1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: computer is running a bit slower..?

Discussion in 'Virus & Other Malware Removal' started by g0t mi1k123, Jul 16, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. g0t mi1k123

    g0t mi1k123 Thread Starter

    Joined:
    Apr 6, 2006
    Messages:
    80
    i just downloaded a game patch from some unknown website and i think i was too gullible for a day because i havent been getting any infection to my computer

    so can anyone help check my log? havent been on since a mighty long time, thnx

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 10:38:22 PM, on 7/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\mcafee.com\agent\McAgent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\WINDOWS\retadpu1000106.exe
    C:\WINDOWS\suzxgwlA.exe
    C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\acs.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\suzxgwl.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Alan Wu\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = By DSLExtreme
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: (no name) - {384637AA-4814-464B-9E39-1FC94342EF3B} - C:\Program Files\Windows NT\hokenopax83122.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: (no name) - {7cfdf525-163a-4532-95fe-76e36fcf61c3} - C:\WINDOWS\system32\c_8ib1.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {BD2EE9C0-E8EE-4897-82CB-02A605AD4B53} - C:\WINDOWS\system32\awtsp.dll
    O2 - BHO: (no name) - {DCD53738-C4F9-414A-A03C-C7405A4AC844} - C:\WINDOWS\system32\pmnopqq.dll
    O2 - BHO: 0 - {F3175146-C5B5-4A4E-D3AC-CF42A146483C} - C:\Program Files\Common Files\lavuh509.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKLM\..\Run: [suzxgwlA] C:\WINDOWS\suzxgwlA.exe
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\qwintndt.exe SKY009
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
    O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
    O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\qwintndt.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://g0tmi1k123.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
    O20 - Winlogon Notify: awtsp - C:\WINDOWS\system32\awtsp.dll
    O20 - Winlogon Notify: c_8ib1 - c_8ib1.dll (file missing)
    O20 - Winlogon Notify: pmnopqq - C:\WINDOWS\SYSTEM32\pmnopqq.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\suzxgwl.exe

    --
    End of file - 8786 bytes
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Live and learn I guess. ;)


    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
     
  3. g0t mi1k123

    g0t mi1k123 Thread Starter

    Joined:
    Apr 6, 2006
    Messages:
    80
    SDFix: Version 1.92

    Run by Alan Wu on Mon 07/16/2007 at 01:25 PM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix\SDFix

    Safe Mode:
    Checking Services:

    Name:
    core
    Windows Overlay Components

    ImagePath:
    system32\drivers\core.sys
    C:\WINDOWS\suzxgwl.exe

    core - Deleted
    Windows Overlay Components - Deleted



    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe - Deleted
    C:\WINDOWS\retadpu1000106.exe - Deleted
    C:\WINDOWS\retadpu572.exe - Deleted
    C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
    C:\WINDOWS\system32\drivers\core.sys - Deleted
    C:\WINDOWS\system32\dwdsregt.exe - Deleted
    C:\WINDOWS\system32\msnav32.ax - Deleted
    C:\WINDOWS\tcb.pmw - Deleted
    C:\WINDOWS\Uninst2.htm - Deleted
    C:\WINDOWS\Unist1.htm - Deleted
    C:\WINDOWS\wr.txt - Deleted



    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
    "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
    "C:\\Program Files\\Common Files\\AOL\\1147581691\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1147581691\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
    "C:\\Program Files\\Common Files\\AOL\\1147581691\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1147581691\\ee\\aim6.exe:*:Enabled:AIM"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
    "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"

    Remaining Files:
    ---------------

    Backups Folder: - C:\SDFix\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    C:\WINDOWS\system32\ddayaxv.dll
    C:\Program Files\America Online 9.0\aolphx.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\Program Files\America Online 9.0\RBM.exe
    C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
    C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
    C:\WINDOWS\suzxgwlA.exe
    C:\i386\31FDCCB7C4.sys
    C:\i386\KGyGaAvL.sys
    C:\WINDOWS\system32\31FDCCB7C4.sys
    C:\WINDOWS\system32\KGyGaAvL.sys
    C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp
    C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp
    C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp

    Finished

    HIJACKTHIS log

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 1:49:41 PM, on 7/16/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\acs.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\PROGRA~1\mcafee.com\agent\McAgent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\WINDOWS\suzxgwlA.exe
    C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
    C:\WINDOWS\g4356cbvy63.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    c:\windows\system32\dwdsregt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Documents and Settings\Alan Wu\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = By DSLExtreme
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: (no name) - {384637AA-4814-464B-9E39-1FC94342EF3B} - C:\Program Files\Windows NT\hokenopax83122.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: (no name) - {7cfdf525-163a-4532-95fe-76e36fcf61c3} - C:\WINDOWS\system32\c_8ib1.dll (file missing)
    O2 - BHO: (no name) - {8237007C-BB95-46EB-8FA4-A473A1B633A0} - C:\WINDOWS\system32\awtsp.dll
    O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\lnbyxwgo.dll
    O2 - BHO: 0 - {A23E37F0-59F3-4F41-D1B7-B8C4C4AC8D2D} - C:\Program Files\Common Files\lavuh966.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {DCD53738-C4F9-414A-A03C-C7405A4AC844} - C:\WINDOWS\system32\pmnopqq.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [suzxgwlA] C:\WINDOWS\suzxgwlA.exe
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\qwintndt.exe SKY009
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
    O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63
    O4 - HKLM\..\Run: [{24-49-9C-C8-ZN}] c:\windows\system32\dwdsregt.exe SKY009
    O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\cedkwaik.dll",forkonce
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\msdsregn.exe
    O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\qwintndt.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://g0tmi1k123.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
    O20 - Winlogon Notify: awtsp - C:\WINDOWS\system32\awtsp.dll
    O20 - Winlogon Notify: c_8ib1 - c_8ib1.dll (file missing)
    O20 - Winlogon Notify: pmnopqq - C:\WINDOWS\SYSTEM32\pmnopqq.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 8893 bytes
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
  5. g0t mi1k123

    g0t mi1k123 Thread Starter

    Joined:
    Apr 6, 2006
    Messages:
    80
    "Alan Wu" - 2007-07-16 14:47:30 - ComboFix 07-07-13.8 - Service Pack 2 NTFS


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\cedkwaik.dll
    C:\WINDOWS\system32\ddayaxv.dll
    C:\WINDOWS\system32\ddcbxyw.dll
    C:\WINDOWS\system32\jkkkkll.dll
    C:\WINDOWS\system32\dolvswgp.exe
    C:\WINDOWS\system32\ddcbxyw.dll
    C:\WINDOWS\system32\jkkkkll.dll
    C:\WINDOWS\system32\pstwa.bak1
    C:\WINDOWS\system32\pstwa.bak2
    C:\WINDOWS\system32\pstwa.ini
    C:\WINDOWS\system32\kiawkdec.ini
    C:\WINDOWS\system32\awtsp.dll
    C:\WINDOWS\system32\pmnopqq.dll
    C:\WINDOWS\system32\pmnopqq.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\ALANWU~1\APPLIC~1.\winantispyware 2007
    C:\DOCUME~1\ALANWU~1\APPLIC~1.\winantispyware 2007\Logs\update.log
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
    C:\Program Files\Common Files\lavuh.dll
    C:\Program Files\Common Files\lavuh424.dll
    C:\Program Files\Common Files\lavuh509.dll
    C:\Program Files\Common Files\lavuh596.dll
    C:\Program Files\Common Files\lavuh697.dll
    C:\Program Files\Common Files\lavuh966.dll
    C:\Program Files\Common Files\winantispyware 2007
    C:\Program Files\Common Files\winantispyware 2007\err.log
    C:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
    C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
    C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
    C:\Program Files\sstem3~1
    C:\Program Files\Windows NT\hokenopax83122.dll
    C:\temp\tn3
    C:\WINDOWS\dls0523pmw.exe
    C:\WINDOWS\offun.exe
    C:\WINDOWS\rau001978.exe
    C:\WINDOWS\system32\bszip.dll
    C:\WINDOWS\system32\drivers\fopn.sys
    C:\WINDOWS\system32\dwdsregt.exe
    C:\WINDOWS\system32\msnav32.ax
    C:\WINDOWS\system32\winpfz32.sys
    C:\WINDOWS\system32\Z1
    C:\WINDOWS\system32\Z1\mwspasrt83122.exe
    C:\WINDOWS\system32\Z3
    C:\WINDOWS\system32\Z3\wr73.exe
    C:\WINDOWS\system32\Z5
    C:\WINDOWS\system32\Z5\st2.exe
    C:\WINDOWS\system32\Z7
    C:\WINDOWS\system32\zxdnt3d.cfg
    C:\WINDOWS\tk58.exe


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_NET_AGENT
    -------\Net Agent


    ((((((((((((((((((((((((( Files Created from 2007-06-16 to 2007-07-16 )))))))))))))))))))))))))))))))


    2007-07-16 14:46 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-16 13:25 <DIR> d-------- C:\WINDOWS\ERUNT
    2007-07-16 13:07 66,624 --a------ C:\WINDOWS\system32\lnbyxwgo.dll
    2007-07-16 13:04 66,112 --a------ C:\WINDOWS\system32\wmcrndqh.exe
    2007-07-15 22:58 <DIR> d-------- C:\Program Files\Enigma Software Group
    2007-07-15 22:12 49,176 --a------ C:\WINDOWS\system32\msdsregn.exe
    2007-07-15 22:12 224,654 --a------ C:\WINDOWS\zvrww0578.exe
    2007-07-15 21:40 54,784 --a------ C:\WINDOWS\suzxgwl.exe
    2007-07-15 21:40 49,152 --a------ C:\WINDOWS\TISKY009.exe
    2007-07-15 21:40 376,352 -r-hs---- C:\WINDOWS\suzxgwlA.exe
    2007-07-15 21:40 192,627 --a------ C:\WINDOWS\system32\qwintndt.exe
    2007-07-15 21:40 <DIR> d-------- C:\WINDOWS\system32\Z11
    2007-07-15 21:40 <DIR> d-------- C:\WINDOWS\system32\driver
    2007-07-15 21:40 <DIR> d-------- C:\Temp\0c2
    2007-07-15 21:39 <DIR> d-------- C:\WINDOWS\system32\b02FdUe
    2007-07-15 21:39 <DIR> d-------- C:\Temp\brr
    2007-07-06 12:40 192,512 --a------ C:\WINDOWS\g4356cbvy63.exe
    2007-07-01 19:00 <DIR> d--h----- C:\DOCUME~1\ALANWU~1\APPLIC~1\ijjigame
    2007-06-30 17:28 967 --a------ C:\WINDOWS\ScUnin.pif
    2007-06-30 17:28 94,208 --a------ C:\WINDOWS\ScUnin.exe
    2007-06-30 17:28 13,044 --a------ C:\WINDOWS\scunin.dat
    2007-06-30 17:27 <DIR> d-------- C:\Program Files\Starcraft
    2007-06-25 06:54 53,248 --a------ C:\WINDOWS\uni_eh44.exe
    2007-06-25 06:53 53,248 --a------ C:\WINDOWS\uninst1014.exe


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-16 21:51:11 -------- d-----w C:\Program Files\Windows NT
    2007-07-16 21:45:56 246 ----a-w C:\Program Files\Common Files\lavuh596
    2007-07-16 21:44:42 246 ----a-w C:\Program Files\Common Files\lavuh966
    2007-07-16 21:39:19 -------- d-----w C:\Program Files\Warcraft III
    2007-07-16 20:02:05 246 ----a-w C:\Program Files\Common Files\lavuh697
    2007-07-16 05:10:01 -------- d-----w C:\Program Files\Microsoft Games
    2007-07-16 05:07:24 -------- d-----w C:\Program Files\Sony Ericsson
    2007-07-16 05:07:21 -------- d-----w C:\Program Files\Common Files\Teleca Shared
    2007-07-16 05:06:05 -------- d-----w C:\DOCUME~1\ALANWU~1\APPLIC~1\NJStar
    2007-07-16 05:04:39 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-07-10 21:36:57 -------- d-----w C:\Program Files\512 PSP memory
    2007-06-28 04:52:03 -------- d-----w C:\Program Files\Warcraft III Demo
    2007-06-21 21:07:42 3,402 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-06-21 21:07:37 88 --sh--r C:\WINDOWS\system32\31FDCCB7C4.sys
    2007-06-06 21:58:49 -------- d-----w C:\Program Files\PolderbitS
    2007-06-05 23:59:55 -------- d-----w C:\Program Files\Notation
    2007-06-05 23:54:02 -------- d-----w C:\Program Files\MIDIView 1.1 DEMO
    2007-05-19 00:42:56 -------- d-----w C:\Program Files\WarRock
    2007-05-19 00:40:53 -------- d-----w C:\Program Files\AoA MP4 Converter
    2007-05-19 00:39:41 -------- d-----w C:\Program Files\Plato Video To 3GP Converter
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-02-12 05:54:16 52,368 ----a-w C:\DOCUME~1\ALANWU~1\APPLIC~1\GDIPFONTCACHEV1.DAT
    2006-12-19 06:34:39 0 ----a-w C:\Program Files\error.dat


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-01-12 18:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}]
    2005-10-28 08:30 147456 --a------ c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3EC8255F-E043-4cae-8B3B-B191550C2A22}]
    2005-10-28 08:30 132648 --a------ c:\program files\mcafee.com\mps\popupkiller.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}]
    2005-11-03 12:10 348160 --a------ c:\program files\mcafee\spamkiller\mcapfbho.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    2005-09-08 03:20 110652 --a------ C:\WINDOWS\System32\DLA\DLASHX_W.DLL

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7cfdf525-163a-4532-95fe-76e36fcf61c3}]
    C:\WINDOWS\system32\c_8ib1.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar4.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    2007-06-06 19:07 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 10:05]
    "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [2005-09-22 16:29]
    "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 08:26]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-05 17:48]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22]
    "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 15:46]
    "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 16:04]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AIM"="C:\Program Files\AIM\aim.exe" [2005-06-01 23:34]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 19:07]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c_8ib1]
    c_8ib1.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
    backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG311T Wireless Assistant.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311T Wireless Assistant.lnk
    backup=C:\WINDOWS\pss\NETGEAR WG311T Wireless Assistant.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
    C:\Program Files\AIM\aim.exe -cnetwait.odl

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    "C:\Program Files\Dell Support\DSAgnt.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    C:\WINDOWS\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    C:\WINDOWS\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
    c:\PROGRA~1\mcafee.com\agent\McAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
    C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
    C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe]
    c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
    C:\Program Files\McAfee.com\VSO\oasclnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    stsystra.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
    "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    AutoRun\command- D:\autoplay.exe


    Contents of the 'Scheduled Tasks' folder
    2007-07-14 01:30:00 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (ALAN-Alan Wu).job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-16 14:54:55
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-16 14:55:21 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-16 14:55

    --- E O F ---








    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 2:57:10 PM, on 7/16/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\acs.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\cmd.exe
    C:\PROGRA~1\mcafee.com\agent\McAgent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Documents and Settings\Alan Wu\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: (no name) - {7cfdf525-163a-4532-95fe-76e36fcf61c3} - C:\WINDOWS\system32\c_8ib1.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://g0tmi1k123.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
    O20 - Winlogon Notify: c_8ib1 - c_8ib1.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 7293 bytes
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    It's not clean yet but looking better.

    Go to add/remove programs and remove these:
    ViewpointService



    [​IMG] Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Be aware it is NOT supported for use in 9x or ME and probably will not install in those systems

    Ugrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6u2.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.


    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.
     
  7. g0t mi1k123

    g0t mi1k123 Thread Starter

    Joined:
    Apr 6, 2006
    Messages:
    80
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/16/2007 at 05:50 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3259
    Trace Rules Database Version: 1270

    Scan type : Complete Scan
    Total Scan Time : 01:11:53

    Memory items scanned : 373
    Memory threats detected : 0
    Registry items scanned : 5755
    Registry threats detected : 57
    File items scanned : 78972
    File threats detected : 44

    Adware.Mirar/NetNucleus
    HKLM\Software\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InprocServer32
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InprocServer32#ThreadingModel
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\ProgID
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Programmable
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\TypeLib
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\VersionIndependentProgID
    C:\WINDOWS\SYSTEM32\WINATS.DLL
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Ticket
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid32
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib#Version
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid32
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib#Version
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid32
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib#Version
    HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1
    HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1\CLSID
    HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1\CurVer
    HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1.1
    HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1.1\CLSID
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0\win32
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\FLAGS
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\HELPDIR
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll#.Owner
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll#{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}#SystemComponent
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}#Installer
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains\Files
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains\Files#C:\WINDOWS\system32\WinATS.dll
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation#CODEBASE
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation#INF
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InstalledVersion
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InstalledVersion#LastModified
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\System32\WinATS.dll [ ]
    C:\WINDOWS\Downloaded Program Files\WinATS.inf
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP244\A0035978.DLL

    Trojan.Windows Overlay Components/SysMon
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon#UninstallString

    Trojan.WinBo32/Enhance
    HKU\S-1-5-21-1083298845-264655281-3154871198-1006\Software\System\sysuid

    Trojan.ZQuest
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\LAVUH.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\LAVUH424.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\LAVUH509.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\LAVUH596.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\LAVUH697.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\LAVUH966.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP245\A0036128.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP245\A0036129.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP245\A0036130.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP245\A0036131.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP245\A0036132.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP245\A0036133.DLL

    Adware.ClickSpring/Yazzle
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1281OINADMIN.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1281OINUNINSTALLER.EXE.VIR

    Trojan.Downloader-Gen/BasicMath
    C:\QOOBOX\QUARANTINE\C\WINDOWS\DLS0523PMW.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP245\A0036141.EXE

    Trojan.Downloader-VisFX
    C:\QOOBOX\QUARANTINE\C\WINDOWS\OFFUN.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP245\A0036142.EXE

    Adware.ZenoSearch
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DWDSREGT.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP245\A0036058.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP245\A0036068.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP245\A0036140.EXE
    C:\WINDOWS\SYSTEM32\MSDSREGN.EXE
    C:\WINDOWS\TISKY009.EXE

    Trojan.ZQuest-Installer
    C:\QOOBOX\QUARANTINE\C\WINDOWS\TK58.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP244\A0035977.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP245\A0036009.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP245\A0036025.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP245\A0036040.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP245\A0036124.EXE

    Adware.Unknown Origin
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP241\A0035621.CFG

    Trojan.TagASaurus
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP244\A0035979.EXE

    Trojan.Rootkit-TnCore
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP245\A0036057.SYS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP245\A0036067.SYS

    Trojan.WinAntiSpyware/WinAntiVirus 2006
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP245\A0036072.EXE

    Trojan.Rootkit-TnCore/Installer
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP245\A0036138.EXE

    Trojan.Downloader-Gen/HitItQuitIt
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP245\A0036149.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP245\A0036150.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP245\A0036154.DLL

    Trojan.ZenoSearch
    C:\WINDOWS\SYSTEM32\QWINTNDT.EXE

    Adware.SysMon
    C:\WINDOWS\SYSTEM32\Z11\Z53.EXE










    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 6:05:18 PM, on 7/16/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\mcafee.com\agent\McAgent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\acs.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Alan Wu\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: (no name) - {7cfdf525-163a-4532-95fe-76e36fcf61c3} - C:\WINDOWS\system32\c_8ib1.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://g0tmi1k123.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: c_8ib1 - c_8ib1.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    --
    End of file - 6882 bytes
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O2 - BHO: (no name) - {7cfdf525-163a-4532-95fe-76e36fcf61c3} - C:\WINDOWS\system32\c_8ib1.dll (file missing)
    O20 - Winlogon Notify: c_8ib1 - c_8ib1.dll (file missing)

    Close all applications and browser windows before you click "fix checked".


    Please run combofix again and post the resulting log.
     
  9. g0t mi1k123

    g0t mi1k123 Thread Starter

    Joined:
    Apr 6, 2006
    Messages:
    80
    "name" - 2007-07-17 13:14:35 - ComboFix 07-07-13.8 - Service Pack 2 NTFS


    ((((((((((((((((((((((((( Files Created from 2007-06-17 to 2007-07-17 )))))))))))))))))))))))))))))))


    2007-07-16 18:56 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
    2007-07-16 18:56 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
    2007-07-16 18:10 <DIR> d-------- C:\Program Files\Bethesda Softworks
    2007-07-16 15:52 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-07-16 15:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-16 15:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
    2007-07-16 15:52 <DIR> d-------- C:\DOCUME~1\ALANWU~1\APPLIC~1\SUPERAntiSpyware.com
    2007-07-16 14:46 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-16 13:25 <DIR> d-------- C:\WINDOWS\ERUNT
    2007-07-16 13:07 66,624 --a------ C:\WINDOWS\system32\lnbyxwgo.dll
    2007-07-16 13:04 66,112 --a------ C:\WINDOWS\system32\wmcrndqh.exe
    2007-07-15 22:58 <DIR> d-------- C:\Program Files\Enigma Software Group
    2007-07-15 22:12 224,654 --a------ C:\WINDOWS\zvrww0578.exe
    2007-07-15 21:40 54,784 --a------ C:\WINDOWS\suzxgwl.exe
    2007-07-15 21:40 376,352 -r-hs---- C:\WINDOWS\suzxgwlA.exe
    2007-07-15 21:40 <DIR> d-------- C:\WINDOWS\system32\Z11
    2007-07-15 21:40 <DIR> d-------- C:\WINDOWS\system32\driver
    2007-07-15 21:40 <DIR> d-------- C:\Temp\0c2
    2007-07-15 21:39 <DIR> d-------- C:\WINDOWS\system32\b02FdUe
    2007-07-15 21:39 <DIR> d-------- C:\Temp\brr
    2007-07-06 12:40 192,512 --a------ C:\WINDOWS\g4356cbvy63.exe
    2007-07-01 19:00 <DIR> d--h----- C:\DOCUME~1\ALANWU~1\APPLIC~1\ijjigame
    2007-06-30 17:28 967 --a------ C:\WINDOWS\ScUnin.pif
    2007-06-30 17:28 94,208 --a------ C:\WINDOWS\ScUnin.exe
    2007-06-30 17:28 13,044 --a------ C:\WINDOWS\scunin.dat
    2007-06-30 17:27 <DIR> d-------- C:\Program Files\Starcraft
    2007-06-25 06:54 53,248 --a------ C:\WINDOWS\uni_eh44.exe
    2007-06-25 06:53 53,248 --a------ C:\WINDOWS\uninst1014.exe


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-17 06:06:51 -------- d-----w C:\Program Files\512 PSP memory
    2007-07-17 01:56:56 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-07-16 22:27:12 -------- d-----w C:\Program Files\Viewpoint
    2007-07-16 21:51:11 -------- d-----w C:\Program Files\Windows NT
    2007-07-16 21:45:56 246 ----a-w C:\Program Files\Common Files\lavuh596
    2007-07-16 21:44:42 246 ----a-w C:\Program Files\Common Files\lavuh966
    2007-07-16 21:39:19 -------- d-----w C:\Program Files\Warcraft III
    2007-07-16 20:02:05 246 ----a-w C:\Program Files\Common Files\lavuh697
    2007-07-16 05:10:01 -------- d-----w C:\Program Files\Microsoft Games
    2007-07-16 05:07:24 -------- d-----w C:\Program Files\Sony Ericsson
    2007-07-16 05:07:21 -------- d-----w C:\Program Files\Common Files\Teleca Shared
    2007-07-16 05:06:05 -------- d-----w C:\DOCUME~1\ALANWU~1\APPLIC~1\NJStar
    2007-06-28 04:52:03 -------- d-----w C:\Program Files\Warcraft III Demo
    2007-06-21 21:07:42 3,402 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-06-21 21:07:37 88 --sh--r C:\WINDOWS\system32\31FDCCB7C4.sys
    2007-06-06 21:58:49 -------- d-----w C:\Program Files\PolderbitS
    2007-06-05 23:59:55 -------- d-----w C:\Program Files\Notation
    2007-06-05 23:54:02 -------- d-----w C:\Program Files\MIDIView 1.1 DEMO
    2007-05-19 00:42:56 -------- d-----w C:\Program Files\WarRock
    2007-05-19 00:40:53 -------- d-----w C:\Program Files\AoA MP4 Converter
    2007-05-19 00:39:41 -------- d-----w C:\Program Files\Plato Video To 3GP Converter
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-02-12 05:54:16 52,368 ----a-w C:\DOCUME~1\ALANWU~1\APPLIC~1\GDIPFONTCACHEV1.DAT
    2006-12-19 06:34:39 0 ----a-w C:\Program Files\error.dat


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-01-12 18:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}]
    2005-10-28 08:30 147456 --a------ c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3EC8255F-E043-4cae-8B3B-B191550C2A22}]
    2005-10-28 08:30 132648 --a------ c:\program files\mcafee.com\mps\popupkiller.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}]
    2005-11-03 12:10 348160 --a------ c:\program files\mcafee\spamkiller\mcapfbho.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    2005-09-08 03:20 110652 --a------ C:\WINDOWS\System32\DLA\DLASHX_W.DLL

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar4.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    2007-06-06 19:07 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 10:05]
    "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [2005-09-22 16:29]
    "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 08:26]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-05 17:48]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22]
    "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 15:46]
    "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 16:04]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AIM"="C:\Program Files\AIM\aim.exe" [2005-06-01 23:34]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 19:07]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll --a------ 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
    backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG311T Wireless Assistant.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311T Wireless Assistant.lnk
    backup=C:\WINDOWS\pss\NETGEAR WG311T Wireless Assistant.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
    C:\Program Files\AIM\aim.exe -cnetwait.odl

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    "C:\Program Files\Dell Support\DSAgnt.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    C:\WINDOWS\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    C:\WINDOWS\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
    c:\PROGRA~1\mcafee.com\agent\McAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
    C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
    C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe]
    c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
    C:\Program Files\McAfee.com\VSO\oasclnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    stsystra.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
    "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    AutoRun\command- D:\autoplay.exe


    Contents of the 'Scheduled Tasks' folder
    2007-07-14 01:30:00 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (ALAN-Alan Wu).job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-17 13:17:13
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-17 13:17:31
    C:\ComboFix-quarantined-files.txt ... 2007-07-17 13:17
    C:\ComboFix2.txt ... 2007-07-16 14:55

    --- E O F ---
     
  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please download the OTMoveIt by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\WINDOWS\system32\lnbyxwgo.dll
      C:\WINDOWS\system32\wmcrndqh.exe
      C:\WINDOWS\zvrww0578.exe
      C:\WINDOWS\suzxgwl.exe
      C:\WINDOWS\suzxgwlA.exe
      C:\Temp\0c2
      C:\WINDOWS\system32\b02FdUe
      C:\Temp\brr
      C:\WINDOWS\g4356cbvy63.exe
      C:\WINDOWS\uninst1014.exe
      C:\WINDOWS\uni_eh44.exe


    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
    • Close OTMoveIt
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


    Still appears you are running that old version of Java. You should get that updated.

    How is it running now? Any problems?
     
  11. g0t mi1k123

    g0t mi1k123 Thread Starter

    Joined:
    Apr 6, 2006
    Messages:
    80
    wow THANK YOU SO MUCH!!! I really appreciate your time in helping me get rid of those viruses! the computer is running much better too.

    I think I had some trouble running that program that you said to use way earlier, or maybe I didn't uninstall all the Java files. Is there a way for me to know which files are Java?
     
  12. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Try this instead: Secunia software inspector & update checker it checks multiple programs.

    You can and should remove all of the tools I requested you to download and/or folders associated with them now. It is pointless for them to keep these tools around as they are updated so frequently that the tools can be outdated within a few days, sometimes within just hours.

    The OTMoveIt by OldTimer has a CleanUp! option you can use to remove most of the fixes and associated files and folders if you want to use that. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. Also remove OTMoveIt.

    SUPERAntiSpyware is a trial version so you can keep that until the trial is over and then uninstall.


    It's a good idea to Flush your System Restore after removing malware:
    Turn off system restore and then turn it back on: http://support.microsoft.com/kb/310405


    You're welcome!
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/596341

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice