Outerinfo popups and Internet Speed Monitor

[x_Tang]

I posted yesterday but didn't get any response.
I was having many many issues with pop-ups from both outerinfo and internet speed monitor on my fiance's computer (this all was happening yesterday).

I haven't had any pop-ups come up today but I keep getthing this pop-up alert:

"Sever Busy

This action cannot be completed because the other program is busy. Choose 'Swtich To' to activate the busy program and correct the problem."

It has a 'Switch to...", "Retry" and "cancel" button, of which you can only click on Swtich to and Retry. I click on switch to and it always takes me to the start menu. It won't stop popping up, so I assume it has something to do with one of these pop-up problems.

Also, it won't let me load up firefox now (so annoying). There's an explore bar (on IE) for Internet Speed Monitor and there's also an explore bar for MoneySide. Both of which my fiance said he didn't install. So yeah.

I ran HJT and here's my log.
I'll be hopping onto my own computer now, to keep my eye on this thread and to be able to do things with his computer and look at this thread at the same time.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:24 PM, on 10/29/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\mcafee.com\Agent\mcagent.exe
C:\Program Files\mcafee.com\Agent\mcupdate.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\tsitra72.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\CROSOF~1.NET\svchost.exe
C:\Program Files\ISM\ISMModule8.exe
C:\Documents and Settings\Barret\My Documents\W?nSxS\?ttrib.exe
C:\Program Files\WinAble\winable.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\IA\command.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Words\Words.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll
O2 - BHO: (no name) - {9C946E02-A2C3-AC65-BB2B-FE8A368624C5} - C:\WINDOWS\System32\dnpp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Zero-Knowledge Freedom - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero Knowledge\Freedom\BandObjs.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\mcafee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\tsitra72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Tray Temperature] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [WhenUSave] "C:\PROGRA~1\Save\Save.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ISMModule2] "C:\Program Files\ISM\ISMModule2.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\System32\CROSOF~1.NET\svchost.exe" -vt yazb
O4 - HKCU\..\Run: [ISMModule8] "C:\Program Files\ISM\ISMModule8.exe"
O4 - HKCU\..\Run: [Svcmn] "C:\Documents and Settings\Barret\My Documents\W?nSxS\?ttrib.exe"
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/games/clients/y/dot9_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9513 bytes

 

[cybertech]

You have no Service Packs installed... Why is that?

Download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

 

[x_Tang]

It's not my computer. I don't know why he doesn't have a service pack.

I actually got rid of the internet speed monitor...so that's one thing that's gone.
I'll jump on his computer and download/run that program.

 

[x_Tang]

Uhm...well, I got on his computer.
Downloaded Combofix and started running it.
I didn't touch it while it was doing it's thing...
I thought it finished and said it was opening a new window. So it did that and it said something (I can't remember what) and made all the icons on his desktop go away and his bar down at the bottom...and yeah, I basically had to hard restart the computer because nothing was happening and I couldn't get to the start menu. D:

I loaded the computer back up just now...and every thing's back on the desktop like it should be.

There's an extra thing though...a folder labled "catchme" and the icon is a folder with a zipper on it. Is that from combofix? @[email protected];

Also, a DOS window has popped up and then disappeared a few times since restarting the computer.

 

[cybertech]

Yes that is from combofix.

Can you post a new hijackthis log?

 

[x_Tang]

After having running combofix...I haven't had any issues with pop ups on this computer.

Anyway....here's the HJT log..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:53, on 2007-10-31
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\mcafee.com\Agent\mcagent.exe
C:\Program Files\mcafee.com\Agent\mcupdate.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\internet explorer\iexplore.exe
c:\Program Files\Microsoft Money\System\urlmap.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Zero-Knowledge Freedom - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero Knowledge\Freedom\BandObjs.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\mcafee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Tray Temperature] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [WhenUSave] "C:\PROGRA~1\Save\Save.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\System32\CROSOF~1.NET\svchost.exe" -vt yazb
O4 - HKCU\..\Run: [Svcmn] "C:\Documents and Settings\Barret\My Documents\W?nSxS\?ttrib.exe"
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Barret\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Barret\Application Data\Microsoft\Windows\qrrvmq.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/games/clients/y/dot9_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8110 bytes

 

[cybertech]

You didn't post the combofix log.


Go to add/remove programs and remove these if you did not install them:
ViewpointService
Viewpoint Manager


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• 
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

Click Exit on the Main menu to close the program.



Download and scan with SUPERAntiSpyware Free for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
• Click Close to exit the program.

 

[x_Tang]

Is the combofix log the catchme thing?
And I'm pretty sure the viewpoint thing was installed for AIM.

 

[cybertech]

Is the combofix log the catchme thing?

yes, combofix uses catchme.

IAnd I'm pretty sure the viewpoint thing was installed for AIM.

I'm pretty sure it's an add on and not required for AIM to work. It is an option that you missed in the installation.

 

[x_Tang]

Well, it's my fiance's computer and I'm not sure if he has it downloaded for something else or not.
He's at work right now, so I can't ask him.

I've actually gotta head off of here for now.
Probably won't be back on 'til tomorrow...so yeah.
I'll run everything next time I'm online.

 

[cybertech]

 

[x_Tang]

Sorry I didn't come back when I said I would.
Ended up getting busy irl and didn't have time for the computer.


Here's my Super AntiSpyware log....
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/04/2007 at 06:10 PM

Application Version : 3.9.1008

Core Rules Database Version : 3337
Trace Rules Database Version: 1338

Scan type : Complete Scan
Total Scan Time : 02:12:28

Memory items scanned : 386
Memory threats detected : 0
Registry items scanned : 5037
Registry threats detected : 5
File items scanned : 79911
File threats detected : 88

Adware.Tracking Cookie
C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
C:\Documents and Settings\Barret\Cookies\[email protected][3].txt
C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
C:\Documents and Settings\Barret\Cookies\[email protected][1].txt

Adware.ClickSpring/Yazzle
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#UninstallString
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINADMIN.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1552OINADMIN.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1552OINUNINSTALLER.EXE.VIR

Malware.RepairRegistryPro
C:\Documents and Settings\Barret\Start Menu\Programs\Repair Registry Pro

Adware.AdSponsor/ISM
HKU\.DEFAULT\Software\BndDrive
HKU\S-1-5-18\Software\BndDrive
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP290\A0044051.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP338\A0050972.EXE

Trojan.Downloader-Gen/Inst2
C:\251.TMP
C:\28E.TMP

Trojan.Unknown Origin
C:\DOCUMENTS AND SETTINGS\BARRET\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\IB2VE12V\INSTALLER[1].EXE
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\OQQM\OQQMA.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\OQQM\OQQML.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\OQQM\OQQMM.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\B104.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\IA\KE.VBS.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WAPIICC.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINSTALL_NMON.VBS.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051030.VBS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051031.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051033.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051048.VBS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051053.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051054.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051056.EXE
C:\WINDOWS\MROFINU72.EXE

BearShare File Sharing Client
C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE

Adware.Unknown Origin
C:\PROGRAM FILES\COMMON FILES\OQQM\OQQMD\CLASS-BARREL
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\OQQM\OQQMD\VOCABULARY.VIR

Adware.ClickSpring
C:\qoobox\Quarantine\C\Documents and Settings\Barret\My Documents\WNSXS~1\TTRIBE~1.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CROSOF~1.NET\SVCHOST.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DNPP.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051039.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051050.EXE

Unclassified.Unknown Origin/System
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\OQQM\OQQMD\OQQMC.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051058.DLL

Trojan.Downloader-Gen
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\OQQM\OQQMP.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051057.EXE

Trojan.NetMon/DNSChange
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\NETWORK MONITOR\NETMON.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051049.EXE

Trojan.Downloader-Gen/Installer
C:\QOOBOX\QUARANTINE\C\WINDOWS\B128.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051035.EXE

Adware.Adservs
C:\QOOBOX\QUARANTINE\C\WINDOWS\IA\ASAPPSRV.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051041.DLL

Unclassified.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\IA\COMMAND.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051040.EXE

TargetSaver, Inc. Process
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TSUNINST.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051059.EXE

Trace.Known Threat Sources
C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\W1SHMRSX\8154ff2675af1b6e0677560871425153[1].zip
C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\YD0JQHM5\mrofinu[1].zip
C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\GHS58LG9\ctxad-570[1].sig
C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\YD0JQHM5\ack[2].htm
C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\IB2VE12V\tsupdate2[1].php
C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\PO913L17\4db3e14be68297b54dc897edcc80680f[1].zip
C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\IB2VE12V\718f466754402ac597de014577627f96[1].zip
C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\YD0JQHM5\ack[1].htm
C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\IB2VE12V\c1f5cc94a30f082054f3a00e6655462d[1].zip
C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\IB2VE12V\f4d28682d186cc6beb75f106d133f489[1].zip
C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\YD0JQHM5\affupdate2[1].php
C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\W1SHMRSX\ack[1].htm
C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\OL4JK3CN\08e5626e1b84ac1aec80dc870a7411e3[1].zip





And here's the HJT log...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:36, on 2007-11-04
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\mcafee.com\Agent\mcagent.exe
C:\Program Files\mcafee.com\Agent\mcupdate.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Barret\Application Data\Microsoft\Windows\qrrvmq.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\internet explorer\iexplore.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Zero-Knowledge Freedom - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero Knowledge\Freedom\BandObjs.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\mcafee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Tray Temperature] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [WhenUSave] "C:\PROGRA~1\Save\Save.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\System32\CROSOF~1.NET\svchost.exe" -vt yazb
O4 - HKCU\..\Run: [Svcmn] "C:\Documents and Settings\Barret\My Documents\W?nSxS\?ttrib.exe"
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Barret\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Barret\Application Data\Microsoft\Windows\qrrvmq.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/games/clients/y/dot9_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8481 bytes



I opened the catchme folder and there was no txt file...so yeah.

 

[cybertech]

Run HijackThis and click Open the Misc Tools section
Click Open Uninstall Manager, Save list and save the log to your Desktop.
A list of programs will open in Notepad. Post the contents of the log here in your next reply.

 

[x_Tang]

1602 A.D.
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Reader 8.1.1
Adobe Shockwave Player
AIM 6.0
AOL Instant Messenger
Command & Conquer Red Alert 2
Command & Conquer Tiberian Sun
Command && Conquer Red Alert 2 - Yuri's Revenge
Detto IntelliMover
Diablo II
Easy Internet Sign-up
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Hero Editor V0.95
HijackThis 2.0.2
hp center
HP Instant Support
Inactive HP Printer Drivers (Remove only)
KazooStudio
KBD
Learn to Play Magic
Lernout & Hauspie TruVoice American English TTS Engine
Magic Online
MarketBrowser
McAfee.com Agent
McAfee.com VirusScan Online
Microsoft Age of Empires Gold
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Office XP Professional with FrontPage
Microsoft Works 6.0
Microsoft Works and Money 2002 Setup Launcher
Mozilla Firefox (2.0.0.9)
My Photo Center
MySpaceIM
NVIDIA Windows 2000/XP Display Drivers
PC-Doctor for Windows
PowerDVD
Python 1.5 combined Win32 extensions
Python 1.5.2 (final)
Quicken 2002 New User Edition
Quicken Financial Center
QuickTime
Roll
SUPERAntiSpyware Free Edition
Tcl 8.0.5 for Windows
The Sims Deluxe Edition
UltimateBet
UltimateBuddy
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WeatherBug
WildTangent Web Driver
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix (SP1) [See Q308387 for more information]
Windows XP Hotfix (SP1) [See Q308676 for more information]
Windows XP Hotfix (SP1) [See Q308677 for more information]
WordPerfect Office 2002 Try Before You Buy
WordPerfect Office 2002 Try Before You Buy
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Zero-Knowledge Freedom

 

[cybertech]

Run HJT again and put a check in the following:

O4 - HKCU\..\Run: [Tray Temperature] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [WhenUSave] "C:\PROGRA~1\Save\Save.exe"
O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\System32\CROSOF~1.NET\svchost.exe" -vt yazb
O4 - HKCU\..\Run: [Svcmn] "C:\Documents and Settings\Barret\My Documents\W?nSxS\?ttrib.exe"
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Barret\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Barret\Application Data\Microsoft\Windows\qrrvmq.exe
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy

Close all applications and browser windows before you click "fix checked".



Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  

  C:\Program Files\AWS
  C:\Program Files\MarketBrowser\lmt
  C:\Documents and Settings\Barret\Application Data\Microsoft\Windows\qrrvmq.exe
  C:\Documents and Settings\Barret\Application Data\WinTouch
  C:\PROGRA~1\Save

• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
• Click the red Moveit! button.
• Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Run Trend Micro's FREE online virus scanner

Post the results from Scan with a new hijackthis log.