1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

virus protection not working. control panel disapeared then reapeard.

Discussion in 'Virus & Other Malware Removal' started by mattyzac, Nov 11, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. mattyzac

    mattyzac Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    4
    hi i need help i think a virus or malware is attacking my pc. i cant run virus scan i cant even go to virus scan websites earlier control panel disappeared then i did system restore then it reapared now i think something is still attacking my pc coz i cant go to any anti virus website like norton mcafee or that kaspersky online. i really need help


    heres my hi jack log hope it helps


    Logfile of HijackThis v1.99.1
    Scan saved at 7:27:01 AM, on 11/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\PROGRA~1\MI3AA1~1\wcescomm.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\WINDOWS\system32\vrakcxgc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\SiteAdvisor\6145\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\McAfee\MSC\mcregist.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\dllhost.exe
    c:\program files\mcafee\msc\mcshell.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    C:\Program Files\McAfee\MBK\MBackMonitor.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\BURGOS\Local Settings\Temporary Internet Files\Content.IE5\K16BK567\hijackthis_sfx[1].exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {99B0BC62-FAD2-485D-B46F-765094C2CFF2} - C:\Program Files\MSN Gaming Zone\hoket4444.dll
    O2 - BHO: (no name) - {CD93F8E1-7260-4034-9845-3041C34A57C2} - C:\Program Files\MSN Gaming Zone\hoket83122.dll (file missing)
    O2 - BHO: (no name) - {E8ADE6D4-60EE-4637-A050-CC26B5049A47} - C:\WINDOWS\system32\vtsts.dll (file missing)
    O2 - BHO: (no name) - {EC4D399B-6409-4BA2-9EE1-B34DAB5927E2} - C:\WINDOWS\system32\geebb.dll (file missing)
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll
    O20 - AppInit_DLLs: pushow71.dll
    O20 - Winlogon Notify: geebb - C:\WINDOWS\system32\geebb.dll (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: mljgddb - mljgddb.dll (file missing)
    O20 - Winlogon Notify: vtsts - C:\WINDOWS\system32\vtsts.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: DomainService - - C:\WINDOWS\system32\vrakcxgc.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6145\SAService.exe
    O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\xwwuzjg.exe (file missing)
     
  2. mattyzac

    mattyzac Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    4
    hi i took initiative to do combo fix too hope this helps


    ComboFix 07-11-08.3 - BURGOS 2007-11-11 8:43:13.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.616 [GMT -8:00]
    Running from: C:\Documents and Settings\BURGOS\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data.\salesmonitor
    C:\Documents and Settings\All Users\Application Data.\winantispyware 2007
    C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr
    C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\ProductCode
    C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
    C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
    C:\Documents and Settings\BURGOS\Application Data\WinAntiSpyware 2007
    C:\Documents and Settings\BURGOS\Application Data\WinAntiSpyware 2007\Logs\update.log
    C:\Documents and Settings\BURGOS\err.log
    C:\Documents and Settings\LocalService\Application Data\.rdr.ini
    C:\Documents and Settings\LocalService\Application Data\Install.dat
    C:\Documents and Settings\NetworkService\Application Data\.rdr.ini
    C:\Documents and Settings\NetworkService\Application Data\install.dat
    C:\Documents and Settings\NetworkService\Desktop\searchus.exe
    C:\Program Files\BHO
    C:\Program Files\BHO\bho.dat
    C:\Program Files\BHO\er.dat
    C:\Program Files\BHO\uninstall.exe
    C:\Program Files\inetget2
    C:\Program Files\Windows NT\profsycyrt.html
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\Temp\bass.exe
    C:\temp\brr
    C:\Temp\fse
    C:\Temp\fse\tmpZTF.log
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\b02FdUe
    C:\WINDOWS\system32\configs
    C:\WINDOWS\system32\dllh8jkd1q8.exe
    C:\WINDOWS\system32\driver
    C:\WINDOWS\system32\drivers\fopn.sys
    C:\WINDOWS\system32\f02WtR
    C:\WINDOWS\system32\f06WtR
    C:\WINDOWS\system32\F2
    C:\WINDOWS\system32\F3
    C:\WINDOWS\system32\kr_done1
    C:\WINDOWS\system32\ldinfo.ldr
    C:\WINDOWS\system32\msnav32.ax
    C:\WINDOWS\system32\skuns.dat
    C:\WINDOWS\system32\svcp.csv
    C:\WINDOWS\system32\vedxg3am1et3.exe
    C:\WINDOWS\system32\vedxga4me1.exe
    C:\WINDOWS\system32\vx.tll
    C:\WINDOWS\system32\winsub.xml
    C:\WINDOWS\system32\zxdnt3d.cfg
    C:\WINDOWS\TTC-4444.exe
    C:\WINDOWS\wr.txt

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_FOPN
    -------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
    -------\ApiMon
    -------\DomainService
    -------\fopn
    -------\Windows Overlay Components


    ((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))
    .

    2007-11-11 08:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
    2007-11-11 08:40 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-10 19:48 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-11-10 19:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SiteAdvisor
    2007-11-10 18:56 <DIR> d-------- C:\Program Files\Shareaza
    2007-11-10 18:56 <DIR> d-------- C:\Documents and Settings\BURGOS\Application Data\Shareaza
    2007-11-10 18:55 <DIR> d-------- C:\Program Files\SiteAdvisor
    2007-11-10 18:55 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
    2007-11-10 18:55 <DIR> d-------- C:\Documents and Settings\BURGOS\Application Data\SiteAdvisor
    2007-11-10 18:54 <DIR> d-------- C:\Program Files\McAfee
    2007-11-10 18:54 <DIR> d-------- C:\Program Files\Common Files\McAfee
    2007-11-10 18:50 <DIR> d-------- C:\Program Files\QuickTime
    2007-11-10 18:49 <DIR> d-------- C:\Program Files\iTunes
    2007-11-10 18:36 <DIR> d-------- C:\Program Files\Norton Ghost
    2007-11-10 16:52 <DIR> d-------- C:\Program Files\Citrix
    2007-11-10 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
    2007-11-04 17:06 <DIR> d-------- C:\Program Files\iTunes(2)
    2007-11-04 17:04 <DIR> d-------- C:\Program Files\QuickTime(2)
    2007-11-03 18:08 <DIR> d-------- C:\Program Files\Common Files\Apple

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-11 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
    2007-11-11 04:00 --------- d-----w C:\Program Files\Symantec
    2007-11-11 04:00 --------- d-----w C:\Program Files\GemMaster
    2007-11-11 02:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-11-11 02:50 --------- d-----w C:\Program Files\Apple Software Update
    2007-11-11 02:48 --------- d-----w C:\Program Files\Yahoo!
    2007-11-11 02:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-11-11 00:19 --------- d-----w C:\Documents and Settings\BURGOS\Application Data\McAfee
    2007-11-05 03:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
    2007-11-05 01:06 --------- d-----w C:\Program Files\iPod
    2007-11-04 02:14 --------- d-----w C:\Documents and Settings\BURGOS\Application Data\Yahoo!
    2007-11-04 01:47 --------- d-----w C:\Program Files\McAfee.com
    2007-11-03 22:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
    2007-10-08 05:50 --------- d-----w C:\Program Files\Eudemons Online
    2007-08-22 12:55 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
    2007-08-22 12:55 665,600 ------w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-22 12:55 617,984 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-22 12:55 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-22 12:55 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-22 12:55 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-08-22 12:55 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-22 12:55 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-08-22 12:55 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-08-22 12:55 3,064,832 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-22 12:55 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
    2007-08-22 12:55 205,824 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-22 12:55 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-22 12:55 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
    2007-08-22 12:55 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-22 12:55 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-08-22 12:55 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
    2007-08-22 12:55 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
    2007-08-21 10:19 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-04-21 16:22 39,864 ----a-w C:\Documents and Settings\BURGOS\Application Data\GDIPFONTCACHEV1.DAT
    2005-05-12 06:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2006-07-14 22:27:56 56 --sh--r C:\WINDOWS\system32\0A012B0D32.sys
    2006-07-09 22:04:44 88 --sh--r C:\WINDOWS\system32\320D2B010A.sys
    2006-07-14 22:27:56 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-07-27 16:17:06 6,467 --sha-w C:\WINDOWS\system32\ststv.bak1
    2007-07-30 04:17:47 1,752,383 --sha-w C:\WINDOWS\system32\ststv.bak2
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99B0BC62-FAD2-485D-B46F-765094C2CFF2}]
    2007-08-02 05:43 282624 --a------ C:\Program Files\MSN Gaming Zone\hoket4444.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD93F8E1-7260-4034-9845-3041C34A57C2}]
    C:\Program Files\MSN Gaming Zone\hoket83122.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8ADE6D4-60EE-4637-A050-CC26B5049A47}]
    C:\WINDOWS\system32\vtsts.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC4D399B-6409-4BA2-9EE1-B34DAB5927E2}]
    C:\WINDOWS\system32\geebb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 11:01]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 07:44]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 07:44]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 02:20]
    "Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2006-10-25 12:33]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 17:49]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 17:46]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 17:50]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 16:22]
    "nwiz"="nwiz.exe" [2006-06-01 16:22 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-01 16:22]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 10:25]
    "YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 15:19]
    "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 15:30]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-03-30 07:42]
    "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-01-19 17:11]
    "McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59]
    "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-07 13:08]
    "Steam"="c:\program files\valve\steam\steam.exe" [2007-11-10 19:55]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
    "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 03:05]
    "H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-20 21:36]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-15 06:50:08]
    AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2006-06-29 10:05:04]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-06-08 14:17:02]
    HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{4567AB12-B980-44A5-B259-9B09EBEA6331}"= C:\Program Files\WinAntiSpyware 2007\shellext.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geebb]
    C:\WINDOWS\system32\geebb.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgddb]
    mljgddb.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsts]
    C:\WINDOWS\system32\vtsts.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=pushow71.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
    backup=C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
    C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    C:\Program Files\Valve\Steam\\Steam.exe -silent

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    \Shell\AutoRun\command - E:\setup.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-05 01:02:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-11-11 03:43:26 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe
    "2007-11-11 03:43:26 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe
    "2007-11-11 04:00:01 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - BURGOS.job"
    - C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-11 08:55:32
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-11 8:57:57 - machine was rebooted
    .
    --- E O F ---
     
  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.
     
  4. mattyzac

    mattyzac Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    4
    heres the antispyware log


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/14/2007 at 11:02 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3345
    Trace Rules Database Version: 1346

    Scan type : Complete Scan
    Total Scan Time : 02:01:39

    Memory items scanned : 597
    Memory threats detected : 0
    Registry items scanned : 7186
    Registry threats detected : 62
    File items scanned : 96415
    File threats detected : 50

    Trojan.WinFixer
    HKLM\Software\Classes\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}#AppID
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\InprocServer32
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\InprocServer32#ThreadingModel
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\ProgID
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\Programmable
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\TypeLib
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\VersionIndependentProgID
    C:\PROGRAM FILES\WINANTISPYWARE 2007\SHELLEXT.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{4567AB12-B980-44A5-B259-9B09EBEA6331}
    HKCR\washellext.ShellHook.1
    HKCR\washellext.ShellHook.1\CLSID
    HKCR\washellext.ShellHook
    HKCR\washellext.ShellHook\CLSID
    HKCR\washellext.ShellHook\CurVer
    HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}
    HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0
    HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0\0
    HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0\0\win32
    HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0\FLAGS
    HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0\HELPDIR

    Adware.Vundo Variant
    HKLM\Software\Classes\CLSID\{E8ADE6D4-60EE-4637-A050-CC26B5049A47}
    HKCR\CLSID\{E8ADE6D4-60EE-4637-A050-CC26B5049A47}
    HKCR\CLSID\{E8ADE6D4-60EE-4637-A050-CC26B5049A47}\InprocServer32
    HKCR\CLSID\{E8ADE6D4-60EE-4637-A050-CC26B5049A47}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\VTSTS.DLL
    HKLM\Software\Classes\CLSID\{EC4D399B-6409-4BA2-9EE1-B34DAB5927E2}
    HKCR\CLSID\{EC4D399B-6409-4BA2-9EE1-B34DAB5927E2}
    HKCR\CLSID\{EC4D399B-6409-4BA2-9EE1-B34DAB5927E2}\InprocServer32
    HKCR\CLSID\{EC4D399B-6409-4BA2-9EE1-B34DAB5927E2}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\GEEBB.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8ADE6D4-60EE-4637-A050-CC26B5049A47}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC4D399B-6409-4BA2-9EE1-B34DAB5927E2}

    Adware.Tracking Cookie
    C:\Documents and Settings\BURGOS\Cookies\[email protected][2].txt

    Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
    HKCR\CLSID\{_CLSID_WAShellExecuteCheck}
    HKCR\CLSID\{_CLSID_WAShellExecuteCheck}#AppID
    HKCR\CLSID\{_CLSID_WAShellExecuteCheck}\LocalServer32
    HKCR\CLSID\{_CLSID_WAShellExecuteCheck}\Programmable
    HKCR\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}
    HKCR\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}\1.0
    HKCR\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}\1.0\0
    HKCR\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}\1.0\0\win32
    HKCR\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}\1.0\FLAGS
    HKCR\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}\1.0\HELPDIR
    HKCR\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}
    HKCR\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}\ProxyStubClsid
    HKCR\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}\ProxyStubClsid32
    HKCR\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}\TypeLib
    HKCR\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}\TypeLib#Version

    Browser Hijacker.Internet Explorer Settings Hijack
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main#Start Page [ http://www.pornograb.com ]
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main#Start Page [ http://www.pornograb.com ]

    Trojan.WinAntiSpyware 2007
    HKCR\washellext.WASContextMenu
    HKCR\washellext.WASContextMenu\CLSID
    HKCR\washellext.WASContextMenu\CurVer
    HKCR\washellext.WASContextMenu.1
    HKCR\washellext.WASContextMenu.1\CLSID
    HKCR\CLSID\{4567AB12-EDED-4675-AF10-BA15EDDB4D7A}
    HKCR\CLSID\{4567AB12-EDED-4675-AF10-BA15EDDB4D7A}#AppID
    HKCR\CLSID\{4567AB12-EDED-4675-AF10-BA15EDDB4D7A}\InprocServer32
    HKCR\CLSID\{4567AB12-EDED-4675-AF10-BA15EDDB4D7A}\InprocServer32#ThreadingModel
    HKCR\CLSID\{4567AB12-EDED-4675-AF10-BA15EDDB4D7A}\ProgID
    HKCR\CLSID\{4567AB12-EDED-4675-AF10-BA15EDDB4D7A}\Programmable
    HKCR\CLSID\{4567AB12-EDED-4675-AF10-BA15EDDB4D7A}\TypeLib
    HKCR\CLSID\{4567AB12-EDED-4675-AF10-BA15EDDB4D7A}\VersionIndependentProgID

    Trojan.TagASaurus
    C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\NETWORKSERVICE\DESKTOP\SEARCHUS.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP425\A0081107.EXE

    Adware.k8l
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\WINDOWS NT\PROFSYCYRT.HTML.VIR

    Trojan.Downloader-Gen/SKUNS
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SKUNS.DAT.VIR

    Adware.Unknown Origin
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\ZXDNT3D.CFG.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP425\A0081114.CFG

    Trojan.Downloader-Gen/AVP
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP417\A0073374.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP421\A0075668.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP422\A0076373.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP423\A0078077.EXE

    Adware.Search2Find
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP419\A0074389.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP419\A0074392.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP419\A0074394.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP419\A0074421.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP419\A0074423.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP419\A0074425.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP421\A0075647.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP421\A0075649.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP421\A0075651.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP422\A0076352.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP422\A0076354.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP422\A0076356.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP423\A0078056.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP423\A0078058.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP423\A0078060.LNK

    Malware.Ultimate Defender
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP419\A0074395.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP421\A0075659.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP421\A0075663.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP422\A0076364.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP422\A0076368.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP423\A0078068.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP423\A0078072.EXE

    Adware.eZula
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP419\A0074401.EXE
    C:\WINDOWS\SYSTEM32\KWUASUTN.EXE
    C:\WINDOWS\SYSTEM32\VRAKCXGC.EXE

    Trojan.Agent-Gen/XLaff
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP420\A0075510.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP421\A0075547.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP421\A0076218.EXE

    Trojan.Downloader-Gen/MobRules
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP421\A0075653.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP421\A0075654.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP422\A0076358.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP422\A0076359.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP423\A0078062.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP423\A0078063.DLL

    Adware.Vundo Variant/Rel
    C:\WINDOWS\SYSTEM32\STSTV.BAK1
    C:\WINDOWS\SYSTEM32\STSTV.INI




    and heres the hijackthis log

    Logfile of HijackThis v1.99.1
    Scan saved at 9:14:02 PM, on 11/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\PROGRA~1\MI3AA1~1\wcescomm.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\McAfee\MBK\MBackMonitor.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\SiteAdvisor\6172\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Nero\Nero 7\Core\nero.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {99B0BC62-FAD2-485D-B46F-765094C2CFF2} - C:\Program Files\MSN Gaming Zone\hoket4444.dll (file missing)
    O2 - BHO: (no name) - {CD93F8E1-7260-4034-9845-3041C34A57C2} - C:\Program Files\MSN Gaming Zone\hoket83122.dll (file missing)
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O20 - AppInit_DLLs: pushow71.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: geebb - C:\WINDOWS\system32\geebb.dll (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: mljgddb - mljgddb.dll (file missing)
    O20 - Winlogon Notify: vtsts - C:\WINDOWS\system32\vtsts.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: McAfee Application Installer Cleanup (0274421195201101) (0274421195201101mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\027442~1.EXE
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe



    thanks so much hopefuly the virus is gone.
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {99B0BC62-FAD2-485D-B46F-765094C2CFF2} - C:\Program Files\MSN Gaming Zone\hoket4444.dll (file missing)
    O2 - BHO: (no name) - {CD93F8E1-7260-4034-9845-3041C34A57C2} - C:\Program Files\MSN Gaming Zone\hoket83122.dll (file missing)
    O20 - AppInit_DLLs: pushow71.dll
    O20 - Winlogon Notify: geebb - C:\WINDOWS\system32\geebb.dll (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: mljgddb - mljgddb.dll (file missing)
    O20 - Winlogon Notify: vtsts - C:\WINDOWS\system32\vtsts.dll (file missing)

    Close all applications and browser windows before you click "fix checked".



    Please download the OTMoveIt by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
    • Close OTMoveIt
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    After you have restarted the machine please post a new hijackthis log and let me know if there are any problems.
     
  6. mattyzac

    mattyzac Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    4
    thanks so much...

    tho i wasnt able to do the move it thingy it kept saying error

    heres the hijackthis log

    Logfile of HijackThis v1.99.1
    Scan saved at 7:20:49 PM, on 12/9/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\PROGRA~1\MI3AA1~1\wcescomm.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\McAfee\MBK\MBackMonitor.exe
    C:\program files\valve\steam\steam.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\SiteAdvisor\6172\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Looks fine. How is it running now? Any problems?
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/650584

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice