1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Removal of Internet Speed Monitor and then some. HJT log attached!

Discussion in 'Virus & Other Malware Removal' started by Zahrah, Nov 11, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Zahrah

    Zahrah Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    6
    I recently began receiving pop ups and google issues related to Internet Speed Monitor. I also have Windows Security Center pop ups. As if that's not enough, I keep getting a pop up window that tells me that Internet Explorer can't find the Active Desktop HTML file and to click here to turn it off. Can someone help me find and remove all the bad stuff on my computer. Thanks a bunch!!


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:44:07 PM, on 11/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\vvgeowbv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QdrModule\QdrModule9.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    F:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.netzero.net/s/sp?r=al&cf=sp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe
    O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
    O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
    O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
    O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
    O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
    O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
    O2 - BHO: aivskurq.msdn_hlp - {BF442538-BE32-4055-A549-2F3B699F55EB} - C:\WINDOWS\system32\aivskurq.dll
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
    O2 - BHO: Her - {C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B} - C:\WINDOWS\system32\ramtmb.dll
    O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
    O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ISMPack7] "C:\Program Files\ISM2\ISMPack7.exe"
    O4 - HKCU\..\Run: [Kkmwba] "C:\Program Files\Common Files\?racle\s?ool32.exe"
    O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://my.netzero.net/s/sp?r=al&cf=sp
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {96D338F5-8757-4A1C-AFEA-770A4036752F} - https://setup.bellsouth.net/wizlet/BellSouthDial/WebflowActiveXCab.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A1B9D746-FE4E-4C5C-AADD-30068AD23D89}: NameServer = 205.152.144.23 205.152.37.23
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    --
    End of file - 7451 bytes
     
  2. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Welcome to TSG :)

    Download Combofix and save it to your desktop.

    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    --------------------------------------------------------------------
    Please go to Start---> Run---> In the space provided, type "%userprofile%\Desktop\ComboFix.exe"/killall
    & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall
     
  3. Zahrah

    Zahrah Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    6
    Hi Sjpritch25 and thank you. Hope I did this right - here are the logs:

    ComboFix 07-11-08.3 - Rebecca 2007-11-12 7:34:33.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1133 [GMT -5:00]
    Running from: C:\Documents and Settings\Rebecca\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\3721
    C:\Program Files\3721\assist\asbar.dll
    C:\Program Files\3721\helper.dll
    C:\Program Files\Accoona
    C:\Program Files\Accoona\ASearchAssist.dll
    C:\Program Files\akl
    C:\Program Files\akl\akl.dll
    C:\Program Files\akl\akl.exe
    C:\Program Files\akl\curlog.htm
    C:\Program Files\akl\keylog.txt
    C:\Program Files\akl\readme.txt
    C:\Program Files\akl\uninstall.exe
    C:\Program Files\akl\unsetup.dat
    C:\Program Files\akl\unsetup.exe
    C:\Program Files\amsys
    C:\Program Files\amsys\awmsg.dat
    C:\Program Files\amsys\guid.dat
    C:\Program Files\amsys\ijl15.dll
    C:\Program Files\amsys\mfc42.dll
    C:\Program Files\amsys\msvcrt.dll
    C:\Program Files\amsys\unins000.dat
    C:\Program Files\amsys\unis000.exe
    C:\Program Files\amsys\winam.dat
    C:\Program Files\e-zshopper
    C:\Program Files\e-zshopper\BarLcher.dll
    C:\Program Files\p2pnetworks
    C:\Program Files\p2pnetworks\amp2pl.exe
    C:\WINDOWS\764.exe
    C:\WINDOWS\7search.dll
    C:\WINDOWS\aconti.exe
    C:\WINDOWS\adbar.dll
    C:\WINDOWS\cbinst$.exe
    C:\WINDOWS\daxtime.dll
    C:\WINDOWS\dp0.dll
    C:\WINDOWS\eventlowg.dll
    C:\WINDOWS\fhfmm-Uninstaller.exe
    C:\WINDOWS\fhfmm.exe
    C:\WINDOWS\flt.dll
    C:\WINDOWS\hcwprn.exe
    C:\WINDOWS\hotporn.exe
    C:\WINDOWS\ie_32.exe
    C:\WINDOWS\iexplorr23.dll
    C:\WINDOWS\jd2002.dll
    C:\WINDOWS\kkcomp$.exe
    C:\WINDOWS\kkcomp.dll
    C:\WINDOWS\kkcomp.exe
    C:\WINDOWS\kvnab$.exe
    C:\WINDOWS\kvnab.dll
    C:\WINDOWS\kvnab.exe
    C:\WINDOWS\liqad$.exe
    C:\WINDOWS\liqad.dll
    C:\WINDOWS\liqad.exe
    C:\WINDOWS\liqui-Uninstaller.exe
    C:\WINDOWS\liqui.dll
    C:\WINDOWS\liqui.exe
    C:\WINDOWS\ngd.dll
    C:\WINDOWS\pbar.dll
    C:\WINDOWS\pbsysie.dll
    C:\WINDOWS\settn.dll
    C:\WINDOWS\spredirect.dll
    C:\WINDOWS\system32\.exe
    C:\WINDOWS\system32\drivers\blank.gif
    C:\WINDOWS\system32\drivers\box_1.gif
    C:\WINDOWS\system32\drivers\box_2.gif
    C:\WINDOWS\system32\drivers\box_3.gif
    C:\WINDOWS\system32\drivers\button_buynow.gif
    C:\WINDOWS\system32\drivers\button_freescan.gif
    C:\WINDOWS\system32\drivers\cell_bg.gif
    C:\WINDOWS\system32\drivers\cell_footer.gif
    C:\WINDOWS\system32\drivers\cell_header_block.gif
    C:\WINDOWS\system32\drivers\cell_header_remove.gif
    C:\WINDOWS\system32\drivers\cell_header_scan.gif
    C:\WINDOWS\system32\drivers\detect.htm
    C:\WINDOWS\system32\drivers\download_box.gif
    C:\WINDOWS\system32\drivers\download_btn.jpg
    C:\WINDOWS\system32\drivers\download_now_btn.gif
    C:\WINDOWS\system32\drivers\footer_back.jpg
    C:\WINDOWS\system32\drivers\header_1.gif
    C:\WINDOWS\system32\drivers\header_2.gif
    C:\WINDOWS\system32\drivers\header_3.gif
    C:\WINDOWS\system32\drivers\header_4.gif
    C:\WINDOWS\system32\drivers\header_red_bg.gif
    C:\WINDOWS\system32\drivers\header_red_free_scan.gif
    C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
    C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
    C:\WINDOWS\system32\drivers\infected.gif
    C:\WINDOWS\system32\drivers\main_back.gif
    C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
    C:\WINDOWS\system32\drivers\product_1_header.gif
    C:\WINDOWS\system32\drivers\product_1_name_small.gif
    C:\WINDOWS\system32\drivers\product_2_header.gif
    C:\WINDOWS\system32\drivers\product_2_name_small.gif
    C:\WINDOWS\system32\drivers\product_3_header.gif
    C:\WINDOWS\system32\drivers\product_3_name_small.gif
    C:\WINDOWS\system32\drivers\product_features.gif
    C:\WINDOWS\system32\drivers\pt.htm
    C:\WINDOWS\system32\drivers\rating.gif
    C:\WINDOWS\system32\drivers\s_detect.htm
    C:\WINDOWS\system32\drivers\screenshot.jpg
    C:\WINDOWS\system32\drivers\sep_hor.gif
    C:\WINDOWS\system32\drivers\sep_vert.gif
    C:\WINDOWS\system32\drivers\shadow.jpg
    C:\WINDOWS\system32\drivers\shadow_bg.gif
    C:\WINDOWS\system32\drivers\spacer.gif
    C:\WINDOWS\system32\drivers\spy_away_box.jpg
    C:\WINDOWS\system32\drivers\star.gif
    C:\WINDOWS\system32\drivers\star_gray.gif
    C:\WINDOWS\system32\drivers\star_gray_small.gif
    C:\WINDOWS\system32\drivers\star_small.gif
    C:\WINDOWS\system32\drivers\style.css
    C:\WINDOWS\system32\drivers\v.gif
    C:\WINDOWS\system32\drivers\warning_icon.gif
    C:\WINDOWS\system32\drivers\win_logo.gif
    C:\WINDOWS\system32\drivers\x.gif
    C:\WINDOWS\system32\ESHOPEE.exe
    C:\WINDOWS\system32\msole32.exe
    C:\WINDOWS\system32\vxddsk.exe
    C:\WINDOWS\system32\wml.exe
    C:\WINDOWS\vxddsk.exe
    C:\WINDOWS\wbeCheck.exe
    C:\WINDOWS\wbeInst$.exe
    C:\WINDOWS\wml.exe
    C:\WINDOWS\xadbrk.dll
    C:\WINDOWS\xadbrk.exe
    C:\WINDOWS\xadbrk_.exe
    C:\WINDOWS\xxxvideo.exe

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-12 to 2007-11-12 )))))))))))))))))))))))))))))))
    .

    2007-11-11 13:43 <DIR> d-------- C:\Program Files\Trend Micro
    2007-11-11 10:41 18,432 --a------ C:\WINDOWS\fkwggshm.exe
    2007-11-11 10:24 4 --a------ C:\WINDOWS\system32\stfv.bin
    2007-11-11 10:23 <DIR> d-------- C:\WINDOWS\system32\acespy
    2007-11-11 10:23 19,456 --a------ C:\WINDOWS\system32\ace16win.dll
    2007-11-11 10:13 125,447 --a------ C:\WINDOWS\system32\vvgeowbv.exe
    2007-11-11 10:13 21,504 --a------ C:\WINDOWS\system32\aivskurq.dll
    2007-11-11 10:13 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
    2007-11-11 09:10 27,136 --a------ C:\WINDOWS\system32\ramtmb.dll
    2007-11-09 10:36 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
    2007-11-09 10:36 53,760 --a------ C:\WINDOWS\system32\dllcache\vfwwdm32.dll
    2007-11-09 10:36 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
    2007-11-09 10:36 17,024 --a------ C:\WINDOWS\system32\dllcache\ccdecode.sys
    2007-11-09 10:35 <DIR> d-------- C:\Program Files\JL2005C
    2007-11-09 10:35 118,784 --------- C:\WINDOWS\system32\PTTreeIcons.dll
    2007-11-09 10:34 <DIR> d-------- C:\Program Files\Grand Slam Photo Studio
    2007-10-30 11:48 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-10-30 11:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-10-30 11:19 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-30 10:21 <DIR> d-------- C:\Program Files\QdrModule
    2007-10-29 12:27 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
    2007-10-29 11:44 <DIR> d--hs---- C:\WINDOWS\UmViZWNjYQ
    2007-10-13 15:15 <DIR> d-------- C:\WINDOWS\system32\LogFiles
    2007-10-13 10:37 <DIR> d-------- C:\Documents and Settings\Rebecca\Application Data\Aim

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-29 15:03 --------- d-----w C:\Program Files\WildTangent
    2007-10-29 15:03 --------- d-----w C:\Program Files\BitLord
    2007-10-08 18:29 --------- d-----w C:\Documents and Settings\Rebecca\Application Data\Apple Computer
    2007-10-05 19:01 --------- d-----w C:\Documents and Settings\Rebecca\Application Data\Corel
    2007-10-04 19:30 --------- d-----w C:\Program Files\Common Files\Adobe
    2007-10-03 21:34 --------- d-----w C:\Documents and Settings\Rebecca\Application Data\Talkback
    2007-10-03 16:47 --------- d-----w C:\Program Files\iTunes
    2007-10-03 16:30 --------- d-----w C:\Program Files\Common Files\Real
    2007-10-03 16:29 --------- d-----w C:\Program Files\MUSICMATCH
    2007-10-03 16:09 --------- d-----w C:\Program Files\Common Files\Macromedia
    2007-10-03 16:08 --------- d-----w C:\Program Files\Macromedia
    2007-01-18 01:24:54 88 --sh--r C:\WINDOWS\system32\01435E1FA8.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF442538-BE32-4055-A549-2F3B699F55EB}]
    2007-11-11 10:13 21504 --a------ C:\WINDOWS\system32\aivskurq.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B}]
    2007-11-11 09:10 27136 --a------ C:\WINDOWS\system32\ramtmb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 11:05]
    "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 09:26]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISMPack7"="C:\Program Files\ISM2\ISMPack7.exe" []
    "Kkmwba"="C:\Program Files\Common Files\?racle\s?ool32.exe" []
    "QdrModule9"="C:\Program Files\QdrModule\QdrModule9.exe" [2007-11-01 14:51]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rebecca^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=C:\Documents and Settings\Rebecca\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    "C:\Program Files\DellSupport\DSAgnt.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    C:\WINDOWS\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    C:\WINDOWS\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    C:\WINDOWS\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
    C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
    C:\Program Files\McAfee.com\VSO\oasclnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    stsystra.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
    "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

    S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    \Shell\AutoRun\command - E:\setup.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-30 18:19:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    "2007-11-09 23:50:50 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (FAMILY-Rebecca).job"
    - c:\program files\mcafee.com\vso\mcmnhdlr.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-12 07:39:36
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-12 7:40:38 - machine was rebooted
    C:\ComboFix2.txt ... 2007-10-30 11:28
    .
    --- E O F ---


    And Hijackthis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:43:24 AM, on 11/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QdrModule\QdrModule9.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    F:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.netzero.net/s/sp?r=al&cf=sp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
    O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
    O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
    O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
    O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
    O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: aivskurq.msdn_hlp - {BF442538-BE32-4055-A549-2F3B699F55EB} - C:\WINDOWS\system32\aivskurq.dll
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
    O2 - BHO: Her - {C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B} - C:\WINDOWS\system32\ramtmb.dll
    O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
    O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ISMPack7] "C:\Program Files\ISM2\ISMPack7.exe"
    O4 - HKCU\..\Run: [Kkmwba] "C:\Program Files\Common Files\?racle\s?ool32.exe"
    O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://my.netzero.net/s/sp?r=al&cf=sp
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {96D338F5-8757-4A1C-AFEA-770A4036752F} - https://setup.bellsouth.net/wizlet/BellSouthDial/WebflowActiveXCab.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A1B9D746-FE4E-4C5C-AADD-30068AD23D89}: NameServer = 205.152.144.23 205.152.37.23
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    --
    End of file - 7253 bytes
     
  4. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Why do you have part of McAfee disabled via msconfig??? Has the subscription expired???


    Download the attached file CFScript.txt to your Desktop


    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at "C:\ComboFix.txt"

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall



    Note:Please do not use this script on another computer, you may damage the system. The script is made especially for this computer only!!!!


    ====================================

    Please download and install SUPERAntiSpyware
    • Load SUPERAntiSpyware and click the Check for Updates button.
    • Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!

    IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
    • Open SUPERAntiSpyware and click the Scan your Computer button.
    • Check Perform Complete Scan and then click Next.
    • SUPERAntiSpyware will now scan your computer and when itÂ’s finished it will list all the infections it has found.
    • Make sure that they all have a check next to them, and then click Next.
    • Click Finish and you will be taken back to the main interface.
    • It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
    • I'll need a log afterwards of what has been found.
    • To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
    • Please post the results of the SUPERAntiSpyware login your next reply.


    Please post a fresh Hijackthis log too. Thanks
     

    Attached Files:

  5. Zahrah

    Zahrah Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    6
    Hhmmm....unsure about McAfee. :confused: Must be expired?

    ComboFix 07-11-08.3 - Rebecca 2007-11-13 9:22:47.4 - NTFSx86
    Running from: C:\Documents and Settings\Rebecca\Desktop\ComboFix.exe.

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\wsnpoem

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-13 to 2007-11-13 )))))))))))))))))))))))))))))))
    .

    2007-11-12 21:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-11-12 21:04 <DIR> d-------- C:\Documents and Settings\Rebecca\Application Data\SUPERAntiSpyware.com
    2007-11-12 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-12 21:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-11 13:43 <DIR> d-------- C:\Program Files\Trend Micro
    2007-11-11 10:41 18,432 --a------ C:\WINDOWS\fkwggshm.exe
    2007-11-11 10:24 4 --a------ C:\WINDOWS\system32\stfv.bin
    2007-11-11 10:23 <DIR> d-------- C:\WINDOWS\system32\acespy
    2007-11-11 10:23 19,456 --a------ C:\WINDOWS\system32\ace16win.dll
    2007-11-11 10:13 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
    2007-11-09 10:36 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
    2007-11-09 10:36 53,760 --a------ C:\WINDOWS\system32\dllcache\vfwwdm32.dll
    2007-11-09 10:36 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
    2007-11-09 10:36 17,024 --a------ C:\WINDOWS\system32\dllcache\ccdecode.sys
    2007-11-09 10:35 <DIR> d-------- C:\Program Files\JL2005C
    2007-11-09 10:35 118,784 --------- C:\WINDOWS\system32\PTTreeIcons.dll
    2007-11-09 10:34 <DIR> d-------- C:\Program Files\Grand Slam Photo Studio
    2007-10-30 11:48 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-10-30 11:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-10-30 11:19 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-30 10:21 <DIR> d-------- C:\Program Files\QdrModule
    2007-10-29 12:27 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
    2007-10-29 11:44 <DIR> d--hs---- C:\WINDOWS\UmViZWNjYQ
    2007-10-13 15:15 <DIR> d-------- C:\WINDOWS\system32\LogFiles
    2007-10-13 10:37 <DIR> d-------- C:\Documents and Settings\Rebecca\Application Data\Aim

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-13 02:04 --------- d-----w C:\Program Files\Common Files\Adobe
    2007-10-31 15:56 4,288 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-10-29 15:03 --------- d-----w C:\Program Files\WildTangent
    2007-10-29 15:03 --------- d-----w C:\Program Files\BitLord
    2007-10-08 18:29 --------- d-----w C:\Documents and Settings\Rebecca\Application Data\Apple Computer
    2007-10-05 19:01 --------- d-----w C:\Documents and Settings\Rebecca\Application Data\Corel
    2007-10-03 21:34 --------- d-----w C:\Documents and Settings\Rebecca\Application Data\Talkback
    2007-10-03 16:47 --------- d-----w C:\Program Files\iTunes
    2007-10-03 16:30 --------- d-----w C:\Program Files\Common Files\Real
    2007-10-03 16:29 --------- d-----w C:\Program Files\MUSICMATCH
    2007-10-03 16:09 --------- d-----w C:\Program Files\Common Files\Macromedia
    2007-10-03 16:08 --------- d-----w C:\Program Files\Macromedia
    2007-08-22 12:55 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
    2007-08-22 12:55 665,600 ------w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-22 12:55 617,984 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-22 12:55 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-22 12:55 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-22 12:55 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-08-22 12:55 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-22 12:55 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-08-22 12:55 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-08-22 12:55 3,064,832 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-22 12:55 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
    2007-08-22 12:55 205,824 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-22 12:55 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-22 12:55 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
    2007-08-22 12:55 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-22 12:55 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-08-22 12:55 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
    2007-08-22 12:55 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
    2007-08-21 10:19 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-01-18 01:24:54 88 --sh--r C:\WINDOWS\system32\01435E1FA8.sys
    .

    ((((((((((((((((((((((((((((( [email protected]_ 7.40.13.67 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-03-13 14:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    + 2007-03-13 15:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    + 2007-11-13 02:04:20 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
    + 2007-11-13 02:04:20 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    + 2007-11-13 02:04:20 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
    - 2006-09-01 22:07:43 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2007-11-13 01:10:07 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2006-09-01 22:07:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2007-11-13 01:10:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2007-11-13 01:10:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2004-08-10 09:00:00 29,056 ----a-w C:\WINDOWS\system32\dllcache\ip6fw.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 11:05]
    "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 09:26]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISMPack7"="C:\Program Files\ISM2\ISMPack7.exe" []
    "Kkmwba"="C:\Program Files\Common Files\?racle\s?ool32.exe" []
    "QdrModule9"="C:\Program Files\QdrModule\QdrModule9.exe" [2007-11-01 14:51]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rebecca^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=C:\Documents and Settings\Rebecca\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    "C:\Program Files\DellSupport\DSAgnt.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    C:\WINDOWS\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    C:\WINDOWS\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    C:\WINDOWS\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
    C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
    C:\Program Files\McAfee.com\VSO\oasclnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    stsystra.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
    "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

    S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    \Shell\AutoRun\command - E:\setup.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-30 18:19:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    "2007-11-09 23:50:50 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (FAMILY-Rebecca).job"
    - c:\program files\mcafee.com\vso\mcmnhdlr.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-13 09:25:24
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-13 9:25:49
    C:\ComboFix2.txt ... 2007-11-12 20:11
    C:\ComboFix3.txt ... 2007-11-12 07:40
    .
    --- E O F ---
    SuperAntiSpyware Coming next...
     
  6. Zahrah

    Zahrah Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    6
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/12/2007 at 10:14 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3343
    Trace Rules Database Version: 1344

    Scan type : Complete Scan
    Total Scan Time : 00:52:49

    Memory items scanned : 322
    Memory threats detected : 0
    Registry items scanned : 5074
    Registry threats detected : 41
    File items scanned : 62012
    File threats detected : 163

    Adware.AdSponsor/ISM
    HKLM\Software\Classes\CLSID\{1ED6A320-8AF3-4f06-868A-9BA95585712E}
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}#AppID
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\Implemented Categories
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\InprocServer32
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\InprocServer32#ThreadingModel
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\ProgID
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\TypeLib
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\VersionIndependentProgID
    C:\PROGRAM FILES\ISM\BNDDRIVE7.DLL
    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{1ED6A320-8AF3-4f06-868A-9BA95585712E}
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0101110.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0101137.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0101145.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP368\A0101157.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP368\A0101162.DLL

    Unclassified.Unknown Origin
    HKLM\Software\Classes\CLSID\{C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B}
    HKCR\CLSID\{C4DE5B15-4FFE-4C02-8CB3-CAD24A33562B}
    HKCR\CLSID\{C4DE5B15-4FFE-4C02-8CB3-CAD24A33562B}
    HKCR\CLSID\{C4DE5B15-4FFE-4C02-8CB3-CAD24A33562B}\InprocServer32
    HKCR\CLSID\{C4DE5B15-4FFE-4C02-8CB3-CAD24A33562B}\InprocServer32#ThreadingModel
    HKCR\CLSID\{C4DE5B15-4FFE-4C02-8CB3-CAD24A33562B}\ProgID
    HKCR\CLSID\{C4DE5B15-4FFE-4C02-8CB3-CAD24A33562B}\TypeLib
    C:\WINDOWS\SYSTEM32\RAMTMB.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP368\A0101155.EXE

    Adware.AdBreak
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}

    411Ferret Toolbar
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12F02779-6D88-4958-8AD3-83C12D86ADC7}

    Adware.AdBlaster
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}

    AdBars BHO
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}

    Adware.404Search
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}

    Adware.Accoona
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}

    Trojan.Downloader-FakeRX
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF442538-BE32-4055-A549-2F3B699F55EB}
    HKCR\CLSID\{BF442538-BE32-4055-A549-2F3B699F55EB}
    HKCR\CLSID\{BF442538-BE32-4055-A549-2F3B699F55EB}
    HKCR\CLSID\{BF442538-BE32-4055-A549-2F3B699F55EB}\Implemented Categories
    HKCR\CLSID\{BF442538-BE32-4055-A549-2F3B699F55EB}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
    HKCR\CLSID\{BF442538-BE32-4055-A549-2F3B699F55EB}\InprocServer32
    HKCR\CLSID\{BF442538-BE32-4055-A549-2F3B699F55EB}\InprocServer32#ThreadingModel
    HKCR\CLSID\{BF442538-BE32-4055-A549-2F3B699F55EB}\ProgID
    HKCR\CLSID\{BF442538-BE32-4055-A549-2F3B699F55EB}\Programmable
    HKCR\CLSID\{BF442538-BE32-4055-A549-2F3B699F55EB}\TypeLib
    HKCR\CLSID\{BF442538-BE32-4055-A549-2F3B699F55EB}\VERSION
    C:\WINDOWS\SYSTEM32\AIVSKURQ.DLL

    Trojan.PBar
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}

    Adware.WsnPoem
    C:\WINDOWS\system32\wsnpoem\audio.dll
    C:\WINDOWS\system32\wsnpoem\video.dll
    C:\WINDOWS\system32\wsnpoem

    Adware.ClickSpring
    C:\Documents and Settings\Brittany\Application Data\FNTS~1\TSKMGR~1.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP336\A0088306.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP368\A0101153.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP368\A0101154.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP368\A0101165.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP368\A0101166.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP368\A0101167.EXE

    Adware.Tracking Cookie
    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected]ad.thewheelof[2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Local Settings\Temp\Cookies\[email protected][3].txt
    C:\Documents and Settings\Brittany\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Brittany\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Brittany\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Rebecca\Cookies\[email protected][2].txt
    F:\Documents and Settings\med\Local Settings\Temp\Cookies\[email protected][2].txt
    F:\Documents and Settings\med\Local Settings\Temp\Cookies\[email protected][2].txt
    F:\Documents and Settings\med\Local Settings\Temp\Cookies\[email protected][2].txt
    F:\Documents and Settings\med\Local Settings\Temp\Cookies\[email protected][2].txt
    F:\Documents and Settings\med\Local Settings\Temp\Cookies\[email protected][1].txt
    F:\Documents and Settings\med\Local Settings\Temp\Cookies\[email protected][2].txt
    F:\Documents and Settings\med\Local Settings\Temp\Cookies\[email protected][1].txt
    F:\Documents and Settings\med\Local Settings\Temp\Cookies\[email protected][2].txt
    F:\Documents and Settings\med\Local Settings\Temp\Cookies\[email protected][1].txt
    F:\Documents and Settings\med\Local Settings\Temp\Cookies\[email protected][2].txt
    F:\Documents and Settings\med\Local Settings\Temp\Cookies\[email protected][1].txt
    F:\Documents and Settings\med\Local Settings\Temp\Cookies\[email protected][2].txt
    F:\Documents and Settings\med\Local Settings\Temp\Cookies\[email protected][1].txt
    F:\Documents and Settings\med\Local Settings\Temp\Cookies\[email protected][1].txt
    F:\Documents and Settings\med\Local Settings\Temp\Cookies\[email protected][2].txt
    F:\Documents and Settings\med\Local Settings\Temp\Cookies\[email protected][1].txt
    F:\Documents and Settings\med\Local Settings\Temp\Cookies\[email protected][2].txt
    F:\Documents and Settings\med\Local Settings\Temp\Cookies\[email protected][2].txt
    F:\Documents and Settings\med\Local Settings\Temp\Cookies\[email protected][1].txt
    F:\Documents and Settings\med\Local Settings\Temp\Cookies\[email protected][1].txt
    F:\Documents and Settings\med\Local Settings\Temp\Cookies\[email protected][1].txt

    Trojan.Downloader-Gen/FakeAlert-A
    C:\DOCUMENTS AND SETTINGS\REBECCA\APPLICATION DATA\MICROSOFT\FPIWQGK.EXE

    Trojan.Unknown Origin
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP336\A0088293.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP366\A0101095.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0101128.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0101131.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0101132.VBS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP368\A0101170.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP368\A0101171.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP368\A0101173.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP371\A0101293.VBS

    Adware.ClickSpring/Resident
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP336\A0088305.DLL

    Trojan.Downloader-Gen/Installer
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP366\A0101093.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0101129.EXE

    Trojan.Downloader-Gen/WinAble-Installer
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP366\A0101094.EXE

    Trojan.NetMon/DNSChange
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0101126.EXE

    Adware.Adservs
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP368\A0101156.DLL

    Trojan.Downloader-Gen
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP368\A0101174.EXE
    C:\WINDOWS\SYSTEM32\NTOS.EXE

    Unclassified.Unknown Origin/System
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP368\A0101175.DLL

    Trojan.Downloader-Gen/Savage
    C:\WINDOWS\SYSTEM32\VVGEOWBV.EXE

    Trace.Known Threat Sources
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\OXERCXEN\ctxad-558[1].0001
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\OTAJGDMJ\campaigns7[1].encrypted
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\YZK79YZI\ctxad-556[1].0006
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\E5KR42KM\ctxad-556[1].0000
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\KLAVGHEZ\setar-101[1].sig
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\4D6VO5MV\ctxad-556[1].0001
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\WHUF49YB\ctxad-558[1].sig
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\OXERCXEN\ctxad-558[1].0003
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\KLAVGHEZ\client_settings_3[1].bin
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\CHEVO5I3\ctxad-556[1].0002
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\CHEVO5I3\dohinst-103[1].sig
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\JYRUPBGM\ctxad-556[1].sig
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\WHUF49YB\ctxad-558[1].0004
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\JYRUPBGM\dohinst-103[1].0000
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\QBUCEE1X\ctxad-556[1].0005
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\OXERCXEN\ctxad-558[1].0006
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\JYRUPBGM\ctxad-556[1].0003
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\OTAJGDMJ\ctxad-558[1].0002
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\4HEJGP2B\close[1].gif
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\49QN8DAB\background[1].gif
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\49QN8DAB\1x1[1].gif
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\YZK79YZI\ctxad-559[1].0001
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\WHUF49YB\ctxad-559[1].0003
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\E5KR42KM\ctxad-559[1].sig
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\QBUCEE1X\ctxad-559[1].0000
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\OD0636L3\campaigns8[1].encrypted
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\CHEVO5I3\ctxad-559[1].0002
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\49QN8DAB\ctxad-559[1].0006
    C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\OXERCXEN\ctxad-559[1].0004

    THANK YOU BUNCHES!!
     
  7. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Please post a fresh Hijackthis log. How is everything running?
     
  8. Zahrah

    Zahrah Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    6
    Hi there! Everything seems to be fine. No popups or other suspicious annoyances...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:52:01 PM, on 11/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QdrModule\QdrModule9.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.netzero.net/s/sp?r=al&cf=sp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
    O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ISMPack7] "C:\Program Files\ISM2\ISMPack7.exe"
    O4 - HKCU\..\Run: [Kkmwba] "C:\Program Files\Common Files\?racle\s?ool32.exe"
    O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://my.netzero.net/s/sp?r=al&cf=sp
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {96D338F5-8757-4A1C-AFEA-770A4036752F} - https://setup.bellsouth.net/wizlet/BellSouthDial/WebflowActiveXCab.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A1B9D746-FE4E-4C5C-AADD-30068AD23D89}: NameServer = 205.152.144.23 205.152.37.23
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    --
    End of file - 6516 bytes
     
  9. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Run HijackThis, and press "Do a System Scan Only".
    1. When the scan is complete place a check mark next to the following entries:

    O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
    O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    O4 - HKCU\..\Run: [Kkmwba] "C:\Program Files\Common Files\?racle\s?ool32.exe"

    2. After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked." Then, reboot your computer...


    =================================

    [​IMG] Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

    Ugrading Java:

    • Download the latest version of Java Runtime Environment (JRE) 6u3.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.


    How is everything running??
     
  10. Zahrah

    Zahrah Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    6
    Hi again, sjprich25! I've been away and my son tells me that the computer is running better but still gets an occasional pop up from Internet Speed Monitor. I ran ComboFix, SuperAntiSpyWare and Hijackthis. I'm posting the logs.....thanks again and Gobble Gobble!

    FYI: I just got an Internet Speed Monitor pop up.

    ComboFix 07-11-08.3 - Rebecca 2007-11-18 15:02:01.7 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1115 [GMT -5:00]
    Running from: C:\Documents and Settings\Rebecca\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2007-10-18 to 2007-11-18 )))))))))))))))))))))))))))))))
    .

    2007-11-12 21:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-11-12 21:04 <DIR> d-------- C:\Documents and Settings\Rebecca\Application Data\SUPERAntiSpyware.com
    2007-11-12 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-12 21:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-11 13:43 <DIR> d-------- C:\Program Files\Trend Micro
    2007-11-11 10:41 18,432 --a------ C:\WINDOWS\fkwggshm.exe
    2007-11-11 10:24 4 --a------ C:\WINDOWS\system32\stfv.bin
    2007-11-11 10:23 <DIR> d-------- C:\WINDOWS\system32\acespy
    2007-11-11 10:23 19,456 --a------ C:\WINDOWS\system32\ace16win.dll
    2007-11-11 10:13 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
    2007-11-09 10:36 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
    2007-11-09 10:36 53,760 --a------ C:\WINDOWS\system32\dllcache\vfwwdm32.dll
    2007-11-09 10:36 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
    2007-11-09 10:36 17,024 --a------ C:\WINDOWS\system32\dllcache\ccdecode.sys
    2007-11-09 10:35 <DIR> d-------- C:\Program Files\JL2005C
    2007-11-09 10:35 118,784 --------- C:\WINDOWS\system32\PTTreeIcons.dll
    2007-11-09 10:34 <DIR> d-------- C:\Program Files\Grand Slam Photo Studio
    2007-10-30 11:48 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-10-30 11:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-10-30 11:19 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-30 10:21 <DIR> d-------- C:\Program Files\QdrModule
    2007-10-29 12:27 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
    2007-10-29 11:44 <DIR> d--hs---- C:\WINDOWS\UmViZWNjYQ

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-14 16:07 --------- d-----w C:\Program Files\Java
    2007-11-13 02:04 --------- d-----w C:\Program Files\Common Files\Adobe
    2007-10-31 15:56 4,288 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-10-29 15:03 --------- d-----w C:\Program Files\WildTangent
    2007-10-29 15:03 --------- d-----w C:\Program Files\BitLord
    2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-13 15:37 --------- d-----w C:\Documents and Settings\Rebecca\Application Data\Aim
    2007-10-08 18:29 --------- d-----w C:\Documents and Settings\Rebecca\Application Data\Apple Computer
    2007-10-05 19:01 --------- d-----w C:\Documents and Settings\Rebecca\Application Data\Corel
    2007-10-03 21:34 --------- d-----w C:\Documents and Settings\Rebecca\Application Data\Talkback
    2007-10-03 16:47 --------- d-----w C:\Program Files\iTunes
    2007-10-03 16:30 --------- d-----w C:\Program Files\Common Files\Real
    2007-10-03 16:29 --------- d-----w C:\Program Files\MUSICMATCH
    2007-10-03 16:09 --------- d-----w C:\Program Files\Common Files\Macromedia
    2007-10-03 16:08 --------- d-----w C:\Program Files\Macromedia
    2007-08-22 12:55 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
    2007-08-22 12:55 665,600 ------w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-22 12:55 617,984 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-22 12:55 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-22 12:55 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-22 12:55 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-08-22 12:55 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-22 12:55 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-08-22 12:55 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-08-22 12:55 3,064,832 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-22 12:55 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
    2007-08-22 12:55 205,824 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-22 12:55 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-22 12:55 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
    2007-08-22 12:55 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-22 12:55 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-08-22 12:55 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
    2007-08-22 12:55 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
    2007-08-21 10:19 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-01-18 01:24:54 88 --sh--r C:\WINDOWS\system32\01435E1FA8.sys
    .

    ((((((((((((((((((((((((((((( [email protected]_ 7.40.13.67 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-03-13 14:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    + 2007-03-13 15:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    + 2007-11-13 02:04:20 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
    + 2007-11-13 02:04:20 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    + 2007-11-13 02:04:20 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
    - 2006-09-01 22:07:43 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2007-11-13 01:10:07 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2006-09-01 22:07:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2007-11-13 01:10:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2004-08-10 09:00:00 29,056 ----a-w C:\WINDOWS\system32\dllcache\ip6fw.sys
    - 2005-11-10 15:27:06 49,248 ----a-w C:\WINDOWS\system32\java.exe
    + 2007-09-25 03:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
    - 2005-11-10 15:27:16 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
    + 2007-09-25 03:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
    - 2005-11-10 17:03:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
    + 2007-09-25 04:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
    - 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
    + 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\system32\shell32.dll
    - 2005-10-12 23:12:25 14,048 ------w C:\WINDOWS\system32\spmsg.dll
    + 2007-03-06 01:22:33 14,048 ------w C:\WINDOWS\system32\spmsg.dll
    - 2007-08-21 10:13:33 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
    + 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 11:05]
    "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 09:26]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISMPack7"="C:\Program Files\ISM2\ISMPack7.exe" []
    "QdrModule9"="C:\Program Files\QdrModule\QdrModule9.exe" [2007-11-01 14:51]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rebecca^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=C:\Documents and Settings\Rebecca\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    "C:\Program Files\DellSupport\DSAgnt.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    C:\WINDOWS\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    C:\WINDOWS\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    C:\WINDOWS\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
    C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
    C:\Program Files\McAfee.com\VSO\oasclnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    stsystra.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
    "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

    S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    \Shell\AutoRun\command - E:\setup.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-13 19:19:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-11-16 23:31:59 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (FAMILY-Rebecca).job"
    - c:\program files\mcafee.com\vso\mcmnhdlr.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-18 15:05:18
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-18 15:05:41
    C:\ComboFix2.txt ... 2007-11-17 13:25
    C:\ComboFix3.txt ... 2007-11-15 17:05
    .
    --- E O F ---


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:28:18 PM, on 11/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\QdrModule\QdrModule9.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.netzero.net/s/sp?r=al&cf=sp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [ISMPack7] "C:\Program Files\ISM2\ISMPack7.exe"
    O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://my.netzero.net/s/sp?r=al&cf=sp
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {96D338F5-8757-4A1C-AFEA-770A4036752F} - https://setup.bellsouth.net/wizlet/BellSouthDial/WebflowActiveXCab.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A1B9D746-FE4E-4C5C-AADD-30068AD23D89}: NameServer = 205.152.144.23 205.152.37.23
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    --
    End of file - 5624 bytes
     
  11. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Download the attached file CFScript.txt to your Desktop


    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at "C:\ComboFix.txt". In your next reply, please include the ComboFix log and a fresh HIjackthis log.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall



    Note:Please do not use this script on another computer, you may damage the system. The script is made especially for this computer only!!!!
     

    Attached Files:

  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/650640

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice