1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Malware and a few other problems

Discussion in 'Virus & Other Malware Removal' started by _Seven_, Jul 13, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. _Seven_

    _Seven_ Thread Starter

    Joined:
    Apr 10, 2006
    Messages:
    16
    I haven't been on here in quite a few months actually, this site helped me out a great deal they last time I was here. Wake up, my younger brother is on my computer. Three different programs are/have been installed. I uninstalled the programs that I could, someof them however. A Mirar that apparently requires me to go to their website to download an uninstaller... Their is also a program called outerinfo (of which I can only guess its name is of some irony) as well.


    I didn't have much of a hitch with some of the other apps I had to unistall, although I cannot be completely sure. Password protect on my comuter will probably have to be a must after this. Thanks in advance if you guys can help me out.
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HijackThis and click Open the Misc Tools section
    • Click Open Uninstall Manager
    • Save list
    • click on the Desktop icon or select to save the list on the desktop
    • then click save.

    Open the file and copy/paste the contents back here in your next reply.
     
  3. _Seven_

    _Seven_ Thread Starter

    Joined:
    Apr 10, 2006
    Messages:
    16
    Just a moment, will edit.
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    ok, post a new reply because I've deleted the e-mail! :eek:
     
  5. _Seven_

    _Seven_ Thread Starter

    Joined:
    Apr 10, 2006
    Messages:
    16
    It has been a while since I've run hijack this, can you run me through the steps that I need to do?


    (The post I edited was asking where to get a link to download Hijack this again, I think I unistalled it a while ago. I looked in the stickied threads, found it and downloaded it again.)
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Sure thing!

    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

    That will produce the scan list. Post that and the Uninstall list from my post #2.
     
  7. _Seven_

    _Seven_ Thread Starter

    Joined:
    Apr 10, 2006
    Messages:
    16
    Logfile of HijackThis v1.99.1
    Scan saved at 12:02:07 PM, on 7/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\svchost.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\vjbujcn.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\vjbujcnA.exe
    C:\WINDOWS\retadpu1000106.exe
    C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\DOCUME~1\Bronson\APPLIC~1\STEM32~1\msiexec.exe
    C:\Documents and Settings\Bronson\Application Data\??mbols\w?aclt.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\g4356cbvy63.exe
    c:\windows\system32\mndsregs.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\twinondt.exe
    C:\Documents and Settings\Bronson\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\version69ie7fix.dll
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [vjbujcnA] C:\WINDOWS\vjbujcnA.exe
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\twinondt.exe SKY009
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
    O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63
    O4 - HKLM\..\Run: [{8F-FA-A1-1A-ZN}] c:\windows\system32\mndsregs.exe SKY009
    O4 - HKLM\..\RunOnce: [RemoveInstallPath] cmd.exe C:\WINDOWS\system32\cmd.exe /c rmdir /S /Q "C:\PROGRA~1\WinPop" > nul
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\Bronson\APPLIC~1\STEM32~1\msiexec.exe" -vt yazb
    O4 - HKCU\..\Run: [Jupsuk] "C:\Documents and Settings\Bronson\Application Data\??mbols\w?aclt.exe"
    O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
    O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\twinondt.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119w.bay119.mail.live.com/mail/resources/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\vjbujcn.exe



    *There was no option avaible to copy the unistall list to the desktop, how would I go about doing so?
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
     
  9. _Seven_

    _Seven_ Thread Starter

    Joined:
    Apr 10, 2006
    Messages:
    16
    SDFix: Version 1.91

    Run by Bronson on Fri 07/13/2007 at 01:03 PM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix\SDFix

    Safe Mode:
    Checking Services:

    Name:
    Windows Overlay Components

    ImagePath:
    C:\WINDOWS\vjbujcn.exe

    Windows Overlay Components - Deleted



    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\DOCUME~1\Bronson\LOCALS~1\Temp\uninstall.exe - Deleted
    C:\WINDOWS\b122.exe - Deleted
    C:\WINDOWS\retadpu1000106.exe - Deleted
    C:\WINDOWS\retadpu572.exe - Deleted
    C:\WINDOWS\system32\dwdsregt.exe - Deleted
    C:\WINDOWS\system32\msnav32.ax - Deleted
    C:\WINDOWS\tcb.pmw - Deleted
    C:\WINDOWS\Uninst2.htm - Deleted
    C:\WINDOWS\Unist1.htm - Deleted
    C:\WINDOWS\wr.txt - Deleted


    Folder C:\Program Files\InetGet2 - Removed

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Gaming Zone\\zclient.exe"="C:\\Program Files\\MSN Gaming Zone\\zclient.exe:*:Enabled:Zone Datafile"
    "C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion"
    "C:\\WINDOWS\\SYSTEM32\\dplaysvr.exe"="C:\\WINDOWS\\SYSTEM32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
    "C:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds Saga\\Game\\battlegrounds_x1.exe"="C:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds Saga\\Game\\battlegrounds_x1.exe:*:Enabled:Star Wars Galactic Battlegrounds: Clone Campaigns"
    "C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe:*:Enabled:Halo"
    "C:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe:*:Enabled:Rise of Nations"
    "C:\\Program Files\\SSI\\Silent Hunter II\\Shell\\SH2.exe"="C:\\Program Files\\SSI\\Silent Hunter II\\Shell\\SH2.exe:*:Enabled:SH2"
    "C:\\Documents and Settings\\Bronson\\My Documents\\Marathon\\Marathon 1\\M1A1\\AlephOne.exe"="C:\\Documents and Settings\\Bronson\\My Documents\\Marathon\\Marathon 1\\M1A1\\AlephOne.exe:*:Enabled:Aleph One/SDL for Win32"
    "C:\\Documents and Settings\\Bronson\\My Documents\\Marathon\\Marathon 1\\M1A1\\Marathon.exe"="C:\\Documents and Settings\\Bronson\\My Documents\\Marathon\\Marathon 1\\M1A1\\Marathon.exe:*:Enabled:Aleph One/SDL for Win32"
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
    "C:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe:*:Enabled:Rise of Nations"
    "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\Alias\\Maya 7.0 Personal Learning Edition\\bin\\maya.exe"="C:\\Program Files\\Alias\\Maya 7.0 Personal Learning Edition\\bin\\maya.exe:*:Enabled:Maya"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Documents and Settings\\Bronson\\My Documents\\xchat\\xchat.exe"="C:\\Documents and Settings\\Bronson\\My Documents\\xchat\\xchat.exe:*:Enabled:XChat IRC Client"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files:
    ---------------

    Backups Folder: - C:\SDFix\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    C:\Documents and Settings\Bronson\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\1UP.com - 1UP Yours - 05_04_2007 _ 1.tmp\AlbumArtSmall.jpg
    C:\Documents and Settings\Bronson\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\1UP.com - 1UP Yours - 05_04_2007 _ 1.tmp\Folder.jpg
    C:\Documents and Settings\Bronson\Application Data\??mbols\w?aclt.exe
    C:\Documents and Settings\Bronson\Application Data\??stem32\msiexec.exe
    C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
    C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
    C:\WINDOWS\vjbujcnA.exe
    C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
    C:\Documents and Settings\Bronson\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\1UP.com - 1UP Yours - 05_04_2007 _ 1.tmp\AlbumArtSmall.jpg
    C:\Documents and Settings\Bronson\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\1UP.com - 1UP Yours - 05_04_2007 _ 1.tmp\Folder.jpg
    C:\Documents and Settings\Bronson\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\Show #213 The one about Crackdown au.tmp\AlbumArtSmall.jpg
    C:\Documents and Settings\Bronson\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\Show #213 The one about Crackdown au.tmp\Folder.jpg
    C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0c44783ee6f825170d2765fb448927a9\BIT1D1.tmp

    Finished
     
  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
  11. _Seven_

    _Seven_ Thread Starter

    Joined:
    Apr 10, 2006
    Messages:
    16
    "Bronson" - 2007-07-13 14:12:57 - ComboFix 07-07-13.8 - Service Pack 2 NTFS


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\tgjfeonb.dll
    C:\WINDOWS\system32\itoypxxb.exe
    C:\WINDOWS\system32\mymqpxsu.exe
    C:\WINDOWS\SYSTEM32\orqss.bak1
    C:\WINDOWS\SYSTEM32\orqss.ini
    C:\WINDOWS\SYSTEM32\bnoefjgt.ini
    C:\WINDOWS\SYSTEM32\orqss.bak1
    C:\WINDOWS\SYSTEM32\orqss.ini
    C:\WINDOWS\system32\qommmnl.dll
    C:\WINDOWS\system32\ssqro.dll
    C:\WINDOWS\system32\qommmnl.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_NET_AGENT
    -------\Net Agent
    -------\nm


    ((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 )))))))))))))))))))))))))))))))


    2007-07-13 14:11 66,624 --a------ C:\WINDOWS\SYSTEM32\cbauskmi.dll
    2007-07-13 13:46 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-13 13:02 <DIR> d-------- C:\WINDOWS\ERUNT
    2007-07-13 10:05 224,654 --a------ C:\WINDOWS\vrqsd0578.exe
    2007-07-13 09:44 49,177 --a------ C:\WINDOWS\SYSTEM32\mndsregs.exe
    2007-07-13 09:31 192,622 --a------ C:\WINDOWS\SYSTEM32\twinondt.exe
    2007-07-13 09:30 806,352 -r-hs---- C:\WINDOWS\vjbujcnA.exe
    2007-07-13 09:30 54,784 --a------ C:\WINDOWS\vjbujcn.exe
    2007-07-13 09:30 49,152 --a------ C:\WINDOWS\TISKY009.exe
    2007-07-13 09:30 <DIR> d-------- C:\WINDOWS\SYSTEM32\driver
    2007-07-13 09:30 <DIR> d-------- C:\Temp\0c2
    2007-07-13 09:30 <DIR> d-------- C:\DOCUME~1\Bronson\APPLIC~1\??stem32
    2007-07-13 09:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\b02FdUe
    2007-07-13 09:29 <DIR> d-------- C:\Temp\brr
    2007-07-13 09:29 <DIR> d-------- C:\Temp
    2007-07-07 23:24 <DIR> d-------- C:\Program Files\Blender Foundation
    2007-07-06 20:19 <DIR> d-------- C:\DOCUME~1\Bronson\APPLIC~1\X-Chat 2
    2007-07-06 12:40 192,512 --a------ C:\WINDOWS\g4356cbvy63.exe
    2007-07-05 22:57 <DIR> d-------- C:\Program Files\Common Files\Apple
    2007-07-05 22:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    2007-06-25 06:54 53,248 --a------ C:\WINDOWS\uni_eh44.exe
    2007-06-25 06:53 53,248 --a------ C:\WINDOWS\uninst1014.exe


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-13 20:56:53 -------- d-----w C:\DOCUME~1\Bronson\APPLIC~1\??stem32
    2007-07-13 20:56:50 -------- d-----w C:\Program Files\Movie Maker
    2007-07-13 18:40:52 -------- d-----w C:\Program Files\Microsoft Games
    2007-07-13 18:40:43 -------- d-----w C:\DOCUME~1\Bronson\APPLIC~1\Microsoft Games
    2007-07-07 07:18:14 -------- d-----w C:\DOCUME~1\Bronson\APPLIC~1\.gaim
    2007-07-04 08:10:09 -------- d-----w C:\DOCUME~1\Bronson\APPLIC~1\AdobeUM
    2007-06-12 03:53:12 -------- d-----w C:\DOCUME~1\Bronson\APPLIC~1\Image Zone Express
    2007-06-05 04:20:58 -------- d-----w C:\Program Files\iTunes
    2007-06-05 04:20:41 -------- d-----w C:\Program Files\iPod
    2007-05-25 03:29:44 -------- d--h--w C:\DOCUME~1\Bronson\APPLIC~1\Move Networks
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-13 10:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2834D839-43D0-412D-A8D5-03474B32EF3A}]
    C:\Program Files\Movie Maker\vixyf83122.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A621AAE-F36F-FA92-4966-8B8DBD5683C5}]
    C:\WINDOWS\system32\jzemqjqb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
    2005-05-26 11:38 181352 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    2003-08-05 23:04 106548 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}]
    2005-01-24 09:55 115832 --a------ C:\Program Files\Yahoo!\Common\YIeTagBm.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    2006-04-07 00:02 323904 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}]
    C:\WINDOWS\system32\version69ie7fix.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
    2005-09-20 19:12 577744 --a------ C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5941C20-4539-4D41-6288-F095A53C9DF1}]
    C:\Program Files\MSN\zykixuk676.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-12 23:01]
    "VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 16:02]
    "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]
    "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05]
    "DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 21:05]
    "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 19:50]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54]
    "Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2006-12-12 15:45]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
    "UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 10:00]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
    "Jupsuk"="C:\Documents and Settings\Bronson\Application Data\??mbols\w?aclt.exe" []
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]


    Contents of the 'Scheduled Tasks' folder
    2007-05-12 14:17:05 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    2004-12-25 17:07:46 C:\WINDOWS\tasks\WebReg 20041225090746.job
    2006-03-28 03:19:55 C:\WINDOWS\tasks\XoftSpy.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-13 14:29:57
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-13 14:32:52 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-13 14:32

    --- E O F ---











    Logfile of HijackThis v1.99.1
    Scan saved at 2:39:59 PM, on 7/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\svchost.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Bronson\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2834D839-43D0-412D-A8D5-03474B32EF3A} - C:\Program Files\Movie Maker\vixyf83122.dll (file missing)
    O2 - BHO: (no name) - {3A621AAE-F36F-FA92-4966-8B8DBD5683C5} - C:\WINDOWS\system32\jzemqjqb.dll (file missing)
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\version69ie7fix.dll (file missing)
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O2 - BHO: 0 - {D5941C20-4539-4D41-6288-F095A53C9DF1} - C:\Program Files\MSN\zykixuk676.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\version69ie7fix.dll (file missing)
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [Jupsuk] "C:\Documents and Settings\Bronson\Application Data\??mbols\w?aclt.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119w.bay119.mail.live.com/mail/resources/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
     
  12. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.
     
  13. _Seven_

    _Seven_ Thread Starter

    Joined:
    Apr 10, 2006
    Messages:
    16
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/13/2007 at 05:28 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3269
    Trace Rules Database Version: 1280

    Scan type : Complete Scan
    Total Scan Time : 02:22:28

    Memory items scanned : 451
    Memory threats detected : 0
    Registry items scanned : 5936
    Registry threats detected : 79
    File items scanned : 69119
    File threats detected : 62

    Adware.Mirar/NetNucleus
    HKLM\Software\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32#ThreadingModel
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Version
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#BuildName
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Affiliate
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Show3X
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#ShowType
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#PopupCount
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#BlockEnable
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Ticket
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#WalkThrough
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#PrefetchDate
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#ShowDelay
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#StayDelay
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#GlobalInstanceCount
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties\Prefetch
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties\Prefetch#EbayCa
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties\Prefetch#EbayCom
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties\Prefetch#GooCa
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties\Prefetch#GooCom
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties\Prefetch#YahooCa
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties\Prefetch#YahooCom
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\TypeLib
    C:\WINDOWS\SYSTEM32\VERSION69IE7FIX.DLL
    HKLM\Software\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32
    HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32#ThreadingModel
    HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\TypeLib
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0\win32
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\FLAGS
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\HELPDIR
    HKU\S-1-5-21-4095403003-666826761-3636542499-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid32
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib#Version
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid32
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib#Version
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid32
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib#Version
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}#UninstallString
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WINNB58.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100363.DLL

    Browser Hijacker.Internet Explorer Zone Hijack
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click#http
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click#https
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click#http
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click#https
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect#http
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect#https
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta#http
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta#https

    Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
    C:\WINDOWS\system32\stera.job

    Trojan.Windows Overlay Components/SysMon
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon#UninstallString

    Trojan.WinBo32/Enhance
    HKU\S-1-5-21-4095403003-666826761-3636542499-1007\Software\System\sysuid

    Adware.ClickSpring/Outer Info Network
    C:\Documents and Settings\Bronson\Start Menu\Programs\Outerinfo\Terms.lnk
    C:\Documents and Settings\Bronson\Start Menu\Programs\Outerinfo\Uninstall.lnk
    C:\Documents and Settings\Bronson\Start Menu\Programs\Outerinfo

    Adware.Accoona
    C:\PROGRAM FILES\FILESUBMIT\HALO2.EXE\ATOOLBAR400005.EXE

    Adware.ClickSpring
    C:\QooBox\Quarantine\C\DOCUME~1\Bronson\APPLIC~1\MBOLS~1\WACLTE~1.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100354.EXE

    Adware.ClickSpring-Variant
    C:\QOOBOX\QUARANTINE\C\DOCUME~1\BRONSON\APPLIC~1\STEM32~1\MSIEXEC.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100355.EXE

    Adware.ClickSpring/Yazzle
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1281OINADMIN.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1281OINUNINSTALLER.EXE.VIR

    Unclassified.Unknown Origin
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\MOVIE MAKER\VIXYF83122.DLL.VIR

    Trojan.ZQuest
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\MSN\ZYKIXUK.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\MSN\ZYKIXUK676.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100349.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100350.DLL

    Trojan.Downloader-Gen/BasicMath
    C:\QOOBOX\QUARANTINE\C\WINDOWS\DLS0523PMW.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100364.EXE

    Trojan.Downloader-VisFX
    C:\QOOBOX\QUARANTINE\C\WINDOWS\OFFUN.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100365.EXE

    Adware.WebBuying Assistant-Installer
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\B4\BW73.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100171.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100172.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100281.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100361.EXE

    Adware.SysMon
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\B5\Z53.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100362.EXE

    Adware.ZenoSearch
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DWDSREGT.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100297.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100305.EXE
    C:\WINDOWS\SYSTEM32\MNDSREGS.EXE
    C:\WINDOWS\TISKY009.EXE

    Trojan.Downloader-Gen/TStamp
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\ITOYPXXB.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0101389.EXE

    Adware.ClickSpring/Resident
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JZEMQJQB.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100351.DLL

    Trojan.Downloader-Gen/HitItQuitIt
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LJJJGFC.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\QOMMMNL.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100371.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0101390.DLL

    Adware.Vundo/Traff-2
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\MYMQPXSU.EXE.VIR

    Trojan.Unknown Origin
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WNSTSSV32.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100348.EXE

    Trojan.ZQuest-Installer
    C:\QOOBOX\QUARANTINE\C\WINDOWS\TK58.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100341.EXE

    Adware.Unknown Origin
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100165.CFG

    Trojan.Downloader-WebBuying/PopEngine
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100170.DLL

    Trojan.Downloader-Gen/WinPop
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100182.EXE

    Trojan.Downloader-Gen/Installer
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100294.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100304.EXE

    Trojan.Downloader-Gen/RetAd
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100295.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100296.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100307.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100308.EXE

    Trojan.Rootkit-TnCore/Installer
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0100360.EXE

    Trojan.TagASaurus
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0101403.EXE

    Trojan.ZenoSearch
    C:\WINDOWS\SYSTEM32\TWINONDT.EXE

    Trojan.Downloader-Crew
    C:\WINDOWS\SYSTEM32\VXOSYNRW.DLL
    C:\WINDOWS\SYSTEM32\__DELETE_ON_REBOOT__RYGYSMNI.DLL








    Logfile of HijackThis v1.99.1
    Scan saved at 5:42:29 PM, on 7/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\svchost.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\qttask.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Bronson\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2834D839-43D0-412D-A8D5-03474B32EF3A} - C:\Program Files\Movie Maker\vixyf83122.dll (file missing)
    O2 - BHO: (no name) - {3A621AAE-F36F-FA92-4966-8B8DBD5683C5} - C:\WINDOWS\system32\jzemqjqb.dll (file missing)
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O2 - BHO: 0 - {D5941C20-4539-4D41-6288-F095A53C9DF1} - C:\Program Files\MSN\zykixuk676.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [Jupsuk] "C:\Documents and Settings\Bronson\Application Data\??mbols\w?aclt.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119w.bay119.mail.live.com/mail/resources/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe



    Sorry for the wait, I had a lot of files to scan.
     
  14. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O2 - BHO: (no name) - {2834D839-43D0-412D-A8D5-03474B32EF3A} - C:\Program Files\Movie Maker\vixyf83122.dll (file missing)
    O2 - BHO: (no name) - {3A621AAE-F36F-FA92-4966-8B8DBD5683C5} - C:\WINDOWS\system32\jzemqjqb.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: 0 - {D5941C20-4539-4D41-6288-F095A53C9DF1} - C:\Program Files\MSN\zykixuk676.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O4 - HKCU\..\Run: [Jupsuk] "C:\Documents and Settings\Bronson\Application Data\??mbols\w?aclt.exe"
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

    Close all applications and browser windows before you click "fix checked".

    [​IMG] Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

    Ugrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6u2.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.


    Post your HJT log again after you have finished.
     
  15. _Seven_

    _Seven_ Thread Starter

    Joined:
    Apr 10, 2006
    Messages:
    16
    Logfile of HijackThis v1.99.1
    Scan saved at 1:13:49 PM, on 7/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\svchost.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\wuauclt.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
    C:\Documents and Settings\Bronson\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119w.bay119.mail.live.com/mail/resources/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/595340

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice