1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Abebot - wml.exe malware PLEASE HELP

Discussion in 'Virus & Other Malware Removal' started by kpowning, Apr 1, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. kpowning

    kpowning Thread Starter

    Joined:
    Apr 1, 2008
    Messages:
    8
    I have tried almost everyones post on removing this virus/maleware. I'm currently running Mcafree antivirus and Superantispyware software. I have performed the SDfix and ComboFix.exe programs but still it comes back. Any help would be much appreciated. This is the log after running those programs.
     

    Attached Files:

  2. kpowning

    kpowning Thread Starter

    Joined:
    Apr 1, 2008
    Messages:
    8
    Will someone please help me? I have attached the following image of the popup that I keep receiving. I would appreciate any help... PLEASE. :)
     

    Attached Files:

  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,325
    First Name:
    Karen
    Hi and welcome to TSG,

    Pasting the log here for easier viewing.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:30:21 PM, on 4/1/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\gvurstin.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ishxgugr] C:\WINDOWS\system32\gvurstin.exe
    O4 - HKCU\..\Run: [axaulrja] C:\WINDOWS\system32\dwjelsfi.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - Trusted Zone: http://linktrader.cyberspacehq.com
    O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1195797649444
    O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://75.58.246.194/AL/WinWebPush.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{40CBE8CB-EC6F-4E88-B5AB-59ED807CE39D}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9A2AC15A-00BD-46BE-90A7-911AC63823BC}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D640C242-8A0D-4A6E-A635-602C09FDC74B}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\..\{40CBE8CB-EC6F-4E88-B5AB-59ED807CE39D}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS3\Services\Tcpip\..\{40CBE8CB-EC6F-4E88-B5AB-59ED807CE39D}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Webcam Corp. Service Starter - Unknown owner - C:\Program Files\Webcam\NetCamCtr1\dogsvc.exe (file missing)

    --
    End of file - 7107 bytes
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,325
    First Name:
    Karen
    Please post your ComboFix log.
     
  5. kpowning

    kpowning Thread Starter

    Joined:
    Apr 1, 2008
    Messages:
    8
    ComboFix 08-04-01.2 - Kyle 2008-04-01 18:18:00.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.641 [GMT -7:00]
    Running from: C:\Documents and Settings\Kyle\Desktop\ComboFix.exe
    * Created a new restore point
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Kyle\Desktopblackbird.jpg
    C:\Documents and Settings\Kyle\DesktopEditorFKWP1.5.exe
    C:\Documents and Settings\Kyle\DesktopEditorFKWP2.0.exe
    C:\Documents and Settings\Kyle\Desktopfilemanagerclient.exe
    C:\Documents and Settings\Kyle\Desktopfkwp1.5.exe
    C:\Documents and Settings\Kyle\Desktopfkwp2.0.exe
    C:\Documents and Settings\Kyle\Desktopfwebd.exe
    C:\Documents and Settings\Kyle\DesktopFWebdEditor.exe
    C:\Documents and Settings\Kyle\DesktopTrojan.Win32.BlackBird.exe
    C:\Documents and Settings\Kyle\Desktopvirii
    C:\WINDOWS\a.bat
    C:\WINDOWS\base64.tmp
    C:\WINDOWS\bdn.com
    C:\WINDOWS\FVProtect.exe
    C:\WINDOWS\mssecu.exe
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\pthreadVC.dll
    C:\WINDOWS\system32\wanpacket.dll
    C:\WINDOWS\system32\wpcap.dll
    C:\WINDOWS\system32akttzn.exe
    C:\WINDOWS\system32anticipator.dll
    C:\WINDOWS\system32awtoolb.dll
    C:\WINDOWS\system32bdn.com
    C:\WINDOWS\system32bsva-egihsg52.exe
    C:\WINDOWS\system32dpcproxy.exe
    C:\WINDOWS\system32emesx.dll
    C:\WINDOWS\[email protected]@@k.dll
    C:\WINDOWS\system32hoproxy.dll
    C:\WINDOWS\system32hxiwlgpm.dat
    C:\WINDOWS\system32hxiwlgpm.exe
    C:\WINDOWS\system32medup012.dll
    C:\WINDOWS\system32medup020.dll
    C:\WINDOWS\system32msgp.exe
    C:\WINDOWS\system32msnbho.dll
    C:\WINDOWS\system32mssecu.exe
    C:\WINDOWS\system32msvchost.exe
    C:\WINDOWS\system32mtr2.exe
    C:\WINDOWS\system32mwin32.exe
    C:\WINDOWS\system32netode.exe
    C:\WINDOWS\system32newsd32.exe
    C:\WINDOWS\system32ps1.exe
    C:\WINDOWS\system32psof1.exe
    C:\WINDOWS\system32psoft1.exe
    C:\WINDOWS\system32regc64.dll
    C:\WINDOWS\system32regm64.dll
    C:\WINDOWS\system32Rundl1.exe
    C:\WINDOWS\system32sncntr.exe
    C:\WINDOWS\system32ssurf022.dll
    C:\WINDOWS\system32ssvchost.com
    C:\WINDOWS\system32ssvchost.exe
    C:\WINDOWS\system32sysreq.exe
    C:\WINDOWS\system32taack.dat
    C:\WINDOWS\system32taack.exe
    C:\WINDOWS\system32temp#01.exe
    C:\WINDOWS\system32thun.dll
    C:\WINDOWS\system32thun32.dll
    C:\WINDOWS\system32VBIEWER.OCX
    C:\WINDOWS\system32vbsys2.dll
    C:\WINDOWS\system32vcatchpi.dll
    C:\WINDOWS\system32winlogonpc.exe
    C:\WINDOWS\system32winsystem.exe
    C:\WINDOWS\system32WINWGPX.EXE
    C:\WINDOWS\userconfig9x.dll
    C:\WINDOWS\winsystem.exe
    C:\WINDOWS\zip1.tmp
    C:\WINDOWS\zip2.tmp
    C:\WINDOWS\zip3.tmp
    C:\WINDOWS\zipped.tmp

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SZKG5
    -------\Legacy_NPF
    -------\NPF


    ((((((((((((((((((((((((( Files Created from 2008-03-02 to 2008-04-02 )))))))))))))))))))))))))))))))
    .

    2008-04-01 16:59 . 2008-04-01 16:59 <DIR> d-------- C:\hjk
    2008-04-01 16:55 . 2008-04-01 16:55 <DIR> d-------- C:\VundoFix Backups
    2008-04-01 06:42 . 2008-04-01 06:42 <DIR> d-------- C:\Program Files\PC-Cleaner
    2008-03-26 23:05 . 2008-03-26 23:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-03-26 23:05 . 2008-03-26 23:05 <DIR> d-------- C:\Documents and Settings\Kyle\Application Data\Malwarebytes
    2008-03-26 23:05 . 2008-03-26 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-03-26 22:58 . 2008-03-26 22:58 <DIR> d-------- C:\Program Files\CCleaner
    2008-03-26 22:34 . 2008-03-26 22:55 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2008-03-26 22:34 . 2008-03-26 22:34 <DIR> d-------- C:\Documents and Settings\Kyle\Application Data\SUPERAntiSpyware.com
    2008-03-26 22:34 . 2008-03-26 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-03-26 21:58 . 2008-03-26 21:58 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-03-26 21:58 . 2008-04-01 18:14 <DIR> d-------- C:\SDFix
    2008-03-26 21:58 . 2008-03-26 21:58 <DIR> d-------- C:\Documents and Settings\Kyle\backups
    2008-03-26 21:58 . 2008-03-26 21:58 <DIR> d-------- C:\Documents and Settings\Kyle\backupreg
    2008-03-26 21:58 . 2004-08-04 00:56 146,432 --a------ C:\Documents and Settings\Kyle\regedit.exe
    2008-03-26 21:58 . 2004-08-04 00:56 27,136 --a------ C:\Documents and Settings\Kyle\findstr.exe
    2008-03-26 21:58 . 2001-08-23 05:00 11,264 --a------ C:\Documents and Settings\Kyle\attrib.exe
    2008-03-26 21:58 . 2001-08-23 05:00 9,216 --a------ C:\Documents and Settings\Kyle\find.exe
    2008-03-26 19:02 . 2008-03-26 19:02 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-03-26 19:02 . 2008-03-26 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-03-26 18:40 . 2008-03-26 18:40 <DIR> d-------- C:\Program Files\WinPcap
    2008-03-26 18:28 . 2008-03-26 18:32 <DIR> d-------- C:\fixwareout
    2008-03-26 17:02 . 2008-04-01 18:22 10,041 --a------ C:\WINDOWS\system32\Config.MPF
    2008-03-26 17:00 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
    2008-03-26 17:00 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
    2008-03-26 17:00 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
    2008-03-26 17:00 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
    2008-03-26 17:00 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
    2008-03-26 17:00 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
    2008-03-26 16:59 . 2008-03-26 16:59 <DIR> d-------- C:\Program Files\McAfee.com
    2008-03-26 16:59 . 2008-03-26 18:30 <DIR> d-------- C:\Program Files\McAfee
    2008-03-26 16:59 . 2008-03-26 17:00 <DIR> d-------- C:\Program Files\Common Files\McAfee
    2008-03-26 16:54 . 2008-03-26 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
    2008-03-25 23:28 . 2008-03-25 23:28 98,304 --a------ C:\WINDOWS\system32\dwjelsfi.exe
    2008-03-25 20:18 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-03-25 20:18 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-03-25 20:18 . 2008-03-22 15:49 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-03-25 20:18 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-03-25 20:18 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-03-25 20:18 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-03-25 19:44 . 2008-03-25 19:44 <DIR> d-a------ C:\WINDOWS\zts2.exe
    2008-03-25 19:44 . 2008-03-25 19:44 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
    2008-03-25 19:44 . 2008-03-25 19:44 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
    2008-03-25 19:44 . 2008-03-25 19:44 <DIR> d-a------ C:\WINDOWS\rundll16.exe
    2008-03-25 19:44 . 2008-03-25 19:44 <DIR> d-a------ C:\WINDOWS\rundl132.dll
    2008-03-25 19:44 . 2008-03-25 19:44 <DIR> d-a------ C:\WINDOWS\logo1_.exe
    2008-03-25 19:37 . 2004-08-04 00:56 146,432 --a------ C:\WINDOWS\R.COM
    2008-03-25 19:37 . 2004-08-04 00:56 135,680 --a------ C:\WINDOWS\system32\T.COM
    2008-03-25 19:37 . 2008-03-25 19:38 50 --a------ C:\WINDOWS\Lic.xxx
    2008-03-25 19:29 . 2008-03-25 19:31 <DIR> d-------- C:\Downloads
    2008-03-25 19:12 . 2008-03-25 19:12 <DIR> d-------- C:\Documents and Settings\Kyle\DoctorWeb
    2008-03-25 06:39 . 2008-03-25 18:05 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
    2008-03-25 06:39 . 2008-03-25 18:05 1,406 --a------ C:\WINDOWS\system32\Help.ico
    2008-03-25 06:33 . 2008-03-25 06:33 106,496 --a------ C:\WINDOWS\system32\gvurstin.exe
    2008-03-24 21:51 . 2008-03-26 21:23 2,070 --a------ C:\WINDOWS\system32\tmp.reg
    2008-03-24 21:00 . 2008-03-24 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
    2008-03-24 20:59 . 2008-03-24 20:59 <DIR> d-------- C:\Program Files\Common Files\iS3
    2008-03-24 20:59 . 2008-03-24 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    2008-03-24 17:51 . 2008-03-27 06:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fwpovwnu
    2008-03-24 17:23 . 2008-03-24 17:23 <DIR> d-------- C:\Program Files\Windows Media Connect 2
    2008-03-24 17:22 . 2008-03-24 17:23 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-01 03:56 --------- d-----w C:\Program Files\XBC
    2008-03-27 05:34 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-27 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
    2008-03-26 23:56 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-03-26 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-25 02:30 --------- d-----w C:\Program Files\XLink Kai Evolution VII
    2008-03-15 22:59 --------- d-----w C:\Program Files\Java
    2008-02-09 03:16 --------- d-----w C:\Program Files\Hp
    2008-02-09 03:16 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
    2008-01-19 20:00 25,456 ----a-w C:\Documents and Settings\Kyle\Application Data\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
    "ishxgugr"="C:\WINDOWS\system32\gvurstin.exe" [2008-03-25 06:33 106496]
    "axaulrja"="C:\WINDOWS\system32\dwjelsfi.exe" [2008-03-25 23:28 98304]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2002-01-10 04:26 47104 C:\WINDOWS\SOUNDMAN.EXE]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
    "nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-04-07 02:42:52 217190]
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-23 00:09:47 113664]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
    SpeedUpMyPC.lnk - C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe [2004-10-06 12:21:30 3509760]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\XBC\\AppUpdater.exe"=
    "C:\\Program Files\\Crystal FTP Pro\\crystalftp.exe"=
    "C:\\Program Files\\Argus Surveillance DVR\\WebServerForAdmin.exe"=
    "C:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
    "C:\\WINDOWS\\system32\\mmc.exe"=
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8602:TCP"= 8602:TCP:xbc
    "8602:UDP"= 8602:UDP:xbc

    R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]
    S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-12-07 13:02]
    S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
    S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\LNE100V5.sys [2001-10-24 17:16]
    S3 MUD;Driver for Magellan USB Device;C:\WINDOWS\system32\DRIVERS\MUD.sys [2008-01-14 00:03]
    S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv []
    S3 Webcam Corp. Service Starter;Webcam Corp. Service Starter;C:\Program Files\Webcam\NetCamCtr1\dogsvc.exe []

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-27 00:00:04 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
    "2008-04-01 08:00:03 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-01 18:22:25
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk30]
    "ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    .
    **************************************************************************
    .
    Completion time: 2008-04-01 18:24:45 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-02 01:24:35
    Pre-Run: 56,369,152,000 bytes free
    Post-Run: 56,355,024,896 bytes free
    .
    2008-03-26 00:02:54 --- E O F ---
     
  6. kpowning

    kpowning Thread Starter

    Joined:
    Apr 1, 2008
    Messages:
    8
    Thursday, April 03, 2008 4:48:57 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 3/04/2008
    Kaspersky Anti-Virus database records: 679869


    Scan Settings
    Scan using the following antivirus database extended
    Scan Archives true
    Scan Mail Bases true

    Scan Target My Computer
    A:\
    C:\
    D:\
    E:\
    F:\

    Scan Statistics
    Total number of scanned objects 75693
    Number of viruses found 1
    Number of infected objects 4
    Number of suspicious objects 0
    Duration of the scan process 01:25:44

    Infected Object Name Virus Name Last Action
    C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

    C:\Documents and Settings\Kyle\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped

    C:\Documents and Settings\Kyle\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped

    C:\Documents and Settings\Kyle\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-4-2-2008( 19-49-45 ).LOG Object is locked skipped

    C:\Documents and Settings\Kyle\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\Kyle\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

    C:\Documents and Settings\Kyle\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

    C:\Documents and Settings\Kyle\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

    C:\Documents and Settings\Kyle\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped

    C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

    C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

    C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped

    C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_A4C8_717C_C871_4E14\dfsr.db Object is locked skipped

    C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_A4C8_717C_C871_4E14\fsr.log Object is locked skipped

    C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_A4C8_717C_C871_4E14\fsrtmp.log Object is locked skipped

    C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_A4C8_717C_C871_4E14\tmp.edb Object is locked skipped

    C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Outlook\archive.pst Object is locked skipped

    C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped

    C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped

    C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped

    C:\Documents and Settings\Kyle\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Kyle\Local Settings\History\History.IE5\MSHist012008040320080404\index.dat Object is locked skipped

    C:\Documents and Settings\Kyle\Local Settings\Temp\Perflib_Perfdata_1d0.dat Object is locked skipped

    C:\Documents and Settings\Kyle\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Kyle\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\Kyle\NTUSER.DAT.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Program Files\LIUtilities\SpeedUpMyPC\pldt.dat Object is locked skipped

    C:\Program Files\Microsoft Office\Office10\Startup\PDFMaker.dot Object is locked skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    C:\System Volume Information\_restore{0DA9430B-1589-47DE-A2D9-1D02DCA140EF}\RP3\change.log Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\EventCache\{9738D4E8-6EAD-409D-AED4-216A9E84211B}.bin Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\default Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\system Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\TEMP\mcmsc_NPguB4cqO3P8t6v Object is locked skipped

    C:\WINDOWS\TEMP\mcmsc_THd7R3psFeZIrSw Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    Scan process completed.
     
  7. kpowning

    kpowning Thread Starter

    Joined:
    Apr 1, 2008
    Messages:
    8
    Any Help Much Appreciated...???...
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,325
    First Name:
    Karen
    Open Notepad and copy and paste the text in the code box below into it:

    Code:
    File::
    C:\WINDOWS\system32\dwjelsfi.exe
    C:\WINDOWS\R.COM
    C:\WINDOWS\system32\T.COM
    C:\WINDOWS\Lic.xxx
    C:\WINDOWS\system32\gvurstin.exe
    
    Folder::
    C:\Program Files\PC-Cleaner
    C:\WINDOWS\zts2.exe
    C:\WINDOWS\system32\vcmgcd32.dll
    C:\WINDOWS\system32\iifgfgf.dll
    C:\WINDOWS\rundll16.exe
    C:\WINDOWS\rundl132.dll
    C:\WINDOWS\logo1_.exe
    C:\Documents and Settings\All Users\Application Data\fwpovwnu
    
    DirLook::
    C:\hjkProgram Files\XBC
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ishxgugr"=- 
    "axaulrja"=-
     
    Save the file to your desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]


    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
     
  9. kpowning

    kpowning Thread Starter

    Joined:
    Apr 1, 2008
    Messages:
    8
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:35:00 PM, on 4/5/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - Trusted Zone: http://linktrader.cyberspacehq.com
    O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1195797649444
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://75.58.246.194/AL/WinWebPush.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{40CBE8CB-EC6F-4E88-B5AB-59ED807CE39D}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9A2AC15A-00BD-46BE-90A7-911AC63823BC}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D640C242-8A0D-4A6E-A635-602C09FDC74B}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\..\{40CBE8CB-EC6F-4E88-B5AB-59ED807CE39D}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS3\Services\Tcpip\..\{40CBE8CB-EC6F-4E88-B5AB-59ED807CE39D}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Webcam Corp. Service Starter - Unknown owner - C:\Program Files\Webcam\NetCamCtr1\dogsvc.exe (file missing)

    --
    End of file - 6805 bytes
     
  10. kpowning

    kpowning Thread Starter

    Joined:
    Apr 1, 2008
    Messages:
    8
    ComboFix 08-04-01.2 - Kyle 2008-04-04 16:24:04.5 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.714 [GMT -7:00]
    Running from: C:\Documents and Settings\Kyle\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Kyle\Desktop\CFScript.txt
    * Created a new restore point
    * Resident AV is active


    FILE ::
    C:\WINDOWS\Lic.xxx
    C:\WINDOWS\R.COM
    C:\WINDOWS\system32\dwjelsfi.exe
    C:\WINDOWS\system32\gvurstin.exe
    C:\WINDOWS\system32\T.COM
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\fwpovwnu
    C:\Program Files\PC-Cleaner
    C:\WINDOWS\Lic.xxx
    C:\WINDOWS\logo1_.exe
    C:\WINDOWS\R.COM
    C:\WINDOWS\rundl132.dll
    C:\WINDOWS\rundll16.exe
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\dwjelsfi.exe
    C:\WINDOWS\system32\gvurstin.exe
    C:\WINDOWS\system32\iifgfgf.dll
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\pthreadVC.dll
    C:\WINDOWS\system32\T.COM
    C:\WINDOWS\system32\vcmgcd32.dll
    C:\WINDOWS\system32\wanpacket.dll
    C:\WINDOWS\system32\wpcap.dll
    C:\WINDOWS\zts2.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SZKG5
    -------\Legacy_NPF
    -------\NPF


    ((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
    .

    2008-04-04 14:23 . 2008-04-04 14:23 <DIR> d-------- C:\Program Files\WinPcap
    2008-04-02 15:50 . 2008-04-02 15:53 <DIR> d-------- C:\TEMP\HP All-in-One Series Web Release
    2008-04-01 20:26 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-04-01 16:59 . 2008-04-01 16:59 <DIR> d-------- C:\hjk
    2008-04-01 16:55 . 2008-04-01 16:55 <DIR> d-------- C:\VundoFix Backups
    2008-03-26 23:05 . 2008-03-26 23:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-03-26 23:05 . 2008-03-26 23:05 <DIR> d-------- C:\Documents and Settings\Kyle\Application Data\Malwarebytes
    2008-03-26 23:05 . 2008-03-26 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-03-26 22:58 . 2008-03-26 22:58 <DIR> d-------- C:\Program Files\CCleaner
    2008-03-26 22:34 . 2008-03-26 22:55 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2008-03-26 22:34 . 2008-03-26 22:34 <DIR> d-------- C:\Documents and Settings\Kyle\Application Data\SUPERAntiSpyware.com
    2008-03-26 22:34 . 2008-03-26 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-03-26 21:58 . 2008-03-26 21:58 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-03-26 21:58 . 2008-04-01 18:14 <DIR> d-------- C:\SDFix
    2008-03-26 21:58 . 2008-03-26 21:58 <DIR> d-------- C:\Documents and Settings\Kyle\backups
    2008-03-26 21:58 . 2008-03-26 21:58 <DIR> d-------- C:\Documents and Settings\Kyle\backupreg
    2008-03-26 21:58 . 2004-08-04 00:56 146,432 --a------ C:\Documents and Settings\Kyle\regedit.exe
    2008-03-26 21:58 . 2004-08-04 00:56 27,136 --a------ C:\Documents and Settings\Kyle\findstr.exe
    2008-03-26 21:58 . 2001-08-23 05:00 11,264 --a------ C:\Documents and Settings\Kyle\attrib.exe
    2008-03-26 21:58 . 2001-08-23 05:00 9,216 --a------ C:\Documents and Settings\Kyle\find.exe
    2008-03-26 19:02 . 2008-03-26 19:02 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-03-26 19:02 . 2008-03-26 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-03-26 18:28 . 2008-03-26 18:32 <DIR> d-------- C:\fixwareout
    2008-03-26 17:02 . 2008-04-04 16:26 10,415 --a------ C:\WINDOWS\system32\Config.MPF
    2008-03-26 17:00 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
    2008-03-26 17:00 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
    2008-03-26 17:00 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
    2008-03-26 17:00 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
    2008-03-26 17:00 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
    2008-03-26 17:00 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
    2008-03-26 16:59 . 2008-03-26 16:59 <DIR> d-------- C:\Program Files\McAfee.com
    2008-03-26 16:59 . 2008-03-26 18:30 <DIR> d-------- C:\Program Files\McAfee
    2008-03-26 16:59 . 2008-03-26 17:00 <DIR> d-------- C:\Program Files\Common Files\McAfee
    2008-03-26 16:54 . 2008-03-26 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
    2008-03-25 20:18 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-03-25 20:18 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-03-25 20:18 . 2008-03-22 15:49 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-03-25 20:18 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-03-25 20:18 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-03-25 20:18 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-03-25 19:29 . 2008-03-25 19:31 <DIR> d-------- C:\Downloads
    2008-03-25 19:12 . 2008-03-25 19:12 <DIR> d-------- C:\Documents and Settings\Kyle\DoctorWeb
    2008-03-25 06:39 . 2008-03-25 18:05 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
    2008-03-25 06:39 . 2008-03-25 18:05 1,406 --a------ C:\WINDOWS\system32\Help.ico
    2008-03-24 21:51 . 2008-04-01 20:29 2,070 --a------ C:\WINDOWS\system32\tmp.reg
    2008-03-24 21:00 . 2008-03-24 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
    2008-03-24 20:59 . 2008-03-24 20:59 <DIR> d-------- C:\Program Files\Common Files\iS3
    2008-03-24 20:59 . 2008-03-24 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    2008-03-24 17:23 . 2008-03-24 17:23 <DIR> d-------- C:\Program Files\Windows Media Connect 2
    2008-03-24 17:22 . 2008-03-24 17:23 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-04 22:37 --------- d-----w C:\Program Files\XBC
    2008-04-03 02:32 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-03-27 05:34 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-27 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
    2008-03-26 23:56 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-03-26 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-25 02:30 --------- d-----w C:\Program Files\XLink Kai Evolution VII
    2008-03-15 22:59 --------- d-----w C:\Program Files\Java
    2008-02-09 03:16 --------- d-----w C:\Program Files\Hp
    2008-02-09 03:16 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
    2008-01-19 20:00 25,456 ----a-w C:\Documents and Settings\Kyle\Application Data\GDIPFONTCACHEV1.DAT
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ---- Directory of C:\hjkProgram Files\XBC ----

    C:\hjkProgram Files\XBC\


    ((((((((((((((((((((((((((((( [email protected]_18.24.12.68 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-10-18 17:04:16 341,296 ----a-w C:\WINDOWS\Downloaded Program Files\HPDEXAXO.dll
    + 2008-04-03 02:33:04 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe
    - 2008-04-01 22:07:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-04-04 20:00:41 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2008-04-01 22:07:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-04-04 20:00:41 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2008-04-01 22:07:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-04-04 20:00:41 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2002-01-10 04:26 47104 C:\WINDOWS\SOUNDMAN.EXE]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
    "nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-04-07 02:42:52 217190]
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-23 00:09:47 113664]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
    SpeedUpMyPC.lnk - C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe [2004-10-06 12:21:30 3509760]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\XBC\\AppUpdater.exe"=
    "C:\\Program Files\\Crystal FTP Pro\\crystalftp.exe"=
    "C:\\Program Files\\Argus Surveillance DVR\\WebServerForAdmin.exe"=
    "C:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
    "C:\\WINDOWS\\system32\\mmc.exe"=
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8602:TCP"= 8602:TCP:xbc
    "8602:UDP"= 8602:UDP:xbc

    R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]
    S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-12-07 13:02]
    S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
    S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\LNE100V5.sys [2001-10-24 17:16]
    S3 MUD;Driver for Magellan USB Device;C:\WINDOWS\system32\DRIVERS\MUD.sys [2008-01-14 00:03]
    S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv []
    S3 Webcam Corp. Service Starter;Webcam Corp. Service Starter;C:\Program Files\Webcam\NetCamCtr1\dogsvc.exe []

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-27 00:00:04 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
    "2008-04-01 08:00:03 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-04 16:41:27
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk30]
    "ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    .
    **************************************************************************
    .
    Completion time: 2008-04-04 16:44:45 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-04 23:44:33
    ComboFix2.txt 2008-04-02 01:24:46
    Pre-Run: 55,914,389,504 bytes free
    Post-Run: 55,903,559,680 bytes free
    .
    2008-03-26 00:02:54 --- E O F ---
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,325
    First Name:
    Karen
    Run Kaspersky online virus scan Kaspersky Online Scanner.

    After the updates have downloaded, click on the "Scan Settings" button.
    Choose the "Extended database" for the scan.
    Under "Please select a target to scan", click "My Computer".
    When the scan is finished, Save the results from the scan!

    Note: You have to use Internet Explorer to do the online scan.

    Post a new HiJackThis log along with the results from the Kaspersky scan
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/699416

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice