDIADJ.dat 2008-06-10 17:27 . 2008-06-11 18:56 0 --a------ C:\WINDOWS\SYSTEM32\MsPMqNSv.dat 2008-06-10 17:26 . 2008-06-10 17:26 20,928 --a------ C:\xit8ku.exe 2008-06-10 17:25 . 2008-06-11 19:45 4,886 --a------ C:\WINDOWS\SYSTEM32\USRDCEA.dat 2008-06-10 17:25 . 2008-06-11 19:46 2,092 --a------ C:\WINDOWS\SYSTEM32\WSHCLNHK.dat 2008-06-10 17:25 . 2008-06-11 19:46 1,948 --a------ C:\WINDOWS\SYSTEM32\OLEACU.dat 2008-06-10 17:25 . 2008-06-10 17:56 649 --a------ C:\WINDOWS\SYSTEM32\MSORC3KR.dat 2008-06-10 17:25 . 2008-06-11 19:45 0 --a------ C:\WINDOWS\SYSTEM32\PNGFSLTB.dat 2008-06-10 02:39 . 2008-06-10 02:41 <DIR> d-------- C:\Documents and Settings\Prestwood Family\Application Data\McAfee 2008-06-10 02:11 . 2008-06-10 02:11 20,928 --a------ C:\4b5l07.exe 2008-06-10 00:50 . 2008-06-10 00:50 9,830 --a------ C:\exefix.reg 2008-06-10 00:15 . 2008-06-10 00:16 <DIR> d-------- C:\WINDOWS\LastGood 2008-06-10 00:08 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll 2008-06-09 23:42 . 2008-06-10 00:08 <DIR> d-------- C:\WINDOWS\LastGood.Tmp 2008-06-09 09:22 . 2004-06-03 22:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc 2008-06-09 09:22 . 2005-04-22 04:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek 2008-06-09 09:22 . 2008-06-09 09:22 <DIR> d-------- C:\Documents and Settings\Administrator 2008-06-09 09:05 . 2008-06-11 19:44 18,648 --a------ C:\WINDOWS\SYSTEM32\Config.MPF 2008-06-09 09:01 . 2008-06-26 02:55 <DIR> d-------- C:\Program Files\SiteAdvisor 2008-06-09 09:01 . 2008-06-09 09:01 <DIR> d-------- C:\Documents and Settings\Prestwood Family\Application Data\SiteAdvisor 2008-06-09 09:01 . 2008-06-10 02:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor 2008-06-09 09:01 . 2008-06-09 09:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2008-06-09 08:58 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys 2008-06-09 08:58 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys 2008-06-09 08:58 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys 2008-06-09 08:58 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys 2008-06-09 08:58 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys 2008-06-09 08:58 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys 2008-06-09 08:56 . 2008-06-10 17:12 <DIR> d-------- C:\Program Files\McAfee 2008-06-09 08:56 . 2008-06-10 00:12 <DIR> d-------- C:\Program Files\Common Files\McAfee 2008-05-11 11:22 . 2008-05-11 11:22 <DIR> d-------- C:\Documents and Settings\Prestwood Family\Application Data\iolo 2008-05-11 11:22 . 2008-05-11 11:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo 2008-05-11 11:22 . 2008-05-11 11:22 74,703 --a------ C:\WINDOWS\SYSTEM32\mfc45.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-10 22:05 --------- d-----w C:\Program Files\Google 2008-06-10 06:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2008-06-09 12:56 --------- d-----w C:\Program Files\McAfee.com 2008-05-10 02:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-05-10 02:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-05-09 15:31 --------- d-----w C:\Documents and Settings\Prestwood Family\Application Data\AVG7 2008-05-09 15:28 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7 2008-05-09 14:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\pcjurkds 2008-05-09 11:17 --------- d-----w C:\Program Files\Viewpoint 2008-05-09 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-05-09 11:13 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-09 11:13 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-05-09 10:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-09 10:39 --------- d-----w C:\Program Files\Common Files\AOL 2008-05-09 10:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-05-09 10:38 --------- d-----w C:\Program Files\AIM 2008-05-09 10:38 --------- d-----w C:\Documents and Settings\Prestwood Family\Application Data\Aim 2008-03-31 01:52 1,007,104 ----a-w C:\WINDOWS\explorer.exe 2008-03-31 00:46 6,656 ----a-w C:\WINDOWS\tions.dll 2008-03-27 15:02 20,480 ----a-w C:\WINDOWS\quit.exe 2007-10-04 09:46 142 ----a-w C:\Program Files\page.html 2007-09-20 14:27 10 ----a-w C:\Program Files\.autoreg 2005-02-23 02:40 0 ---h--w C:\Program Files\AppUpdate.log 1991-11-13 16:26 0 --sha-w C:\Documents and Settings\Prestwood Family\Application Data\cd3793d2a5528fb5d1a1866615b887164f3aa64b.dat . C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below) 577,024 2005-03-02 18:09:30 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll 577,024 2005-03-02 18:19:56 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll 574,464 2004-12-29 01:31:44 C:\WINDOWS\$NtUninstallKB890859$\user32.dll 528,896 2002-11-01 22:26:46 C:\WINDOWS\$NtUninstallKB891711$\user32.dll 561,152 2005-03-02 18:20:03 C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\s p1qfe\user32.dll 577,024 2004-08-04 07:56:46 C:\WINDOWS\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\u ser32.dll 561,152 2008-05-09 13:34:00 C:\WINDOWS\SYSTEM32\user32.dll 561,152 2008-05-09 13:34:00 C:\WINDOWS\SYSTEM32\DLLCACHE\user32.dll ------- Sigcheck ------- 2004-08-04 03:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\s vchost.exe md5deep: C:\WINDOWS\SYSTEM32\svchost.exe: error at offset 0: Permission denied 2005-03-02 14:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll 2005-03-02 14:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll 2004-12-28 21:31 574464 0706e1cd6b89800781db038f4b3f5654 C:\WINDOWS\$NtUninstallKB890859$\user32.dll 2002-11-01 18:26 528896 68e1f4ef02df52ca9c5e157045d23582 C:\WINDOWS\$NtUninstallKB891711$\user32.dll 2005-03-02 14:20 561152 74202eb1bd67e8be9509e38c8d2234b0 C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\s p1qfe\user32.dll 2004-08-04 03:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\u ser32.dll 2008-05-09 09:34 561152 858d43673df9e4779b3c0cea43739004 C:\WINDOWS\SYSTEM32\user32.dll 2008-05-09 09:34 561152 858d43673df9e4779b3c0cea43739004 C:\WINDOWS\SYSTEM32\DLLCACHE\user32.dll 2002-08-29 06:00 516608 2246d8d8f4714a2cedb21ab9b1849abb C:\WINDOWS\$NtUninstallKB841533$\winlogon.exe 2004-08-04 03:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\w inlogon.exe md5deep: C:\WINDOWS\SYSTEM32\winlogon.exe: error at offset 0: Permission denied md5deep: C:\WINDOWS\explorer.exe: error at offset 0: Permission denied 2004-08-04 03:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\e xplorer.exe 2004-08-04 03:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\s ervices.exe md5deep: C:\WINDOWS\SYSTEM32\services.exe: error at offset 0: Permission denied 2004-08-04 03:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\l sass.exe md5deep: C:\WINDOWS\SYSTEM32\lsass.exe: error at offset 0: Permission denied . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\msorc3kr] @={BE400FCD-0F53-72EA-B008-65FC2E08CF30} [HKEY_CLASSES_ROOT\CLSID\{BE400FCD-0F53-72EA-B008-65FC2E08CF30}] 2002-08-29 06:00 94208 --a------ C:\WINDOWS\System32\MSORC3KR.dIl [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 09:23 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "C:\WINDOWS\system32\kddza.exe"="C:\WINDOWS\system32\kddza.exe" [ ] "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2002-08-29 06:00 145408] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-06-21 16:06 36640] "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992] "McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952] "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explo rer\run] "tUgHtQqomt"= C:\Documents and Settings\All Users\Application Data\pcjurkds\dcnazehy.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad] "tbZRZOthou"= {C0858AAE-6A2F-2004-D895-1EBCA9D8C829} - C:\WINDOWS\system32\bn.dll [2004-06-17 13:58 32768] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnklml] nnnklml.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ybbdinng] ybbdinng.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.SP54"= SP5X_32.DLL "VIDC.SP55"= SP5X_32.DLL "VIDC.SP56"= SP5X_32.DLL "VIDC.SP57"= SP5X_32.DLL "VIDC.SP58"= SP5X_32.DLL [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Prestwood Family^Start Menu^Programs^Startup^RABCO - Auto Update.lnk] path=C:\Documents and Settings\Prestwood Family\Start Menu\Programs\Startup\RABCO - Auto Update.lnk backup=C:\WINDOWS\pss\RABCO - Auto Update.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0D554F796B050F252E55] C:\WINDOWS\System32\pqrqmuau.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\27ES3Fl] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida] C:\DOCUME~1\PRESTW~1\MYDOCU~1\YMANTE~1\svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] C:\Program Files\AIM6\aim6.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiVirusPro] C:\Program Files\AntiVirusPro\AntiVirusPro.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoload] C:\Documents and Settings\Prestwood Family\cftmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthorizationAgent] C:\WINDOWS\System32\BluetoothAuthorizationAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMc3b6b99e] C:\WINDOWS\System32\dxgdqqjp.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c0858a02] C:\WINDOWS\System32\ernivmxf.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\kddza.exe] C:\WINDOWS\system32\kddza.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfgmgr52] C:\WINDOWS\cfgmgr52.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmona] C:\WINDOWS\System32\ctfmona.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] --a------ 2004-07-19 08:51 306688 C:\Program Files\Dell Support\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS] C:\Program Files\Common Files\mc-58-12-0000079-d.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ecnbe] C:\WINDOWS\??stem\smss.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ] C:\Program Files\Microsoft AntiSpyware\gcasServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\horybyru] C:\Program Files\Windows Media Player\horybyru77798.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2003-04-07 01:07 114688 C:\WINDOWS\System32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IESet] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2003-04-07 01:19 155648 C:\WINDOWS\System32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM] --a------ 2003-09-03 21:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-09-07 16:55 267064 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JavaCore] C:\Program Files\JavaCore\JavaCore.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jwx2RPJqg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series] --a------ 2003-08-19 06:43 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lgpthx] c:\windows\system32\ueheoo.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] --a------ 2004-01-26 11:46 118784 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-11-15 17:18 1670144 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcoi] C:\Program Files\nvcoi\nvcoi.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qsnntc] C:\WINDOWS\System32\qsnntc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rrt-auto] C:\Documents and Settings\Prestwood Family\Local Settings\Temp\Temporary Directory 2 for RRT.zip\RRT.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-07-05 09:23 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TangoManager] --a------ 2003-05-06 17:40 2162688 C:\PROGRA~1\EFFICI~1\TANGOM~1\app\TANGOM~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SvcProc"=2 (0x2) "Viewpoint Manager Service"=2 (0x2) "usnjsvc"=3 (0x3) "UMWdf"=2 (0x2) "TangoService"=2 (0x2) "Schedule"=2 (0x2) "LexBceS"=2 (0x2) "iPod Service"=3 (0x3) "IDriverT"=3 (0x3) "ICF"=2 (0x2) "gusvc"=2 (0x2) "Avg7UpdSvc"=2 (0x2) "Avg7Alrt"=2 (0x2) "AVG Anti-Spyware Guard"=2 (0x2) "PSEXESVC"=3 (0x3) "Spooler"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) R1 NMNTT;NMNTT;C:\WINDOWS\System32\drivers\NMNTT.sys [2008-02-27 12:40] R3 ENETNT5;Efficient Networks, tango Access PPPoE WAN Miniport;C:\WINDOWS\System32\DRIVERS\enetnt.sys [2003-05-06 09:25] S2 G11AV;Digital Camera - PC Camera;C:\WINDOWS\System32\Drivers\G11av.sys [2002-08-01 15:18] S3 {def85c80-216a-43ab-af70-1665edbe2780};{def85c80-216a-43ab-af70-1665edbe2780};C:\WINDOWS\TEMP\15.tmp [] S3 ENDETECT;ENDETECT;C:\PROGRA~1\EFFICI~1\TANGOM~1\app\ENDETECT.SYS [2003-05-06 17:39] S3 hqapyeg.sys;hqapyeg.sys;C:\WINDOWS\System32\hqapyeg.sys [] S3 L2XPSR;L2XPSR;C:\PROGRA~1\EFFICI~1\TANGOM~1\app\L2XPSR.SYS [2003-05-06 17:38] S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;C:\WINDOWS\System32\DRIVERS\mr97310v.sys [2006-07-18 13:40] S3 msdtctransaction;MS DTC Transaction Manager Proxy (private, internal) Service;C:\WINDOWS\system32\svchost.exe [2008-03-30 21:51] S3 NTSTPL1;NTSTPL1;C:\PROGRA~1\EFFICI~1\TANGOM~1\app\NTSTPL1.SYS [2003-05-06 17:39] S3 RAWESR;RAWESR;C:\PROGRA~1\EFFICI~1\TANGOM~1\app\RAWESR.SYS [2003-05-06 17:39] S3 TAPBIND;TAPBIND;C:\PROGRA~1\EFFICI~1\TANGOM~1\app\TAPBIND1.SYS [2003-05-06 17:39] S3 USBCamera;Digital Still Image Capture;C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-07-25 11:19] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs MSDTCTransaction . Contents of the 'Scheduled Tasks' folder "2008-03-22 14:13:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-03-24 02:22:15 C:\WINDOWS\Tasks\EasyShare Registration Task.job" - C:\WINDOWS\System32\RUNDLL32.EXElC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasySh areSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16 "2008-06-10 01:33:25 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (1) (PRESTWOOD-Prestwood Family).job" - c:\program files\mcafee.com\vso\mcmnhdlr.exe "2008-06-09 12:57:27 C:\WINDOWS\Tasks\McDefragTask.job" - c:\program files\mcafee\mqc\QcConsol.exe' "2008-06-09 12:57:27 C:\WINDOWS\Tasks\McQcTask.job" - c:\program files\mcafee\mqc\QcConsol.exe "2008-06-26 07:12:17 C:\WINDOWS\Tasks\Prestwood.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-11 19:46:42 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{def85c80-216a-43ab-af70-1665edbe2780}] "ImagePath"="\??\C:\WINDOWS\TEMP\15.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\SiteAdvisor\6261\saHook.dll . ------------------------ Other Running Processes ------------------------ . C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\McAfee\MSK\msksrver.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe . ************************************************************************** . Completion time: 2008-06-11 19:53:27 - machine was rebooted [Prestwood Family] ComboFix-quarantined-files.txt 2008-06-11 23:53:04 Pre-Run: 25,057,812,480 bytes free Post-Run: 25,064,038,400 bytes free 505 --- E O F --- 2008-06-10 03:20:10 |
11-Jun-2008, 08:34 PM
#33 | |||||
| Logfile of HijackThis v1.99.1 Scan saved at 20:28, on 2008-06-11 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\All Users\Application Data\pcjurkds\dcnazehy.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\dwwin.exe C:\WINDOWS\System32\wuauclt.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Documents and Settings\Prestwood Family\Start Menu\Programs\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: (no name) - {089fd14d-132b-48fc-8861-0048ae113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: McAntiPhishingBHO - {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: scriptproxy - {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Google Toolbar Notifier BHO - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [C:\WINDOWS\system32\kddza.exe] C:\WINDOWS\system32\kddza.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing) O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab32846.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by22fd.bay22.hotmail.msn.com/...x/HMAtchmt.ocx O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O20 - Winlogon Notify: nnnklml - nnnklml.dll (file missing) O20 - Winlogon Notify: ybbdinng - ybbdinng.dll (file missing) O21 - SSODL: RamAlrt - {acf55052-a469-4fe2-9a9c-b2a84a48dc02} - (no file) O21 - SSODL: tbZRZOthou - {C0858AAE-6A2F-2004-D895-1EBCA9D8C829} - C:\WINDOWS\system32\bn.dll O23 - Service: MBackMonitor (mbackmonitor) - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (mcnasvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (mcods) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (mcproxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (mcshield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (mcsysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (mpfservice) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (msk80service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: SiteAdvisor Service (siteadvisor service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe |
12-Jun-2008, 04:33 PM
#34 | |||||
| You have one heavily infected machine there and I would strongly recommend that you back up all of your important data, photos, music and documents and wipe the hard drive and reformat this machine.  Last edited by Cookiegal : 12-Jun-2008 06:33 PM. |
12-Jun-2008, 07:29 PM
#36 | |||||
| How exactly do I wipe the hard drive and reformat? I do have my original windows xp home cd. |
13-Jun-2008, 11:01 AM
#37 | ||||||
| You should be able to put the XP Home cd in the drive and restart the computer. You might have to change the bios boot order to boot to the cdrom first, if it's not already set to do that. |
14-Jun-2008, 08:49 PM
#39 | |||||
| I'm sorry, I found service pack 2. I will do that first. Thank you! I will post when done. |
17-Jun-2008, 02:46 PM
#42 | |||||
| Ok, so I got a friend to burn SP2 to disc for me. While that was going on, I realized that several things were missing drivers like my monitor, my ethernet controller, etc. I cannot change the display settings to 800 x 600 and the color is set to 16 bit so I cannot reinstall McAfee. These settings could not be changed and the display properties could not be accessed. I shut down the computer until I could install the SP2. When I turned the computer on yesterday to install SP2, it would not start up. It goes past the loading Windows XP home, goes to a black screen and stays there. I tried to start up in safe mode to check the msconfig options but I am once again getting a blue screen error that ends in "0000034." The blue screen error only comes up when trying to boot in safe mode. When I get home later, I can post the entire blue screen message. Do y'all have any ideas as to what is going on? The only thing I could install was my dsl modem and it was the only thing I did install but it was only connected for a few minutes to check this page and then I shut the computer down. |
20-Jun-2008, 05:37 PM
#44 | |||||
| I have some of the drivers on disc. The computer would not start up though. I am going to try again to start it up when I get home. Seems like another virus. I was only getting the blue screen error when trying to start up in safe mode. Maybe I did not wipe the hard drive right? |
| You Are Using:  |
Advertisements do not imply our endorsement of that product or service. All times are GMT -4. The time now is 10:30 AM. Copyright © 1996 - 2008 TechGuy, Inc. All rights reserved. Powered by vBulletin, Copyright © 2000 - 2008, Jelsoft Enterprises Ltd. Search Engine Optimization by vBSEO 3.1.0 |  |
