1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help with Virus

Discussion in 'Virus & Other Malware Removal' started by Marypozaz, Nov 1, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Marypozaz

    Marypozaz Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    25
    Hello, I have fixed one computer, now I need help on another one. I have McAfee anti-virus and it gives me a message saying that the following viruses are in the system: JS/Wonka, Exploit-ANIFILE, & VBS/PSYME. I have tried rebooting in a safe mode and scanning again to remove them (since they are write protected, yeah that's what they say). Then it lets me know that they have been removed, but when I start the computer back again, same problem, as if I never did anything. It's just driving me nuts, because all of my programs freeze up:eek: . I also get pop-up messages, and I'm not even on-line. What can I do??

    Thanks,
    Mary
     
  2. ozrom1e

    ozrom1e

    Joined:
    May 15, 2006
    Messages:
    11,849
    Welcome to TSG....

    To download HJTsetup.exe from TrendSecure To Download HijackThis go to the following at the File Repository
    Click on the link below to Download HijackThis Self Installer:

    http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

    Save the file to your desktop.
    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\HijackThis.
    Continue to click Next in the setup dialog boxes until you get to the Select Additional Tasks dialog.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialog box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    At the top of the Notepad HJT log screen, hit Edit then Select All then click Edit and then click Copy doing that copies the text to the clipboard, you won't see it yet....
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
    A security expert with a gold shield to the right of their name should take a look at your log - please be patient.
     
  3. Marypozaz

    Marypozaz Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    25
    Ok, hope I did this right. :confused:
     

    Attached Files:

  4. WhitPhil

    WhitPhil Gone but never forgotten Trusted Advisor

    Joined:
    Oct 4, 2000
    Messages:
    8,684
    I'll just paste it here for easier reading.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:04:36 AM, on 11/1/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\WINDOWS\mgrs.exe
    C:\WINDOWS\TEMP\win234.tmp.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\svchost.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Documents and Settings\Caty\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll (file missing)
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\qbvtkhxp.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvdod.dll,startup
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win234.tmp.exe
    O4 - HKLM\..\Run: [2c4b9cc0] rundll32.exe "C:\WINDOWS\system32\sqoknsjs.dll",b
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-21-3372605696-3481973248-843513906-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'QBDataServiceUser')
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ipnnxtfc.exe (file missing)
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: QuickBooksDB - Intuit, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe

    --
    End of file - 9672 bytes
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,366
    First Name:
    Karen
    Please download SmitfraudFix (by S!Ri)

    Extract (unzip) the content (a folder named SmitfraudFix) to your Desktop.


    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm

    Warning: Do not run Option #2 until you are instructed to do so. Running option #2 on a non infected computer will remove your Desktop background.
     
  6. Marypozaz

    Marypozaz Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    25
    Ok, here it is.


    SmitFraudFix v2.246

    Scan done at 11:47:50.25, Thu 11/01/2007
    Run from C:\Documents and Settings\Caty\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\mgrs.exe FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Caty


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Caty\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»»


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
    "LoadAppInit_DLLs"=dword:00000001


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS



    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,366
    First Name:
    Karen
    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    If the tool detects that you have a DNS hijack, it will prompt you to reconfigure the network in DHCP.

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt.
     
  8. Marypozaz

    Marypozaz Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    25
    New logs!!!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:22:12 PM, on 11/1/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\Caty\Desktop\HiJackThis.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\WINDOWS\system32\wuauclt.exe
    c:\program files\mcafee.com\shared\mghtml.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll (file missing)
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\qbvtkhxp.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [2c4b9cc0] rundll32.exe "C:\WINDOWS\system32\yoschclx.dll",b
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-21-3372605696-3481973248-843513906-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'QBDataServiceUser')
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ipnnxtfc.exe (file missing)
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: QuickBooksDB - Intuit, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe

    --
    End of file - 8927 bytes





    SmitFraudFix v2.246

    Scan done at 14:12:22.26, Thu 11/01/2007
    Run from C:\Documents and Settings\Caty\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\mgrs.exe Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» DNS



    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,366
    First Name:
    Karen
    Download ComboFix and save it to your desktop.

    **Note: In the event you already have ComboFix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

    1. Close any open browsers.

    2. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick comboFix's window while it's running. That may cause it to stall**
     
  10. Marypozaz

    Marypozaz Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    25
    First log of HijackThis, then ComboFix log. Just a note when running Combofix, a lot of pop up windows would appear, I didn't click on anything just let the program run.



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:59:25 AM, on 11/2/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\DOCUME~1\Caty\LOCALS~1\Temp\qrjatydi.exe
    C:\Documents and Settings\Caty\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll (file missing)
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\qbvtkhxp.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MalwareAlarm] C:\Program Files\MalwareAlarm\MalwareAlarm.exe
    O4 - HKUS\S-1-5-21-3372605696-3481973248-843513906-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'QBDataServiceUser')
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: QuickBooksDB - Intuit, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe

    --
    End of file - 8794 bytes
     
  11. Marypozaz

    Marypozaz Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    25
    Ok, now ComboFix log.

    ComboFix 07-11-02.3 - Caty 2007-11-02 11:14:52.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1510 [GMT -5:00]
    Running from: C:\Documents and Settings\Caty\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data.\mjyxapap.dll
    C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
    C:\Documents and Settings\Caty\Desktop\MalwareAlarm.lnk
    C:\Documents and Settings\Caty\Favorites\Online Security Guide.lnk
    C:\Documents and Settings\Caty\Start Menu\Programs\MalwareAlarm
    C:\Documents and Settings\Caty\Start Menu\Programs\MalwareAlarm\MalwareAlarm.lnk
    C:\Documents and Settings\Caty\Start Menu\Programs\MalwareAlarm\Uninstall.lnk
    C:\Program Files\3269.exe
    C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
    C:\Program Files\SecCenter
    C:\Program Files\SecCenter\scprot4.exe
    C:\Program Files\ucleaner_setup.exe
    C:\Program Files\Ultimate Cleaner
    C:\WINDOWS\Casino.ico
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\music\mainmenumusic.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\areabomb.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\beetlezap.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonusrow.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonustimer.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bucketfilled.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\clearpyramid.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1a.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1b.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1c.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2a.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2b.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2c.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\colorchain.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\dialogbox.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\drumbeat.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\fillrow.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\gateopen.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\helptip.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\powerup.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\rotateboardleft.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\timerup.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning2.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\artifacts-bb.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\bar.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber0.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber1.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\circledoor.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\full_screen_dialog.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_large.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_small.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_large.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_small.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hexfield.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hidden-artifact_icon.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\large_dialog.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\local-hs-bb.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\mainmenu.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\small_dialog.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\textfield.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\trifield.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover2.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover3.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover4.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock2.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock3.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock4.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetletatoo.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\dirt.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpost.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpostovr.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\tritop.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_down.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_over.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_up.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_down.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_over.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_up.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_down.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_over.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_up.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_down.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_over.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_up.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_down.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_over.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_up.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_down.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_over.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_up.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkdown.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkup.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_down.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_over.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_up.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_down.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_over.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_up.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_down.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_over.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_up.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_down.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_over.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_up.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_down.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_over.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_up.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknob.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknobover.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderrail.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\anwar\look\pl0001.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\bast\look\bl0001.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\kristine\look\kl0001.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\crackedstopper.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\cursor.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\doorlights.txt
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\jackarmstrong.mvec
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\lithos.mvec
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\greybomb.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\arrowkeys.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\helptip.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\levels\levels.dat
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\disk.mesh
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\equilateraltriangle.mesh
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\flattri.mesh
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\pyramid.mesh
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\quad.mesh
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\rotatingpyramid.mesh
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\scarabpanel.mesh
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\p1icon.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-0.xml
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-1.xml
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-0-1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-1-1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scorecloud.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\setup.xml
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\areashockwave.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_2.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_3.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_4.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_starter.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_tail.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\flash.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\rubble.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke2.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke3.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\aol_logo.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\playfirst_logo.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue0\snake_dirty.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\arm01_dirty.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\mask01_1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\statue01_dirty.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\stopper.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\timer.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\timerglow.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\timericon.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\tm.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue2.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue3.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen2.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen3.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered2.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered3.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow2.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow3.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabomb.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabombrollover.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\blue.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bluerollover.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\boardfill.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick2.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick3.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bricktip.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared2.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared3.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared4.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared5.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared6.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye2.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye3.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye4.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\green.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\greenrollover.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-blue.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-bluerollover.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-green.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-greenrollover.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-red.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-redrollover.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellow.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellowrollover.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\red.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\redrollover.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wild.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wildrollover.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellow.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellowrollover.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image0.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image1.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image2.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image3.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\bluebucket.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\buckettriangle.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chainlink.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chaintip.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\genericbucket.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\greenbucket.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\redbucket.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallblue.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallgreen.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallred.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallyellow.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnglow.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnplatform.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\yellowbucket.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\warning.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\error.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\game.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\gameover.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscore.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoreinfo.lua
     
  12. Marypozaz

    Marypozaz Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    25
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoresubmit.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\instructions.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\leveldesign.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\levelover.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainarcade.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainconfirm.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\maincontinue.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\maingames.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainpuzzle.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\maphelptip.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\options.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\pause.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\quitconfirm.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\start.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\storyplayer.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\style.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\upsell.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\strings.xml
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\TriJinx.exe
    C:\WINDOWS\Free Online Dating.ico
    C:\WINDOWS\mgrs.exe
    C:\WINDOWS\Spyware Remover.ico
    C:\WINDOWS\system32\aeewmqhx.ini
    C:\WINDOWS\system32\ajxtueuv.exe
    C:\WINDOWS\system32\aunucdqg.ini
    C:\WINDOWS\system32\bdixoukf.exe
    C:\WINDOWS\system32\bszip.dll
    C:\WINDOWS\system32\bvkwqowv.exe
    C:\WINDOWS\system32\cbxvvuu.dll
    C:\WINDOWS\system32\cqlmlbjp.exe
    C:\WINDOWS\system32\dqavbrcy.exe
    C:\WINDOWS\system32\drivers\blank.gif
    C:\WINDOWS\system32\drivers\box_1.gif
    C:\WINDOWS\system32\drivers\box_2.gif
    C:\WINDOWS\system32\drivers\box_3.gif
    C:\WINDOWS\system32\drivers\button_buynow.gif
    C:\WINDOWS\system32\drivers\button_freescan.gif
    C:\WINDOWS\system32\drivers\cell_bg.gif
    C:\WINDOWS\system32\drivers\cell_footer.gif
    C:\WINDOWS\system32\drivers\cell_header_block.gif
    C:\WINDOWS\system32\drivers\cell_header_remove.gif
    C:\WINDOWS\system32\drivers\cell_header_scan.gif
    C:\WINDOWS\system32\drivers\detect.htm
    C:\WINDOWS\system32\drivers\download_box.gif
    C:\WINDOWS\system32\drivers\download_btn.jpg
    C:\WINDOWS\system32\drivers\download_now_btn.gif
    C:\WINDOWS\system32\drivers\footer_back.jpg
    C:\WINDOWS\system32\drivers\header_1.gif
    C:\WINDOWS\system32\drivers\header_2.gif
    C:\WINDOWS\system32\drivers\header_3.gif
    C:\WINDOWS\system32\drivers\header_4.gif
    C:\WINDOWS\system32\drivers\header_red_bg.gif
    C:\WINDOWS\system32\drivers\header_red_free_scan.gif
    C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
    C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
    C:\WINDOWS\system32\drivers\infected.gif
    C:\WINDOWS\system32\drivers\main_back.gif
    C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
    C:\WINDOWS\system32\drivers\product_1_header.gif
    C:\WINDOWS\system32\drivers\product_1_name_small.gif
    C:\WINDOWS\system32\drivers\product_2_header.gif
    C:\WINDOWS\system32\drivers\product_2_name_small.gif
    C:\WINDOWS\system32\drivers\product_3_header.gif
    C:\WINDOWS\system32\drivers\product_3_name_small.gif
    C:\WINDOWS\system32\drivers\product_features.gif
    C:\WINDOWS\system32\drivers\pt.htm
    C:\WINDOWS\system32\drivers\rating.gif
    C:\WINDOWS\system32\drivers\s_detect.htm
    C:\WINDOWS\system32\drivers\screenshot.jpg
    C:\WINDOWS\system32\drivers\sep_hor.gif
    C:\WINDOWS\system32\drivers\sep_vert.gif
    C:\WINDOWS\system32\drivers\shadow.jpg
    C:\WINDOWS\system32\drivers\shadow_bg.gif
    C:\WINDOWS\system32\drivers\spacer.gif
    C:\WINDOWS\system32\drivers\spy_away_box.jpg
    C:\WINDOWS\system32\drivers\star.gif
    C:\WINDOWS\system32\drivers\star_gray.gif
    C:\WINDOWS\system32\drivers\star_gray_small.gif
    C:\WINDOWS\system32\drivers\star_small.gif
    C:\WINDOWS\system32\drivers\style.css
    C:\WINDOWS\system32\drivers\v.gif
    C:\WINDOWS\system32\drivers\warning_icon.gif
    C:\WINDOWS\system32\drivers\win_logo.gif
    C:\WINDOWS\system32\drivers\x.gif
    C:\WINDOWS\system32\drvdodr.dll
    C:\WINDOWS\system32\drvlowr.dll
    C:\WINDOWS\system32\duwffqbg.exe
    C:\WINDOWS\system32\eehrjrft.exe
    C:\WINDOWS\system32\eynbhoph.dll
    C:\WINDOWS\system32\ffjacdcm.exe
    C:\WINDOWS\system32\fuoirenp.exe
    C:\WINDOWS\system32\fxqyaehx.dll
    C:\WINDOWS\system32\gjjlm.bak1
    C:\WINDOWS\system32\gjjlm.bak2
    C:\WINDOWS\system32\gjjlm.ini
    C:\WINDOWS\system32\gjjlm.ini2
    C:\WINDOWS\system32\gjjlm.tmp
    C:\WINDOWS\system32\gqdcunua.dll
    C:\WINDOWS\system32\gyfrjtce.exe
    C:\WINDOWS\system32\heifyabd.exe
    C:\WINDOWS\system32\hjjsabxd.dll
    C:\WINDOWS\system32\hpohbnye.ini
    C:\WINDOWS\system32\hxlkslyh.dll
    C:\WINDOWS\system32\hylsklxh.ini
    C:\WINDOWS\system32\iwaqfspf.exe
    C:\WINDOWS\system32\jlbmhkhn.exe
    C:\WINDOWS\system32\kellvwcl.exe
    C:\WINDOWS\system32\kldxqcqh.exe
    C:\WINDOWS\system32\lidkfqkv
    C:\WINDOWS\system32\lidkfqkv\bg1.gif
    C:\WINDOWS\system32\lidkfqkv\bgtop.gif
    C:\WINDOWS\system32\lidkfqkv\bottom1.gif
    C:\WINDOWS\system32\lidkfqkv\essentials.gif
    C:\WINDOWS\system32\lidkfqkv\icon1.ico
    C:\WINDOWS\system32\lidkfqkv\install1.gif
    C:\WINDOWS\system32\lidkfqkv\left1.gif
    C:\WINDOWS\system32\lidkfqkv\li.gif
    C:\WINDOWS\system32\lidkfqkv\lidkfqkv1.exe
    C:\WINDOWS\system32\lidkfqkv\lidkfqkv2.exe
    C:\WINDOWS\system32\lidkfqkv\lidkfqkv3.exe
    C:\WINDOWS\system32\lidkfqkv\logo.gif
    C:\WINDOWS\system32\lidkfqkv\main.htm
    C:\WINDOWS\system32\lidkfqkv\mainframe.htm
    C:\WINDOWS\system32\lidkfqkv\reinstall1.gif
    C:\WINDOWS\system32\lidkfqkv\right1.gif
    C:\WINDOWS\system32\lidkfqkv\s1.htm
    C:\WINDOWS\system32\lidkfqkv\s2.htm
    C:\WINDOWS\system32\lidkfqkv\s3.htm
    C:\WINDOWS\system32\lidkfqkv\SMTop1.gif
    C:\WINDOWS\system32\lidkfqkv\SMTop2.gif
    C:\WINDOWS\system32\lidkfqkv\SMTop3.gif
    C:\WINDOWS\system32\lidkfqkv\SMTop4.gif
    C:\WINDOWS\system32\lidkfqkv\soft1_off.gif
    C:\WINDOWS\system32\lidkfqkv\soft1_off_ext.gif
    C:\WINDOWS\system32\lidkfqkv\soft1_on.gif
    C:\WINDOWS\system32\lidkfqkv\soft1_on_ext.gif
    C:\WINDOWS\system32\lidkfqkv\soft2_off.gif
    C:\WINDOWS\system32\lidkfqkv\soft2_off_ext.gif
    C:\WINDOWS\system32\lidkfqkv\soft2_on.gif
    C:\WINDOWS\system32\lidkfqkv\soft2_on_ext.gif
    C:\WINDOWS\system32\lidkfqkv\soft3_off.gif
    C:\WINDOWS\system32\lidkfqkv\soft3_off_ext.gif
    C:\WINDOWS\system32\lidkfqkv\soft3_on.gif
    C:\WINDOWS\system32\lidkfqkv\soft3_on_ext.gif
    C:\WINDOWS\system32\lidkfqkv\softbottom_off.gif
    C:\WINDOWS\system32\lidkfqkv\softbottom_on.gif
    C:\WINDOWS\system32\lidkfqkv\softleft_off.gif
    C:\WINDOWS\system32\lidkfqkv\softleft_on.gif
    C:\WINDOWS\system32\lidkfqkv\top1.gif
    C:\WINDOWS\system32\lidkfqkv\top2.gif
    C:\WINDOWS\system32\lidkfqkv\turnoff1.gif
    C:\WINDOWS\system32\lidkfqkv\turnon1.gif
    C:\WINDOWS\system32\lytfpseu.dll
    C:\WINDOWS\system32\mljjg.dll
    C:\WINDOWS\system32\myhaveio.exe
    C:\WINDOWS\system32\orvunoce.exe
    C:\WINDOWS\system32\oxujchmh.exe
    C:\WINDOWS\system32\patqtsqn.exe
    C:\WINDOWS\system32\qbvtkhxp.dllbox
    C:\WINDOWS\system32\quruatlf.exe
    C:\WINDOWS\system32\ryeyqtly.dll
    C:\WINDOWS\system32\tccdhubu.exe
    C:\WINDOWS\system32\tnmfvlnc.exe
    C:\WINDOWS\system32\uespftyl.ini
    C:\WINDOWS\system32\uhuuoabf.exe
    C:\WINDOWS\system32\ulsifcbl.exe
    C:\WINDOWS\system32\wiimffaq.exe
    C:\WINDOWS\system32\winhab32.dll
    C:\WINDOWS\system32\wqinuair.exe
    C:\WINDOWS\system32\xheayqxf.ini
    C:\WINDOWS\system32\xhqmweea.dll
    C:\WINDOWS\system32\yaoxcpni.exe
    C:\WINDOWS\system32\yctmnduj.exe
    C:\WINDOWS\system32\yltqyeyr.ini
    C:\WINDOWS\xpupdate.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE
    -------\DomainService


    ((((((((((((((((((((((((( Files Created from 2007-10-02 to 2007-11-02 )))))))))))))))))))))))))))))))
    .

    2007-11-02 11:16 <DIR> d-------- C:\Program Files\MalwareAlarm
    2007-11-02 11:16 33,792 --a------ C:\WINDOWS\system32\khfgfca.dll
    2007-11-02 11:16 21,504 --a------ C:\WINDOWS\system32\aivskurq.dll
    2007-11-02 11:15 <DIR> d-------- C:\Program Files\Vofdyzgg
    2007-11-02 11:15 <DIR> d-------- C:\Program Files\rabktcby
    2007-11-02 11:15 103,936 --a------ C:\WINDOWS\system32\drvlow.dll
    2007-11-02 11:13 82,496 --a------ C:\WINDOWS\system32\icnqjijl.dll
    2007-11-02 11:11 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-01 11:47 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-11-01 11:47 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-11-01 11:47 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-10-24 12:33 <DIR> d-------- C:\Program Files\E404 Helper
    2007-10-24 11:10 36,352 --a------ C:\WINDOWS\system32\nnnoolk.dll
    2007-10-19 16:07 34,304 --a------ C:\WINDOWS\system32\awttrro.dll
    2007-10-19 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-18 08:23 340,032 --a------ C:\WINDOWS\system32\yfmbcgdr.dll
    2007-10-18 08:23 340,032 --a------ C:\WINDOWS\system32\qbvtkhxp.dll
    2007-10-16 14:41 19,456 --a------ C:\Program Files\ukr.exe
    2007-10-16 14:37 <DIR> d-------- C:\WINDOWS\system32\mclsphlr
    2007-10-16 14:36 94,208 --a------ C:\WINDOWS\system32\mclsp.dll
    2007-10-16 14:36 90,112 --a------ C:\WINDOWS\system32\mcrtl32.dll
    2007-10-16 14:36 32,768 --a------ C:\WINDOWS\system32\instlsp.exe
    2007-10-16 14:36 11,264 --a------ C:\WINDOWS\system32\sporder.dll
    2007-10-16 11:56 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2007-10-16 08:23 28,679 --------- C:\Program Files\c_setup.exe
    2007-10-16 08:19 <DIR> d-------- C:\Program Files\Adsense Helper Object
    2007-10-15 12:44 <DIR> d-------- C:\WINDOWS\system32\HouseCall 6.6
    2007-10-15 12:44 <DIR> d-------- C:\Documents and Settings\Caty\Application Data\HouseCall 6.6
    2007-10-12 14:40 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2007-10-12 14:39 <DIR> d-------- C:\Documents and Settings\Caty\.housecall6.6
    2007-10-12 11:48 <DIR> d-------- C:\Program Files\Real
    2007-10-10 11:29 9,728 --a------ C:\Program Files\hlpsrv.exe
    2007-10-10 11:28 102,400 --a------ C:\WINDOWS\system32\drvdod.dll
    2007-10-10 11:28 31,232 --a------ C:\WINDOWS\system32\efccdcd.dll
    2007-10-10 10:30 147,456 --a------ C:\WINDOWS\AVUNTOOL.EXE
    2007-10-10 03:54 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-03 10:55 <DIR> d-------- C:\Documents and Settings\Caty\Application Data\Alien Skin

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-02 15:33 --------- d-----w C:\Documents and Settings\Caty\Application Data\U3
    2007-10-22 14:14 --------- d-----w C:\Documents and Settings\Caty\Application Data\AdobeUM
    2007-10-17 21:15 --------- d-----w C:\Program Files\QuickTime
    2007-10-16 19:36 --------- d-----w C:\Program Files\McAfee.com
    2007-10-16 19:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
    2007-10-16 18:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
    2007-09-28 21:01 --------- d-----w C:\Program Files\Apple Software Update
    2007-09-28 21:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2007-09-24 18:40 --------- d-----w C:\Program Files\A Tech Group
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
    2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
    2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
    2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
    2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-05-02 20:31:54 56 --sh--r C:\WINDOWS\system32\25414C4A3D.sys
    2007-05-02 20:31:56 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
    2007-11-02 11:15 94208 --a------ C:\Program Files\Vofdyzgg\kilhykfu.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{226f2238-f367-4e92-a9ba-44c7eb18ad04}]
    2007-11-02 11:13 82496 --a------ C:\WINDOWS\system32\icnqjijl.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}]
    2007-10-24 11:10 36352 --a------ C:\WINDOWS\system32\nnnoolk.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    2007-10-18 08:23 340032 --a------ C:\WINDOWS\system32\qbvtkhxp.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\qbvtkhxp.dll [2007-10-18 08:23 340032]

    [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 07:22]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 07:19]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 07:23]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-06-23 17:31]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-13 11:20]
    "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 19:18]
    "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 23:02]
    "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29]
    "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05]
    "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 15:49]
    "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 10:26]
    "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 13:49]
    "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 18:00]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 14:54]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
    "YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 10:43]
    "MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [2005-07-26 14:49]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 10:39]
    "MalwareAlarm"="C:\Program Files\MalwareAlarm\MalwareAlarm.exe" [2007-11-02 11:16]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 02:19:50]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38]
    HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36]
    QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-01-22 14:21:00]
    Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 23:07:32]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}"= C:\WINDOWS\system32\nnnoolk.dll [2007-10-24 11:10 36352]

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoolk]
    nnnoolk.dll 2007-10-24 11:10 36352 C:\WINDOWS\system32\nnnoolk.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qbvtkhxp]
    qbvtkhxp.dll 2007-10-18 08:23 340032 C:\WINDOWS\system32\qbvtkhxp.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljjg.dll


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92c23592-de0e-11db-9c0d-001320ea09ff}]
    \Shell\AutoRun\command - E:\LaunchU3.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-01 17:18:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
    - C:\WINDOWS\system32\cleanmgr.exe
    "2007-11-02 16:52:08 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (MARIA-Caty).job"
    - c:\program files\mcafee.com\vso\mcmnhdlr.exe
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-02 11:53:36
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-02 11:56:51 - machine was rebooted
    .
    --- E O F ---
     
  13. Marypozaz

    Marypozaz Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    25
    Ok, after running combofix I get a bunch of popup pages, is that normal??? My log is above.
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,366
    First Name:
    Karen
    It's normal you would get popups on your system with the multiple infections you have.


    Open Notepad and copy and paste the text in the code box below into it:

    Code:
    File::
    C:\WINDOWS\system32\khfgfca.dll
    C:\WINDOWS\system32\aivskurq.dll
    C:\WINDOWS\system32\drvlow.dll
    C:\WINDOWS\system32\icnqjijl.dll
    C:\WINDOWS\system32\nnnoolk.dll
    C:\WINDOWS\system32\awttrro.dll
    C:\WINDOWS\system32\yfmbcgdr.dll
    C:\WINDOWS\system32\qbvtkhxp.dll
    C:\Program Files\ukr.exe
    C:\Program Files\c_setup.exe
    C:\Program Files\hlpsrv.exe
    C:\WINDOWS\system32\drvdod.dll
    C:\WINDOWS\system32\efccdcd.dll
    
    Folder::
    C:\Program Files\MalwareAlarm
    C:\Program Files\Vofdyzgg
    C:\Program Files\rabktcby
    C:\Program Files\E404 Helper
    C:\Program Files\Adsense Helper Object
    
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{226f2238-f367-4e92-a9ba-44c7eb18ad04}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    MalwareAlarm"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoolk] 
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qbvtkhxp] 
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 
    
    Save the file to your desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]

    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
     
  15. Marypozaz

    Marypozaz Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    25
    Here's ComboFix Log:


    ComboFix 07-11-02.3 - Caty 2007-11-06 12:17:36.3 - NTFSx86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1746 [GMT -6:00]
    Running from: C:\Documents and Settings\Caty\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Caty\Desktop\CFScript.txt

    FILE::
    C:\Program Files\c_setup.exe
    C:\Program Files\hlpsrv.exe
    C:\Program Files\ukr.exe
    C:\WINDOWS\system32\aivskurq.dll
    C:\WINDOWS\system32\awttrro.dll
    C:\WINDOWS\system32\drvdod.dll
    C:\WINDOWS\system32\drvlow.dll
    C:\WINDOWS\system32\efccdcd.dll
    C:\WINDOWS\system32\icnqjijl.dll
    C:\WINDOWS\system32\khfgfca.dll
    C:\WINDOWS\system32\nnnoolk.dll
    C:\WINDOWS\system32\qbvtkhxp.dll
    C:\WINDOWS\system32\yfmbcgdr.dll
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
    C:\Documents and Settings\Caty\Desktop\Live Safety Center.lnk
    C:\Documents and Settings\Caty\Desktop\Online Security Guide.lnk
    C:\Documents and Settings\Caty\Favorites\Online Security Guide.lnk
    C:\Program Files\Adsense Helper Object
    C:\Program Files\Adsense Helper Object\aho.v1.dll
    C:\Program Files\Adsense Helper Object\aho.v3.dll
    C:\Program Files\c_setup.exe
    C:\Program Files\E404 Helper
    C:\Program Files\E404 Helper\e404.v1.dll
    C:\Program Files\hlpsrv.exe
    C:\Program Files\MalwareAlarm
    C:\Program Files\MalwareAlarm\MalwareAlarm.exe
    C:\Program Files\MalwareAlarm\MalwareAlarm.lic
    C:\Program Files\MalwareAlarm\MalwareAlarm0.ma
    C:\Program Files\MalwareAlarm\MalwareAlarm1.ma
    C:\Program Files\MalwareAlarm\Uninstall.exe
    C:\Program Files\rabktcby
    C:\Program Files\rabktcby\pefgnybg.dll
    C:\Program Files\ukr.exe
    C:\Program Files\Vofdyzgg
    C:\Program Files\Vofdyzgg\kilhykfu.dll
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\aivskurq.dll
    C:\WINDOWS\system32\awttrro.dll
    C:\WINDOWS\system32\awvvt.dll
    C:\WINDOWS\system32\drvdod.dll
    C:\WINDOWS\system32\drvlow.dll
    C:\WINDOWS\system32\efccdcd.dll
    C:\WINDOWS\system32\icnqjijl.dll
    C:\WINDOWS\system32\khfgfca.dll
    C:\WINDOWS\system32\nnnoolk.dll
    C:\WINDOWS\system32\pmhfthbb.exe
    C:\WINDOWS\system32\qbvtkhxp.dll
    C:\WINDOWS\system32\qbvtkhxp.dllbox
    C:\WINDOWS\system32\tvvwa.bak1
    C:\WINDOWS\system32\tvvwa.bak2
    C:\WINDOWS\system32\tvvwa.ini
    C:\WINDOWS\system32\tvvwa.tmp
    C:\WINDOWS\system32\yfmbcgdr.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE
    -------\DomainService


    ((((((((((((((((((((((((( Files Created from 2007-10-06 to 2007-11-06 )))))))))))))))))))))))))))))))
    .

    2007-11-06 08:20 87,104 --a------ C:\WINDOWS\system32\hpamitty.dll
    2007-11-06 08:17 81,472 --a------ C:\WINDOWS\system32\crrwxdkb.dll
    2007-11-02 10:11 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-01 10:47 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-11-01 10:47 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-11-01 10:47 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-10-19 14:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-16 13:37 <DIR> d-------- C:\WINDOWS\system32\mclsphlr
    2007-10-16 13:36 94,208 --a------ C:\WINDOWS\system32\mclsp.dll
    2007-10-16 13:36 90,112 --a------ C:\WINDOWS\system32\mcrtl32.dll
    2007-10-16 13:36 32,768 --a------ C:\WINDOWS\system32\instlsp.exe
    2007-10-16 13:36 11,264 --a------ C:\WINDOWS\system32\sporder.dll
    2007-10-16 10:56 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2007-10-15 11:44 <DIR> d-------- C:\WINDOWS\system32\HouseCall 6.6
    2007-10-15 11:44 <DIR> d-------- C:\Documents and Settings\Caty\Application Data\HouseCall 6.6
    2007-10-12 13:40 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2007-10-12 13:39 <DIR> d-------- C:\Documents and Settings\Caty\.housecall6.6
    2007-10-12 10:48 <DIR> d-------- C:\Program Files\Real
    2007-10-10 09:30 147,456 --a------ C:\WINDOWS\AVUNTOOL.EXE
    2007-10-10 02:54 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-06 14:43 --------- d-----w C:\Documents and Settings\Caty\Application Data\AdobeUM
    2007-11-02 15:33 --------- d-----w C:\Documents and Settings\Caty\Application Data\U3
    2007-10-17 21:15 --------- d-----w C:\Program Files\QuickTime
    2007-10-16 19:36 --------- d-----w C:\Program Files\McAfee.com
    2007-10-16 19:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
    2007-10-16 18:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
    2007-10-03 20:00 --------- d-----w C:\Documents and Settings\Caty\Application Data\Alien Skin
    2007-09-28 21:01 --------- d-----w C:\Program Files\Apple Software Update
    2007-09-28 21:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2007-09-24 18:40 --------- d-----w C:\Program Files\A Tech Group
    2007-05-02 20:31:54 56 --sh--r C:\WINDOWS\system32\25414C4A3D.sys
    2007-05-02 20:31:56 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( [email protected]_11.55.02.39 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-10-29 23:56:19 136,192 ----a-w C:\WINDOWS\catchme.exe
    + 2007-10-30 00:56:19 136,192 ----a-w C:\WINDOWS\catchme.exe
    + 2007-03-13 16:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    - 2007-10-12 14:28:57 62,032 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2007-11-06 14:16:34 62,148 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2007-10-12 14:28:57 402,426 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2007-11-06 14:16:34 402,734 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2007-07-22 23:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
    + 2007-07-23 00:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10e6ceaa-1b56-4e31-8f8a-6328f68114c0}]
    2007-11-06 08:17 81472 --a------ C:\WINDOWS\system32\crrwxdkb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 06:22]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 06:19]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 06:23]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-06-23 16:31]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-13 10:20]
    "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18]
    "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02]
    "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]
    "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05]
    "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 14:49]
    "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 09:26]
    "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49]
    "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 17:00]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 13:54]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11]
    "YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 09:43]
    "MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [2005-07-26 13:49]
    "2c4b9cc0"="C:\WINDOWS\system32\hpamitty.dll" [2007-11-06 08:20]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 09:39]
    "MalwareAlarm"="C:\Program Files\MalwareAlarm\MalwareAlarm.exe" []

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 21:31:38]
    HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 22:06:36]
    QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-01-22 13:21:00]
    Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32]

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92c23592-de0e-11db-9c0d-001320ea09ff}]
    \Shell\AutoRun\command - E:\LaunchU3.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-02 17:18:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
    - C:\WINDOWS\system32\cleanmgr.exe
    "2007-11-06 18:49:05 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (MARIA-Caty).job"
    - c:\program files\mcafee.com\vso\mcmnhdlr.exe
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-06 12:49:03
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-06 12:51:21 - machine was rebooted
    C:\ComboFix2.txt ... 2007-11-02 12:31
    C:\ComboFix3.txt ... 2007-11-02 10:56
    .
    --- E O F ---
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/646338

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice