Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

help I have cid virus and virtumonde

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

help I have cid virus and virtumonde

Unread postby sweettweeter » October 15th, 2007, 8:22 pm

here is a copy of hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:24 PM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll (file missing)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Inter bib audio army] C:\WINDOWS\Profiles\All Users\Application Data\setup film inter bib\data help.exe
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xdm492YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://software-dl.real.com/14f90097b40 ... st_Win.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWe ... taller.CAB
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://eztracks.aavalue.com/ezt/toolbar/eztdl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installer ... taller.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWi ... ontrol.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/bo ... oardID.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 13018 bytes
sweettweeter
Active Member
 
Posts: 7
Joined: October 15th, 2007, 8:14 pm
Advertisement
Register to Remove

Unread postby Shaba » October 16th, 2007, 12:42 am

Hi sweettweeter

Rename HijackThis.exe to sweettweeter.exe and post back a fresh HijackThis log, please :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby sweettweeter » October 16th, 2007, 6:05 pm

I don't know if I renamed the file correctly
but I have run vondo.fix and trojanhunter also multiple spybot and macafee virus scan.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:13 PM, on 10/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common

Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common

Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier

.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\Trend

Micro\HijackThis\sweettweeter.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL

= http://www.gophersearch.com/
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/def ... b/msgr8/*h

ttp://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ie/def ... p/msgr8/*h

ttp://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Window Title = Windows Internet Explorer

provided by Yahoo!
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-

8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-

11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!

\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-

9B51-7695ECA05670} - C:\Program Files\Yahoo!

\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-

B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0

\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {22BCC155-FCB0-4580-84E1-

AFCFA9941B4D} - C:\Program Files\Internet

Explorer\woxezibo4444.dll (file missing)
O2 - BHO: ads_optimizer - {26E45419-7205-4fac-BBFE-

174BC7337A79} - C:\WINDOWS\system32\nsw47.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-

BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-

206D7942484F} - C:\Program Files\Spybot - Search &

Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-

2FC0DE4A7897} - C:\Program Files\Yahoo!

\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-

D426709BBFEB} - (no file)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-

BB95-14D1EFB7946A} - C:\Program Files\Yahoo!

\Common\YIeTagBm.dll
O2 - BHO: (no name) - {66C6F332-2191-F5F9-9C5E-

4F856CDE8CD2} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-

48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-

WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-

D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03

\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-

6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {8EB6533A-9D31-425E-848A-

75F8890DEDB4} - C:\WINDOWS\system32\vtsrq.dll
O2 - BHO: ngsh33.clsIS - {941CA48C-3984-4E7D-AAF8-

8755ED76EB50} - (no file)
O2 - BHO: rightonadz browser optimizer - {971C3384-F75E

-4562-95B3-CBE7417529BC} - C:\WINDOWS\system32

\gzmrotate.dll
O2 - BHO: (no name) - {a2e113d1-d78f-4f7f-8b4b-

b8d169815df5} - C:\WINDOWS\system32\hopjguu.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-

8333-CF10577473F7} - c:\program

files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-

4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-

CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O2 - BHO: (no name) - {D578DABC-53E8-4AAF-A565-

71CEBBFD81CC} - C:\WINDOWS\system32\ddcyv.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-

2CDAB6A71F15} - C:\Program

Files\BitDownload\TorrentManager.dll
O2 - BHO: (no name) - {E96A5803-5018-4123-B809-

A2CF828FE2D6} - C:\Program Files\Internet

Explorer\woxezibo83122.dll (file missing)
O2 - BHO: (no name) - {EB8735D3-03F3-41A8-9417-

CF10B651F6D0} - C:\WINDOWS\system32\cbxyv.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-9EB4-

FE6FA694B13E} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F

-0090271D4F88} - C:\Program Files\Yahoo!

\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-

10AC9BABA46C} - C:\Program Files\Canon\Easy-

WebPrint\Toolband.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-

CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-

009027A5CD4F} - c:\program

files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-

17FE6E806AA0} - (no file)
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-

91BE-2E2841643C83} - C:\Program Files\Adssite Advanced

Toolbar\toolbar.dll (file missing)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-

45AF82825583} - (no file)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-

93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program

Files\Common Files\Scansoft

Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program

Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer]

KHALMNPR.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program

Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program

Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Inter bib audio army]

C:\WINDOWS\Profiles\All Users\Application Data\setup

film inter bib\data help.exe
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32

\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll"

DllVerify
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program

Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier

.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32

\ctfmon.exe
O4 - HKUS\S-1-5-21-299502267-492894223-854245398-1008

\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

(User 'tyler')
O4 - HKUS\S-1-5-21-299502267-492894223-854245398-1008

\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d

locale=en-US ee://aol/imApp (User 'tyler')
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration]

rundll32.exe C:\WINDOWS\system32

\spool\migrate.dll,ProcessWin9xNetworkPrinters (User

'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration]

rundll32.exe C:\WINDOWS\system32

\spool\migrate.dll,ProcessWin9xNetworkPrinters (User

'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program

Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program

Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program

Files\Common Files\Adobe\Calibration\Adobe Gamma

Loader.exe
O8 - Extra context menu item: &AOL Toolbar Search -

c:\program files\aol\aol toolbar 2.0\resources\en-

US\local\search.html
O8 - Extra context menu item: &Search -

http://bar.mywebsearch.com/menusearch.html?

p=ZCxdm492YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel

- res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print

List - res://C:\Program Files\Canon\Easy-

WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed

Print - res://C:\Program Files\Canon\Easy-

WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview -

res://C:\Program Files\Canon\Easy-

WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print -

res://C:\Program Files\Canon\Easy-

WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5

-00401C608501} - C:\Program Files\Java\jre1.6.0_03

\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-

CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-

4fee-9DF6-CA6EE38B68A8} - C:\Program

Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025

-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options -

{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program

Files\ieSpell\iespell.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-

4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!

\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669

-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender

Online Scanner v8 - {85d1f590-48f4-11d9-9669-

0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-

00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-

00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7

-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E

-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32

\nwprovau.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE}

(SupportSoft Script Runner Class) -

http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34}

(OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}

(Creative Software AutoUpdate) -

http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}

(Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}

(Rhapsody Player Engine) - http://software-

dl.real.com/14f90097b404a9b62516/windows/mrkt/rhapx/Rhap

sodyPlayerEngine_Inst_Win.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}

(YInstStarter Class) - C:\Program Files\Yahoo!

\Common\yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC}

(PogoWebLauncher Control) -

http://www.pogo.com/cdl/launcher/PogoWe ... erInstalle

r.CAB
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} -

http://eztracks.aavalue.com/ezt/toolbar/eztdl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,

101/mcinsctl.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB}

(ChkDVDCtl Class) -

http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}

(BDSCANONLINE Control) -

http://download.bitdefender.com/resourc ... 8/oscan8.c

ab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6}

(Groove Control) -

http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA}

(Sinstaller Class) -

http://dm.screensavers.com/dm/installer ... sinstaller

.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739}

(Verizon Wireless Media Upload) -

http://www.vzwpix.com/activex/VerizonWi ... ploadContr

ol.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

http://download.mcafee.com/molbin/share ... gr/1,0,0,2

6/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java

Runtime Environment 1.4.1) -
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3}

(BoardCtl Class) -

http://www.intel.com/design/motherbd/bo ... oardID.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6}

(McFreeScan Class) -

http://download.mcafee.com/molbin/iss-

loc/mcfscan/2,2,0,5140/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29}

(Creative Software AutoUpdate Support Package) -

http://www.creative.com/su/ocx/15028/CTPID.cab
O23 - Service: Adobe LM Service - Unknown owner -

C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc.

- C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) -

Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee,

Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google -

C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. -

C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcf_device - Unknown owner -

C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc.

- C:\Program Files\Common

Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) -

McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc.

- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee,

Inc. - c:\program files\common

files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) -

McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - Unknown

owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

(file missing)
O23 - Service: McAfee Redirector Service (McRedirector)

- McAfee, Inc. - c:\PROGRA~1\COMMON~1

\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) -

McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee,

Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service

(MpfService) - McAfee, Inc. - C:\Program

Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) -

NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 16471 bytes
sweettweeter
Active Member
 
Posts: 7
Joined: October 15th, 2007, 8:14 pm

Unread postby Shaba » October 17th, 2007, 4:40 am

Hi

Please make sure that next time you post HijackThis log Word Wrap is disabled (Format menu).

Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
  • First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it
    • Carefully type or copy and paste this series of characters into the lower text area labelled Insert CLSID Here. Include the {}:

      {CLSID GOES HERE}
  • Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --

1. Download combofix from one of these links:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post:

- a fresh HijackThis log
- combofix report
- nolop log
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby sweettweeter » October 17th, 2007, 7:20 am

no infected files for no lop

ComboFix 07-10-17.8 - kathy 2007-10-17 6:35:09.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.169 [GMT -4:00]
Running from: C:\WINDOWS\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\tabatha\Application Data\Starware
C:\Documents and Settings\tabatha\Application Data\Starware\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\tabatha\Application Data\Starware\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\tabatha\Application Data\Starware\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\tabatha\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Games\GamesOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Games\GamesOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Games\GamesOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Games\GamesOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Games\GamesOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Games\GamesOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\JokeSearch\JokeSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\JokeSearch\JokeSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\JokeSearch\JokeSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\JokeSearch\JokeSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\JokeSearch\JokeSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\JokeSearch\JokeSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Layouts\PreferencesLayout.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Layouts\PreferencesLayout.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Layouts\PreferencesLayout.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Layouts\ToolbarLayout.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Layouts\ToolbarLayout.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Layouts\ToolbarLayout.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Manager\ManagerOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Manager\ManagerOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Manager\ManagerOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Movies\MoviesOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Movies\MoviesOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Movies\MoviesOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Pranks\PranksOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Pranks\PranksOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Pranks\PranksOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Pranks\PranksOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Pranks\PranksOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Pranks\PranksOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\SmileyTown\SmileyTownOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\SmileyTown\SmileyTownOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\SmileyTown\SmileyTownOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\tabatha\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\tabatha\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup
C:\Program Files\Hammer.dll
C:\Program Files\ISM
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\Program Files\Temporary
C:\Program Files\Temporary\wininstall.exe
C:\Program Files\Temporary\wininstall.exe
C:\Program Files\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\xOe
C:\Temp\xOe\tOasF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\Profiles\All Users\Application Data\Starware337
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\epiRSS.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\epiRSS.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\epiRSS.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\epiRSS.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\epiSearch.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\epiSearch.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\epiSearch.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\epiSearch.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\FindIt.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\FindIt.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\FindItHot.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\FindItHot.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\findithotxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\findithotxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\finditxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\finditxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\Highlight.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\Highlight.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\HighlightHot.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\HighlightHot.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\highlighthotxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\highlighthotxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\highlightxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\highlightxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\Reference.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\Reference.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\ReferenceHot.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\ReferenceHot.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\referencehotxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\referencehotxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\referencexp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\referencexp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\starware_toolbar_icon.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\starware_toolbar_icon.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\Weather.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\Weather.bmp
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\weatherhotxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\weatherhotxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\weatherxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\buttons\weatherxp.png
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\contexts\error.xml
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\contexts\error.xml
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\contexts\related.xml
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\contexts\related.xml
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\contexts\travel.xml
C:\WINDOWS\Profiles\All Users\Application Data\Starware337\contexts\travel.xml
C:\WINDOWS\start.exe
C:\WINDOWS\system32\b1
C:\WINDOWS\system32\biupobbc.dll
C:\WINDOWS\system32\byxvu.dll
C:\WINDOWS\system32\cbxyv.dll
C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\fdfqjdnu.dll
C:\WINDOWS\system32\hbilakww.exe
C:\WINDOWS\system32\hopjguu.dll
C:\WINDOWS\system32\nsw47.dll
C:\WINDOWS\SYSTEM32\qrstv.bak2
C:\WINDOWS\SYSTEM32\qrstv.ini
C:\WINDOWS\SYSTEM32\qrstv.tmp
C:\WINDOWS\SYSTEM32\undjqfdf.ini
C:\WINDOWS\SYSTEM32\uvxyb.bak1
C:\WINDOWS\SYSTEM32\uvxyb.bak1
C:\WINDOWS\SYSTEM32\uvxyb.ini
C:\WINDOWS\SYSTEM32\uvxyb.ini
C:\WINDOWS\system32\vMW04a
C:\WINDOWS\system32\vtsrq.dll
C:\WINDOWS\system32\vtsrq.dll
C:\WINDOWS\SYSTEM32\vycdd.bak1
C:\WINDOWS\SYSTEM32\vycdd.ini
C:\WINDOWS\SYSTEM32\vyxbc.bak1
C:\WINDOWS\SYSTEM32\vyxbc.bak1
C:\WINDOWS\SYSTEM32\vyxbc.ini
C:\WINDOWS\SYSTEM32\vyxbc.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2007-09-17 to 2007-10-17 )))))))))))))))))))))))))))))))
.

2007-10-16 06:40 <DIR> d-------- C:\Documents and Settings\tyler\Application Data\COMCASTTOOLBAR
2007-10-16 00:06 <DIR> d-------- C:\Documents and Settings\kathy\Application Data\TrojanHunter
2007-10-15 20:51 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-10-15 20:05 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-15 19:44 212 --a------ C:\delete.bat
2007-10-15 00:01 <DIR> d-------- C:\NoLopBackups
2007-10-14 23:43 <DIR> d-------- C:\Documents and Settings\kathy\Application Data\ComcastToolbar
2007-10-14 19:00 <DIR> d-------- C:\VundoFix Backups
2007-10-14 15:55 <DIR> d-------- C:\Docum
2007-10-14 15:30 <DIR> d-------- C:\Documents and Settings\GUEST-1\Application Data\COMCASTTOOLBAR
2007-10-14 14:48 <DIR> d-------- C:\Program Files\ComcastToolbar
2007-10-14 09:36 <DIR> d--hs---- C:\FOUND.004
2007-10-10 20:24 <DIR> d-------- C:\WINDOWS\Profiles\All Users\Application Data\STOPzilla!
2007-10-10 20:24 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-10-10 19:18 <DIR> d--hs---- C:\FOUND.003
2007-10-08 05:20 <DIR> d-------- C:\Program Files\McAfee
2007-10-08 05:20 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-10-08 04:10 249 --a------ C:\Documents and Settings\kathy\9258.bat
2007-10-08 03:55 249 --a------ C:\Documents and Settings\kathy\9664.bat
2007-10-08 03:41 249 --a------ C:\Documents and Settings\kathy\7255.bat
2007-10-07 12:09 <DIR> d-------- C:\Documents and Settings\kathy\Application Data\Closedupe
2007-10-07 12:05 249 --a------ C:\Documents and Settings\kathy\2849.bat
2007-10-07 11:15 <DIR> d-------- C:\Documents and Settings\tabatha\Application Data\Adssite Advanced Toolbar
2007-10-07 11:12 <DIR> d-------- C:\Documents and Settings\tabatha\Application Data\BitDownload
2007-10-07 11:09 <DIR> d-------- C:\WINDOWS\Profiles\All Users\Application Data\setup film inter bib
2007-10-07 11:09 <DIR> d-------- C:\Program Files\Closedupe
2007-10-07 11:08 <DIR> d-------- C:\Program Files\BitDownload
2007-09-19 22:27 <DIR> d-------- C:\Program Files\ATI Technologies
2007-09-19 22:26 <DIR> d-------- C:\ATI
2007-09-17 20:04 <DIR> d--hs---- C:\FOUND.002

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-16 22:55 339,968 ----a-w C:\WINDOWS\SYSTEM32\taocppex.dll
2007-10-16 22:54 389,184 ----a-w C:\WINDOWS\SYSTEM32\sjkgdtco.exe
2007-10-15 22:52 389,184 ----a-w C:\WINDOWS\SYSTEM32\rnpkmmdx.exe
2007-10-14 22:59 389,184 ----a-w C:\WINDOWS\SYSTEM32\vbmkqpmr.exe
2007-10-13 11:25 389,184 ----a-w C:\WINDOWS\SYSTEM32\bbdjojll.exe
2007-10-10 23:07 40,733 ----a-w C:\WINDOWS\SYSTEM32\rightonadz-uninst.exe
2007-10-10 10:24 63,488 ----a-w C:\WINDOWS\SYSTEM32\gzmrotate.dll
2007-10-07 15:27 79,832 ----a-w C:\WINDOWS\SYSTEM32\adssite-remove.exe
2007-10-07 15:25 58,368 ------w C:\WINDOWS\SYSTEM32\app.exe
2007-10-07 15:25 32,768 ----a-w C:\WINDOWS\SYSTEM32\winlogo.exe
2007-10-07 15:25 111,710 ----a-w C:\WINDOWS\SYSTEM32\ps.exe
2007-08-18 15:02 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-06-02 19:24 76,928 ----a-w C:\Documents and Settings\kathy\Application Data\GDIPFONTCACHEV1.DAT
2006-03-15 02:10 876,576 ---ha-r C:\Documents and Settings\JOHN\USER.DAT
2006-03-12 08:18 819,232 ---ha-r C:\Documents and Settings\timmy\USER.DAT
2005-07-14 13:08 29,156 ----a-w C:\Program Files\1353.torrent
2005-05-30 05:35 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-05-28 18:55 266 --sh--w C:\Program Files\desktop.ini
2005-05-28 18:55 11,079 ---h--w C:\Program Files\folder.htt
2006-06-21 19:08:34 2 --sh--w C:\WINDOWS\SYSTEM\netstat.com
2006-06-21 19:08:34 2 --sh--w C:\WINDOWS\SYSTEM\ping.com
2006-06-21 19:08:34 2 --sh--w C:\WINDOWS\SYSTEM\tracert.com
2006-06-21 19:08:34 2 --sh--w C:\WINDOWS\SYSTEM\tasklist.com
2006-06-21 19:08:34 2 --sh--w C:\WINDOWS\SYSTEM\taskkill.com
2006-06-21 19:08:34 2 --sh--w C:\WINDOWS\SYSTEM\regedit.com
2006-06-21 19:08:34 2 --sh--w C:\WINDOWS\SYSTEM\cmd.com
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22BCC155-FCB0-4580-84E1-AFCFA9941B4D}]
C:\Program Files\Internet Explorer\woxezibo4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66C6F332-2191-F5F9-9C5E-4F856CDE8CD2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{941CA48C-3984-4E7D-AAF8-8755ED76EB50}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{971C3384-F75E-4562-95B3-CBE7417529BC}]
2007-10-10 06:24 63488 --a------ C:\WINDOWS\system32\gzmrotate.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-16 18:55 339968 --a------ C:\WINDOWS\system32\taocppex.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5792AA9-D373-4039-8670-2CDAB6A71F15}]
2007-02-24 00:08 225280 --a------ C:\Program Files\BitDownload\TorrentManager.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E96A5803-5018-4123-B809-A2CF828FE2D6}]
C:\Program Files\Internet Explorer\woxezibo83122.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41C29B07-6F91-4966-91BE-2E2841643C83}"= C:\Program Files\Adssite Advanced Toolbar\toolbar.dll [ ]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\taocppex.dll [2007-10-16 18:55 339968]

[HKEY_CLASSES_ROOT\CLSID\{41C29B07-6F91-4966-91BE-2E2841643C83}]
[HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic.1]
[HKEY_CLASSES_ROOT\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}]
[HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-30 22:59]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45]
"MRT"="C:\WINDOWS\system32\MRT.exe" [2007-06-05 23:38]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 23:25 C:\WINDOWS\KHALMNPR.Exe]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 20:40]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-24 22:33]
"nwiz"="nwiz.exe" [2006-07-24 22:33 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-24 22:33]
"Inter bib audio army"="C:\WINDOWS\Profiles\All Users\Application Data\setup film inter bib\data help.exe" [2007-10-16 22:40]
"hid_start"="C:\WINDOWS\system32\gzmrotate.dll" [2007-10-10 06:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 02:14]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 12:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Printing Migration"=rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters

C:\Documents and Settings\tabatha\Start Menu\Programs\Startup\
Photo Express Calendar Checker SE.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [2005-11-07 04:11:15]
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2005-03-09 15:49:38]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-02-03 20:06:42]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-11-18 00:31:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\taocppex]
taocppex.dll 2007-10-16 18:55 339968 C:\WINDOWS\SYSTEM32\taocppex.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtsrq.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ATI Launchpad"=
"Weather"=C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
"Jmjbs"=C:\Program Files\Common Files\Elsd\jcgpbuy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"f3qhd2ks"=C:\WINDOWS\SYSTEM\f3qhd2ks.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Ulead Memory Card Detector"=C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 Trial\Monitor.exe
"PE2CKFNT SE"=C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"TaskMonitor"=C:\WINDOWS\taskmon.exe
"SystemTray"=SysTray.Exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"HydarVisionDesktopManager"=desk98.exe
"EM_EXEC"=C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
"KEMailKb"=C:\PROGRA~1\KEMAILKB\KEMailKb.EXE
"Adaptec DirectCD"=D:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
"HP CD-Writer"=D:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
"LexStart"=Lexstart.exe
"LexmarkPrinTray"=PrinTray.exe
"MCUpdateExe"=C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
"QuickTime Task"="C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
"OmgStartup"=C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
"SetPoint"=C:\Program Files\Logitech\SetPoint\KEM.EXE
"SsAAD.exe"=C:\PROGRA~1\SONY\SONICS~1\SSAAD.EXE
"CleanReg"=C:\WINDOWS\SYSTEM32\coclean.exe EnumPorts
"LXCFCATS"=rundll32 C:\WINDOWS\SYSTEM\LXCFtime.dll,_RunDLLEntry@16
"ScanRegistry"=C:\WINDOWS\scanregw.exe /autorun
"VSOCheckTask"="C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
"VirusScan Online"="C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
"MCAgentExe"=C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
"MPFEXE"="C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
"MCTskShd"=C:\PROGRA~1\MCAFEE.COM\AGENT\mctskshd.exe
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"winupdates"=\winupdates\winupdates.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"QuickTime Task"="C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
"MCUpdateExe"=C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
"MCAgentExe"=C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
"MPFEXE"="C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
"MCTskShd"=C:\PROGRA~1\MCAFEE.COM\AGENT\mctskshd.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"VSOCheckTask"="C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
"CY_BG"=C:\WINDOWS\CY_BG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"KB891711"=C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"SchedulingAgent"=mstask.exe
"McVsRte"=C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding



[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
"2006-07-25 01:54:58 C:\WINDOWS\Tasks\ScanDisk.job"
"2007-10-07 03:00:02 C:\WINDOWS\Tasks\Tune-up Application Start.job"
"2007-10-16 16:00:02 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer tsid_09272005082920.job"
"2007-06-16 06:46:56 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-14 06:46:02 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-08 09:21:20 C:\WINDOWS\Tasks\McQcTask.job"
"2007-10-15 08:29:38 C:\WINDOWS\Tasks\McDefragTask.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-17 06:57:24
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-17 7:05:33 - machine was rebooted
.
--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:10 AM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\Trend Micro\HijackThis\sweettweeter.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {22BCC155-FCB0-4580-84E1-AFCFA9941B4D} - C:\Program Files\Internet Explorer\woxezibo4444.dll (file missing)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {66C6F332-2191-F5F9-9C5E-4F856CDE8CD2} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: ngsh33.clsIS - {941CA48C-3984-4E7D-AAF8-8755ED76EB50} - (no file)
O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\WINDOWS\system32\gzmrotate.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\taocppex.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll
O2 - BHO: (no name) - {E96A5803-5018-4123-B809-A2CF828FE2D6} - C:\Program Files\Internet Explorer\woxezibo83122.dll (file missing)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\taocppex.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Inter bib audio army] C:\WINDOWS\Profiles\All Users\Application Data\setup film inter bib\data help.exe
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xdm492YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://software-dl.real.com/14f90097b40 ... st_Win.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWe ... taller.CAB
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://eztracks.aavalue.com/ezt/toolbar/eztdl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installer ... taller.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWi ... ontrol.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/bo ... oardID.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O20 - Winlogon Notify: taocppex - C:\WINDOWS\SYSTEM32\taocppex.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 15854 bytes
sweettweeter
Active Member
 
Posts: 7
Joined: October 15th, 2007, 8:14 pm

Unread postby Shaba » October 17th, 2007, 7:29 am

Hi

I would still like to see nolop.log as there might be some files/folders that it didn't recognize & delete but listed :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby sweettweeter » October 17th, 2007, 6:19 pm

AEB7DDB2911C4EAE.job.01.infected
This was logged but do I need to know how to open?
new


Fix running from: C:\WINDOWS\Desktop
[10/17/2007]
[6:02:56 PM]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Guest-1\Application Data\Microsoft
C:\Documents and Settings\Guest-1\Application Data\Real
C:\Documents and Settings\Guest-1\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Guest-1\Application Data\Adobe
C:\Documents and Settings\Guest-1\Application Data\Macromedia
C:\Documents and Settings\Guest-1\Application Data\Identities
C:\Documents and Settings\Guest-1\Application Data\Aol -- EMPTY Directory
C:\Documents and Settings\Guest-1\Application Data\Aim
C:\Documents and Settings\Guest-1\Application Data\Netpumper -- EMPTY Directory
C:\Documents and Settings\Guest-1\Application Data\32 Wait View Creative
C:\Documents and Settings\Guest-1\Application Data\Creative
C:\Documents and Settings\Guest-1\Application Data\Vcom
C:\Documents and Settings\Guest-1\Application Data\Logitech
C:\Documents and Settings\Guest-1\Application Data\Ati
C:\Documents and Settings\Guest-1\Application Data\Google -- EMPTY Directory
C:\Documents and Settings\Guest-1\Application Data\Neopets Toolbar
C:\Documents and Settings\Guest-1\Application Data\Yahoo!
C:\Documents and Settings\Guest-1\Application Data\Sun
C:\Documents and Settings\Guest-1\Application Data\Wildtangent
C:\Documents and Settings\Guest-1\Application Data\Comcasttoolbar
C:\Documents and Settings\John2\Application Data\Microsoft
C:\Documents and Settings\John2\Application Data\Vcom
C:\Documents and Settings\John2\Application Data\Shutterfly
C:\Documents and Settings\John2\Application Data\32 Wait View Creative
C:\Documents and Settings\John2\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\John2\Application Data\Creative
C:\Documents and Settings\John2\Application Data\Aim
C:\Documents and Settings\John2\Application Data\Real
C:\Documents and Settings\John2\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\John2\Application Data\Adobe
C:\Documents and Settings\John2\Application Data\Macromedia
C:\Documents and Settings\John2\Application Data\Aol
C:\Documents and Settings\John2\Application Data\Identities
C:\Documents and Settings\John2\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\John2\Application Data\Logitech
C:\Documents and Settings\John2\Application Data\Ati
C:\Documents and Settings\John2\Application Data\Apple Computer
C:\Documents and Settings\John2\Application Data\Acccore
C:\Documents and Settings\John2\Application Data\Playfirst
C:\Documents and Settings\John2\Application Data\Mozilla
C:\Documents and Settings\John2\Application Data\Yahoo!
C:\Documents and Settings\John2\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\John2\Application Data\Neopets Toolbar
C:\Documents and Settings\John2\Application Data\Google
C:\Documents and Settings\John2\Application Data\Canon
C:\Documents and Settings\John2\Application Data\Securom
C:\Documents and Settings\John2\Application Data\Command & Conquer 3 Tiberium Wars
C:\Documents and Settings\John2\Application Data\Sun
C:\Documents and Settings\John2\Application Data\Iespell -- EMPTY Directory
C:\Documents and Settings\John2\Application Data\Arcsoft
C:\Documents and Settings\John2\Application Data\Uniblue -- EMPTY Directory
C:\Documents and Settings\John2\Application Data\Viewpoint
C:\Documents and Settings\John2\Application Data\Wildtangent
C:\Documents and Settings\Kathy\Application Data\Microsoft
C:\Documents and Settings\Kathy\Application Data\Real
C:\Documents and Settings\Kathy\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Kathy\Application Data\Adobe
C:\Documents and Settings\Kathy\Application Data\Macromedia
C:\Documents and Settings\Kathy\Application Data\Identities
C:\Documents and Settings\Kathy\Application Data\Aim
C:\Documents and Settings\Kathy\Application Data\Versiontracker Pro
C:\Documents and Settings\Kathy\Application Data\Funkitron
C:\Documents and Settings\Kathy\Application Data\Leadertech
C:\Documents and Settings\Kathy\Application Data\Weatherbug
C:\Documents and Settings\Kathy\Application Data\Vcom
C:\Documents and Settings\Kathy\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\Kathy\Application Data\Yahoo! Companion
C:\Documents and Settings\Kathy\Application Data\Netpumper -- EMPTY Directory
C:\Documents and Settings\Kathy\Application Data\32 Wait View Creative -- EMPTY Directory
C:\Documents and Settings\Kathy\Application Data\Creative
C:\Documents and Settings\Kathy\Application Data\Shutterfly
C:\Documents and Settings\Kathy\Application Data\Aladdin Systems
C:\Documents and Settings\Kathy\Application Data\Allume Systems
C:\Documents and Settings\Kathy\Application Data\Sony Corporation
C:\Documents and Settings\Kathy\Application Data\Logitech
C:\Documents and Settings\Kathy\Application Data\Bror
C:\Documents and Settings\Kathy\Application Data\Pure Networks
C:\Documents and Settings\Kathy\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Kathy\Application Data\Yahoo!
C:\Documents and Settings\Kathy\Application Data\Ati
C:\Documents and Settings\Kathy\Application Data\Canon
C:\Documents and Settings\Kathy\Application Data\Acccore
C:\Documents and Settings\Kathy\Application Data\Mozilla
C:\Documents and Settings\Kathy\Application Data\Installshield
C:\Documents and Settings\Kathy\Application Data\Scansoft
C:\Documents and Settings\Kathy\Application Data\Neopets Toolbar
C:\Documents and Settings\Kathy\Application Data\Google
C:\Documents and Settings\Kathy\Application Data\Arcsoft
C:\Documents and Settings\Kathy\Application Data\Sun
C:\Documents and Settings\Kathy\Application Data\Viewpoint
C:\Documents and Settings\Kathy\Application Data\Securom
C:\Documents and Settings\Kathy\Application Data\Command & Conquer 3 Tiberium Wars
C:\Documents and Settings\Kathy\Application Data\Wildtangent
C:\Documents and Settings\Kathy\Application Data\Apple Computer
C:\Documents and Settings\Kathy\Application Data\Mcafee -- EMPTY Directory
C:\Documents and Settings\Kathy\Application Data\Closedupe -- EMPTY Directory
C:\Documents and Settings\Kathy\Application Data\Comcasttoolbar
C:\Documents and Settings\Kathy\Application Data\Trojanhunter
C:\Documents and Settings\Tabatha\Application Data\Microsoft
C:\Documents and Settings\Tabatha\Application Data\Real
C:\Documents and Settings\Tabatha\Application Data\Adobeum
C:\Documents and Settings\Tabatha\Application Data\Adobe
C:\Documents and Settings\Tabatha\Application Data\Macromedia
C:\Documents and Settings\Tabatha\Application Data\Identities
C:\Documents and Settings\Tabatha\Application Data\Aim
C:\Documents and Settings\Tabatha\Application Data\Sun
C:\Documents and Settings\Tabatha\Application Data\Leadertech
C:\Documents and Settings\Tabatha\Application Data\Aol
C:\Documents and Settings\Tabatha\Application Data\Yahoo! Messenger
C:\Documents and Settings\Tabatha\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\Tabatha\Application Data\Yahoo!
C:\Documents and Settings\Tabatha\Application Data\Yahoo! Companion
C:\Documents and Settings\Tabatha\Application Data\Creative
C:\Documents and Settings\Tabatha\Application Data\Hulabee
C:\Documents and Settings\Tabatha\Application Data\Shutterfly
C:\Documents and Settings\Tabatha\Application Data\Wildfire
C:\Documents and Settings\Tabatha\Application Data\Funkitron
C:\Documents and Settings\Tabatha\Application Data\Closedupe
C:\Documents and Settings\Tabatha\Application Data\32 Wait View Creative
C:\Documents and Settings\Tabatha\Application Data\Netpumper
C:\Documents and Settings\Tabatha\Application Data\Apple Computer
C:\Documents and Settings\Tabatha\Application Data\Acccore
C:\Documents and Settings\Tabatha\Application Data\Logitech
C:\Documents and Settings\Tabatha\Application Data\Ati
C:\Documents and Settings\Tabatha\Application Data\Mozilla
C:\Documents and Settings\Tabatha\Application Data\Neopets Toolbar
C:\Documents and Settings\Tabatha\Application Data\Google -- EMPTY Directory
C:\Documents and Settings\Tabatha\Application Data\Securom
C:\Documents and Settings\Tabatha\Application Data\Command & Conquer 3 Tiberium Wars
C:\Documents and Settings\Tabatha\Application Data\Viewpoint
C:\Documents and Settings\Tabatha\Application Data\Bitdownload
C:\Documents and Settings\Tabatha\Application Data\Adssite Advanced Toolbar
C:\Documents and Settings\Tyler\Application Data\Microsoft
C:\Documents and Settings\Tyler\Application Data\Real
C:\Documents and Settings\Tyler\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Tyler\Application Data\Adobe
C:\Documents and Settings\Tyler\Application Data\Macromedia
C:\Documents and Settings\Tyler\Application Data\Identities
C:\Documents and Settings\Tyler\Application Data\Aim
C:\Documents and Settings\Tyler\Application Data\Aol -- EMPTY Directory
C:\Documents and Settings\Tyler\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\Tyler\Application Data\Yahoo! Companion
C:\Documents and Settings\Tyler\Application Data\Shutterfly
C:\Documents and Settings\Tyler\Application Data\Netpumper -- EMPTY Directory
C:\Documents and Settings\Tyler\Application Data\32 Wait View Creative
C:\Documents and Settings\Tyler\Application Data\Creative
C:\Documents and Settings\Tyler\Application Data\Logitech
C:\Documents and Settings\Tyler\Application Data\Yahoo!
C:\Documents and Settings\Tyler\Application Data\Ati
C:\Documents and Settings\Tyler\Application Data\Acccore
C:\Documents and Settings\Tyler\Application Data\Mozilla
C:\Documents and Settings\Tyler\Application Data\Google -- EMPTY Directory
C:\Documents and Settings\Tyler\Application Data\Neopets Toolbar
C:\Documents and Settings\Tyler\Application Data\Securom
C:\Documents and Settings\Tyler\Application Data\Command & Conquer 3 Tiberium Wars
C:\Documents and Settings\Tyler\Application Data\Comcasttoolbar
C:\Documents and Settings\John\Application Data\Real
C:\Documents and Settings\John\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\John\Application Data\Adobe
C:\Documents and Settings\John\Application Data\Macromedia
C:\Documents and Settings\John\Application Data\Microsoft
C:\Documents and Settings\John\Application Data\Identities
C:\Documents and Settings\John\Application Data\Aim
C:\Documents and Settings\John\Application Data\Logitech
C:\Documents and Settings\John\Application Data\Aol
C:\Documents and Settings\John\Application Data\Yahoo! Companion
C:\Documents and Settings\John\Application Data\Netpumper -- EMPTY Directory
C:\Documents and Settings\John\Application Data\32 Wait View Creative
C:\Documents and Settings\John\Application Data\Creative
C:\Documents and Settings\John\Application Data\Sony Corporation
C:\Documents and Settings\John\Application Data\Allume Systems
C:\Documents and Settings\John\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\John\Application Data\Shutterfly
C:\Documents and Settings\John\Application Data\Vcom
C:\Documents and Settings\John\Application Data\Starware
C:\Documents and Settings\Timmy\Application Data\Real
C:\Documents and Settings\Timmy\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Timmy\Application Data\Adobe
C:\Documents and Settings\Timmy\Application Data\Macromedia
C:\Documents and Settings\Timmy\Application Data\Microsoft
C:\Documents and Settings\Timmy\Application Data\Identities
C:\Documents and Settings\Timmy\Application Data\Aim
C:\Documents and Settings\Timmy\Application Data\Logitech
C:\Documents and Settings\Timmy\Application Data\Yahoo!
C:\Documents and Settings\Timmy\Application Data\Aol -- EMPTY Directory
C:\Documents and Settings\Timmy\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\Timmy\Application Data\Creative
C:\Documents and Settings\Timmy\Application Data\Shutterfly
C:\Documents and Settings\Timmy\Application Data\Netpumper -- EMPTY Directory
C:\Documents and Settings\Timmy\Application Data\32 Wait View Creative
C:\Documents and Settings\Timmy\Application Data\Closedupe -- EMPTY Directory
C:\Documents and Settings\Timmy\Application Data\Metaaboutjugs -- EMPTY Directory
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Macromedia
C:\Documents and Settings\Localservice\Application Data\Mcafee


old

empty


Vondo fix


VundoFix V6.5.10

Checking Java version...

Java version is 1.5.0.11

Scan started at 7:00:30 PM 10/14/2007

Listing files found while scanning....

C:\WINDOWS\system32\gpaufxdh.ini
C:\WINDOWS\system32\hdxfuapg.dll

VundoFix V6.5.10

Checking Java version...

Java version is 1.5.0.11

Scan started at 8:17:25 PM 10/14/2007

Listing files found while scanning....


VundoFix V6.5.10

Checking Java version...

Java version is 1.5.0.11

Scan started at 10:49:37 PM 10/14/2007

Listing files found while scanning....

C:\windows\system32\dnlmsfmh.ini
C:\WINDOWS\system32\drkbbwtn.dll
C:\WINDOWS\system32\hmfsmlnd.dll
C:\WINDOWS\system32\mzagaawh.dll
C:\WINDOWS\system32\rqrqrol.dll
C:\windows\system32\tuvutss.dll

Beginning removal...

Attempting to delete C:\windows\system32\dnlmsfmh.ini
C:\windows\system32\dnlmsfmh.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\drkbbwtn.dll
C:\WINDOWS\system32\drkbbwtn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hmfsmlnd.dll
C:\WINDOWS\system32\hmfsmlnd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mzagaawh.dll
C:\WINDOWS\system32\mzagaawh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrqrol.dll
C:\WINDOWS\system32\rqrqrol.dll Could not be deleted.

Attempting to delete C:\windows\system32\tuvutss.dll
C:\windows\system32\tuvutss.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\rqrqrol.dll
C:\WINDOWS\system32\rqrqrol.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.10

Checking Java version...

Scan started at 11:47:50 PM 10/14/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.10

Checking Java version...

Scan started at 12:42:10 AM 10/15/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.10

Checking Java version...

Scan started at 6:53:59 PM 10/15/2007

Listing files found while scanning....

C:\WINDOWS\system32\bibchool.dll
C:\WINDOWS\system32\jhqqtwug.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bibchool.dll
C:\WINDOWS\system32\bibchool.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jhqqtwug.dll
C:\WINDOWS\system32\jhqqtwug.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.10

Checking Java version...

Scan started at 7:33:29 PM 10/15/2007

Listing files found while scanning....

C:\windows\system32\eakbsnvt.ini
C:\WINDOWS\system32\jhqqtwug.dll
C:\windows\system32\tvnsbkae.dll

Beginning removal...

Attempting to delete C:\windows\system32\eakbsnvt.ini
C:\windows\system32\eakbsnvt.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jhqqtwug.dll
C:\WINDOWS\system32\jhqqtwug.dll Has been deleted!

Attempting to delete C:\windows\system32\tvnsbkae.dll
C:\windows\system32\tvnsbkae.dll Has been deleted!

Performing Repairs to the registry.
Done!
sweettweeter
Active Member
 
Posts: 7
Joined: October 15th, 2007, 8:14 pm

Unread postby Shaba » October 18th, 2007, 3:49 am

Hi

Uninstall first bitdownload via add/remove program.

It's a bad torrent client and should not be used; it installs that cid.

If you really need torrent client, eg.utorrent is a safe alternative

After that:

Open HijackThis, click do a system scan only and checkmark these:

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xdm492YYUS
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://eztracks.aavalue.com/ezt/toolbar/eztdl.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installer ... taller.cab


Close all windows including browser and press fix checked.

Reboot.

Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
File::
C:\WINDOWS\SYSTEM32\taocppex.dll
C:\WINDOWS\SYSTEM32\sjkgdtco.exe
C:\WINDOWS\SYSTEM32\rnpkmmdx.exe
C:\WINDOWS\SYSTEM32\vbmkqpmr.exe
C:\WINDOWS\SYSTEM32\bbdjojll.exe
C:\WINDOWS\SYSTEM32\rightonadz-uninst.exe
C:\WINDOWS\SYSTEM32\gzmrotate.dll
C:\WINDOWS\SYSTEM32\adssite-remove.exe
C:\WINDOWS\SYSTEM32\app.exe
C:\WINDOWS\SYSTEM32\winlogo.exe
C:\WINDOWS\SYSTEM32\ps.exe 

Folder::
C:\Documents and Settings\tabatha\Application Data\Adssite Advanced Toolbar
C:\Documents and Settings\tabatha\Application Data\BitDownload
C:\WINDOWS\Profiles\All Users\Application Data\setup film inter bib
C:\Program Files\Closedupe
C:\Program Files\BitDownload
C:\Documents and Settings\kathy\Application Data\Closedupe
C:\Documents and Settings\Guest-1\Application Data\32 Wait View Creative 
C:\Documents and Settings\John2\Application Data\32 Wait View Creative
C:\Documents and Settings\Kathy\Application Data\Netpumper 
C:\Documents and Settings\Kathy\Application Data\32 Wait View Creative 
C:\Documents and Settings\Guest-1\Application Data\Netpumper
C:\Documents and Settings\Tabatha\Application Data\Closedupe
C:\Documents and Settings\Tabatha\Application Data\32 Wait View Creative
C:\Documents and Settings\Tabatha\Application Data\Netpumper 
C:\Documents and Settings\Tabatha\Application Data\Bitdownload
C:\Documents and Settings\Tabatha\Application Data\Adssite Advanced Toolbar 
C:\Documents and Settings\Tyler\Application Data\Netpumper 
C:\Documents and Settings\Tyler\Application Data\32 Wait View Creative 
C:\Documents and Settings\John\Application Data\Netpumper 
C:\Documents and Settings\John\Application Data\32 Wait View Creative 
C:\Documents and Settings\John\Application Data\Starware 
C:\Documents and Settings\Timmy\Application Data\Netpumper 
C:\Documents and Settings\Timmy\Application Data\32 Wait View Creative
C:\Documents and Settings\Timmy\Application Data\Closedupe 
C:\Documents and Settings\Timmy\Application Data\Metaaboutjugs

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22BCC155-FCB0-4580-84E1-AFCFA9941B4D}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66C6F332-2191-F5F9-9C5E-4F856CDE8CD2}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{941CA48C-3984-4E7D-AAF8-8755ED76EB50}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{971C3384-F75E-4562-95B3-CBE7417529BC}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5792AA9-D373-4039-8670-2CDAB6A71F15}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E96A5803-5018-4123-B809-A2CF828FE2D6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41C29B07-6F91-4966-91BE-2E2841643C83}"=-
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=- 

[-HKEY_CLASSES_ROOT\CLSID\{41C29B07-6F91-4966-91BE-2E2841643C83}]

[-HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic.1]

[-HKEY_CLASSES_ROOT\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}]

[-HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic]

[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Inter bib audio army"=-
"hid_start"="-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\taocppex] 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Jmjbs"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"f3qhd2ks"=-
"winupdates"=-



Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby sweettweeter » October 18th, 2007, 6:45 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:44:07 AM, on 10/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\sweettweeter.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://software-dl.real.com/14f90097b40 ... st_Win.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWe ... taller.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWi ... ontrol.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/bo ... oardID.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 14230 bytes


ComboFix 07-10-17.8 - kathy 2007-10-18 6:28:21.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.202 [GMT -4:00]
Running from: C:\WINDOWS\Desktop\ComboFix.exe
Command switches used :: C:\cfscript.txt
* Created a new restore point

FILE::
C:\WINDOWS\SYSTEM32\adssite-remove.exe
C:\WINDOWS\SYSTEM32\app.exe
C:\WINDOWS\SYSTEM32\bbdjojll.exe
C:\WINDOWS\SYSTEM32\gzmrotate.dll
C:\WINDOWS\SYSTEM32\ps.exe
C:\WINDOWS\SYSTEM32\rightonadz-uninst.exe
C:\WINDOWS\SYSTEM32\rnpkmmdx.exe
C:\WINDOWS\SYSTEM32\sjkgdtco.exe
C:\WINDOWS\SYSTEM32\taocppex.dll
C:\WINDOWS\SYSTEM32\vbmkqpmr.exe
C:\WINDOWS\SYSTEM32\winlogo.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Guest-1\Application Data\32 Wait View Creative
C:\Documents and Settings\Guest-1\Application Data\32 Wait View Creative\Dumb Surf Way
C:\Documents and Settings\Guest-1\Application Data\Netpumper
C:\Documents and Settings\John\Application Data\32 Wait View Creative
C:\Documents and Settings\John\Application Data\32 Wait View Creative\mapi meal flap
C:\Documents and Settings\John\Application Data\32 Wait View Creative\proxy once build
C:\Documents and Settings\John\Application Data\Netpumper
C:\Documents and Settings\John\Application Data\Starware
C:\Documents and Settings\John\Application Data\Starware\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\John\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\John\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\John\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\Games\GamesOptions.xml
C:\Documents and Settings\John\Application Data\Starware\Games\GamesOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\JokeSearch\JokeSearchOptions.xml
C:\Documents and Settings\John\Application Data\Starware\JokeSearch\JokeSearchOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\Layouts\PreferencesLayout.xml
C:\Documents and Settings\John\Application Data\Starware\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\John\Application Data\Starware\Layouts\ToolbarLayout.xml
C:\Documents and Settings\John\Application Data\Starware\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\John\Application Data\Starware\Manager\ManagerOptions.xml
C:\Documents and Settings\John\Application Data\Starware\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\Movies\MoviesOptions.xml
C:\Documents and Settings\John\Application Data\Starware\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\Pranks\PranksOptions.xml
C:\Documents and Settings\John\Application Data\Starware\Pranks\PranksOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\John\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\John\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\John\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\John\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\SmileyTown\SmileyTownOptions.xml
C:\Documents and Settings\John\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\John\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\John\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\John\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\John\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\John2\Application Data\32 Wait View Creative
C:\Documents and Settings\John2\Application Data\32 Wait View Creative\mapi meal flap
C:\Documents and Settings\Kathy\Application Data\32 Wait View Creative
C:\Documents and Settings\kathy\Application Data\Closedupe
C:\Documents and Settings\Kathy\Application Data\Netpumper
C:\Documents and Settings\Tabatha\Application Data\32 Wait View Creative
C:\Documents and Settings\Tabatha\Application Data\32 Wait View Creative\Logo2Balm
C:\Documents and Settings\Tabatha\Application Data\Adssite Advanced Toolbar
C:\Documents and Settings\Tabatha\Application Data\Adssite Advanced Toolbar\selected.xml
C:\Documents and Settings\tabatha\Application Data\Adssite Advanced Toolbar\selected.xml
C:\Documents and Settings\Tabatha\Application Data\Bitdownload
C:\Documents and Settings\tabatha\Application Data\BitDownload\Data\downloads.dat
C:\Documents and Settings\Tabatha\Application Data\Bitdownload\Data\downloads.dat
C:\Documents and Settings\Tabatha\Application Data\Bitdownload\Data\metadata.dat
C:\Documents and Settings\tabatha\Application Data\BitDownload\Data\metadata.dat
C:\Documents and Settings\Tabatha\Application Data\Closedupe
C:\Documents and Settings\Tabatha\Application Data\Closedupe\0
C:\Documents and Settings\Tabatha\Application Data\Netpumper
C:\Documents and Settings\Tabatha\Application Data\Netpumper\tabatha.ini
C:\Documents and Settings\Timmy\Application Data\32 Wait View Creative
C:\Documents and Settings\Timmy\Application Data\32 Wait View Creative\iso1tray
C:\Documents and Settings\Timmy\Application Data\Closedupe
C:\Documents and Settings\Timmy\Application Data\Metaaboutjugs
C:\Documents and Settings\Timmy\Application Data\Netpumper
C:\Documents and Settings\Tyler\Application Data\32 Wait View Creative
C:\Documents and Settings\Tyler\Application Data\32 Wait View Creative\Remote download bore
C:\Documents and Settings\Tyler\Application Data\Netpumper
C:\Program Files\BitDownload
C:\Program Files\BitDownload\BitDownload.exe
C:\Program Files\BitDownload\BitDownload.TRC
C:\Program Files\BitDownload\settings.ini
C:\Program Files\BitDownload\settings.stp
C:\Program Files\BitDownload\SkinCrafterDll.dll
C:\Program Files\BitDownload\Skins\Stylish.skf
C:\Program Files\BitDownload\Support\connecting.gif
C:\Program Files\BitDownload\Support\default.htm
C:\Program Files\BitDownload\Support\dots.gif
C:\Program Files\BitDownload\Support\logo.jpg
C:\Program Files\BitDownload\Support\porttest_error.htm
C:\Program Files\BitDownload\Support\porttest_start.htm
C:\Program Files\BitDownload\TorrentManager.dll
C:\Program Files\BitDownload\unins000.dat
C:\Program Files\BitDownload\unins000.exe
C:\Program Files\Closedupe
C:\WINDOWS\Profiles\All Users\Application Data\setup film inter bib
C:\WINDOWS\Profiles\All Users\Application Data\setup film inter bib\data help.exe
C:\WINDOWS\SYSTEM32\adssite-remove.exe
C:\WINDOWS\SYSTEM32\app.exe
C:\WINDOWS\SYSTEM32\bbdjojll.exe
C:\WINDOWS\SYSTEM32\gzmrotate.dll
C:\WINDOWS\SYSTEM32\ps.exe
C:\WINDOWS\SYSTEM32\rightonadz-uninst.exe
C:\WINDOWS\SYSTEM32\rnpkmmdx.exe
C:\WINDOWS\SYSTEM32\sjkgdtco.exe
C:\WINDOWS\SYSTEM32\taocppex.dll
C:\WINDOWS\SYSTEM32\taocppex.dll
C:\WINDOWS\SYSTEM32\vbmkqpmr.exe
C:\WINDOWS\SYSTEM32\winlogo.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-18 to 2007-10-18 )))))))))))))))))))))))))))))))
.
sweettweeter
Active Member
 
Posts: 7
Joined: October 15th, 2007, 8:14 pm

Unread postby Shaba » October 18th, 2007, 6:53 am

Hi

Combofix log cuts off.

Please re-send it :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby sweettweeter » October 18th, 2007, 10:59 pm

ComboFix 07-10-17.8 - kathy 2007-10-18 6:28:21.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.202 [GMT -4:00]
Running from: C:\WINDOWS\Desktop\ComboFix.exe
Command switches used :: C:\cfscript.txt
* Created a new restore point

FILE::
C:\WINDOWS\SYSTEM32\adssite-remove.exe
C:\WINDOWS\SYSTEM32\app.exe
C:\WINDOWS\SYSTEM32\bbdjojll.exe
C:\WINDOWS\SYSTEM32\gzmrotate.dll
C:\WINDOWS\SYSTEM32\ps.exe
C:\WINDOWS\SYSTEM32\rightonadz-uninst.exe
C:\WINDOWS\SYSTEM32\rnpkmmdx.exe
C:\WINDOWS\SYSTEM32\sjkgdtco.exe
C:\WINDOWS\SYSTEM32\taocppex.dll
C:\WINDOWS\SYSTEM32\vbmkqpmr.exe
C:\WINDOWS\SYSTEM32\winlogo.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Guest-1\Application Data\32 Wait View Creative
C:\Documents and Settings\Guest-1\Application Data\32 Wait View Creative\Dumb Surf Way
C:\Documents and Settings\Guest-1\Application Data\Netpumper
C:\Documents and Settings\John\Application Data\32 Wait View Creative
C:\Documents and Settings\John\Application Data\32 Wait View Creative\mapi meal flap
C:\Documents and Settings\John\Application Data\32 Wait View Creative\proxy once build
C:\Documents and Settings\John\Application Data\Netpumper
C:\Documents and Settings\John\Application Data\Starware
C:\Documents and Settings\John\Application Data\Starware\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\John\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\John\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\John\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\Games\GamesOptions.xml
C:\Documents and Settings\John\Application Data\Starware\Games\GamesOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\JokeSearch\JokeSearchOptions.xml
C:\Documents and Settings\John\Application Data\Starware\JokeSearch\JokeSearchOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\Layouts\PreferencesLayout.xml
C:\Documents and Settings\John\Application Data\Starware\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\John\Application Data\Starware\Layouts\ToolbarLayout.xml
C:\Documents and Settings\John\Application Data\Starware\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\John\Application Data\Starware\Manager\ManagerOptions.xml
C:\Documents and Settings\John\Application Data\Starware\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\Movies\MoviesOptions.xml
C:\Documents and Settings\John\Application Data\Starware\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\Pranks\PranksOptions.xml
C:\Documents and Settings\John\Application Data\Starware\Pranks\PranksOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\John\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\John\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\John\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\John\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\SmileyTown\SmileyTownOptions.xml
C:\Documents and Settings\John\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\John\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\John\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\John\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\John\Application Data\Starware\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\John\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\John2\Application Data\32 Wait View Creative
C:\Documents and Settings\John2\Application Data\32 Wait View Creative\mapi meal flap
C:\Documents and Settings\Kathy\Application Data\32 Wait View Creative
C:\Documents and Settings\kathy\Application Data\Closedupe
C:\Documents and Settings\Kathy\Application Data\Netpumper
C:\Documents and Settings\Tabatha\Application Data\32 Wait View Creative
C:\Documents and Settings\Tabatha\Application Data\32 Wait View Creative\Logo2Balm
C:\Documents and Settings\Tabatha\Application Data\Adssite Advanced Toolbar
C:\Documents and Settings\Tabatha\Application Data\Adssite Advanced Toolbar\selected.xml
C:\Documents and Settings\tabatha\Application Data\Adssite Advanced Toolbar\selected.xml
C:\Documents and Settings\Tabatha\Application Data\Bitdownload
C:\Documents and Settings\tabatha\Application Data\BitDownload\Data\downloads.dat
C:\Documents and Settings\Tabatha\Application Data\Bitdownload\Data\downloads.dat
C:\Documents and Settings\Tabatha\Application Data\Bitdownload\Data\metadata.dat
C:\Documents and Settings\tabatha\Application Data\BitDownload\Data\metadata.dat
C:\Documents and Settings\Tabatha\Application Data\Closedupe
C:\Documents and Settings\Tabatha\Application Data\Closedupe\0
C:\Documents and Settings\Tabatha\Application Data\Netpumper
C:\Documents and Settings\Tabatha\Application Data\Netpumper\tabatha.ini
C:\Documents and Settings\Timmy\Application Data\32 Wait View Creative
C:\Documents and Settings\Timmy\Application Data\32 Wait View Creative\iso1tray
C:\Documents and Settings\Timmy\Application Data\Closedupe
C:\Documents and Settings\Timmy\Application Data\Metaaboutjugs
C:\Documents and Settings\Timmy\Application Data\Netpumper
C:\Documents and Settings\Tyler\Application Data\32 Wait View Creative
C:\Documents and Settings\Tyler\Application Data\32 Wait View Creative\Remote download bore
C:\Documents and Settings\Tyler\Application Data\Netpumper
C:\Program Files\BitDownload
C:\Program Files\BitDownload\BitDownload.exe
C:\Program Files\BitDownload\BitDownload.TRC
C:\Program Files\BitDownload\settings.ini
C:\Program Files\BitDownload\settings.stp
C:\Program Files\BitDownload\SkinCrafterDll.dll
C:\Program Files\BitDownload\Skins\Stylish.skf
C:\Program Files\BitDownload\Support\connecting.gif
C:\Program Files\BitDownload\Support\default.htm
C:\Program Files\BitDownload\Support\dots.gif
C:\Program Files\BitDownload\Support\logo.jpg
C:\Program Files\BitDownload\Support\porttest_error.htm
C:\Program Files\BitDownload\Support\porttest_start.htm
C:\Program Files\BitDownload\TorrentManager.dll
C:\Program Files\BitDownload\unins000.dat
C:\Program Files\BitDownload\unins000.exe
C:\Program Files\Closedupe
C:\WINDOWS\Profiles\All Users\Application Data\setup film inter bib
C:\WINDOWS\Profiles\All Users\Application Data\setup film inter bib\data help.exe
C:\WINDOWS\SYSTEM32\adssite-remove.exe
C:\WINDOWS\SYSTEM32\app.exe
C:\WINDOWS\SYSTEM32\bbdjojll.exe
C:\WINDOWS\SYSTEM32\gzmrotate.dll
C:\WINDOWS\SYSTEM32\ps.exe
C:\WINDOWS\SYSTEM32\rightonadz-uninst.exe
C:\WINDOWS\SYSTEM32\rnpkmmdx.exe
C:\WINDOWS\SYSTEM32\sjkgdtco.exe
C:\WINDOWS\SYSTEM32\taocppex.dll
C:\WINDOWS\SYSTEM32\taocppex.dll
C:\WINDOWS\SYSTEM32\vbmkqpmr.exe
C:\WINDOWS\SYSTEM32\winlogo.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-18 to 2007-10-18 )))))))))))))))))))))))))))))))
.

2007-10-16 06:40 <DIR> d-------- C:\Documents and Settings\tyler\Application Data\COMCASTTOOLBAR
2007-10-16 00:06 <DIR> d-------- C:\Documents and Settings\kathy\Application Data\TrojanHunter
2007-10-15 20:51 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-10-15 20:05 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-15 19:44 636 --a------ C:\delete.bat
2007-10-15 00:01 <DIR> d-------- C:\NoLopBackups
2007-10-14 23:43 <DIR> d-------- C:\Documents and Settings\kathy\Application Data\ComcastToolbar
2007-10-14 19:00 <DIR> d-------- C:\VundoFix Backups
2007-10-14 15:55 <DIR> d-------- C:\Docum
2007-10-14 15:30 <DIR> d-------- C:\Documents and Settings\GUEST-1\Application Data\COMCASTTOOLBAR
2007-10-14 14:48 <DIR> d-------- C:\Program Files\ComcastToolbar
2007-10-14 09:36 <DIR> d--hs---- C:\FOUND.004
2007-10-10 20:24 <DIR> d-------- C:\WINDOWS\Profiles\All Users\Application Data\STOPzilla!
2007-10-10 20:24 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-10-10 19:18 <DIR> d--hs---- C:\FOUND.003
2007-10-08 05:20 <DIR> d-------- C:\Program Files\McAfee
2007-10-08 05:20 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-10-08 04:10 249 --a------ C:\Documents and Settings\kathy\9258.bat
2007-10-08 03:55 249 --a------ C:\Documents and Settings\kathy\9664.bat
2007-10-08 03:41 249 --a------ C:\Documents and Settings\kathy\7255.bat
2007-10-07 12:05 249 --a------ C:\Documents and Settings\kathy\2849.bat
2007-09-19 22:27 <DIR> d-------- C:\Program Files\ATI Technologies
2007-09-19 22:26 <DIR> d-------- C:\ATI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-18 15:02 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-06-02 19:24 76,928 ----a-w C:\Documents and Settings\kathy\Application Data\GDIPFONTCACHEV1.DAT
2006-03-15 02:10 876,576 ---ha-r C:\Documents and Settings\JOHN\USER.DAT
2006-03-12 08:18 819,232 ---ha-r C:\Documents and Settings\timmy\USER.DAT
2005-07-14 13:08 29,156 ----a-w C:\Program Files\1353.torrent
2005-05-30 05:35 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-05-28 18:55 266 --sh--w C:\Program Files\desktop.ini
2005-05-28 18:55 11,079 ---h--w C:\Program Files\folder.htt
2006-06-21 19:08:34 2 --sh--w C:\WINDOWS\SYSTEM\netstat.com
2006-06-21 19:08:34 2 --sh--w C:\WINDOWS\SYSTEM\ping.com
2006-06-21 19:08:34 2 --sh--w C:\WINDOWS\SYSTEM\tracert.com
2006-06-21 19:08:34 2 --sh--w C:\WINDOWS\SYSTEM\tasklist.com
2006-06-21 19:08:34 2 --sh--w C:\WINDOWS\SYSTEM\taskkill.com
2006-06-21 19:08:34 2 --sh--w C:\WINDOWS\SYSTEM\regedit.com
2006-06-21 19:08:34 2 --sh--w C:\WINDOWS\SYSTEM\cmd.com
.

((((((((((((((((((((((((((((( snapshot@2007-10-17_ 7.01.30.72 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 14:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
- 2007-10-17 10:56:56 124,928 ----a-w C:\WINDOWS\Profiles\All Users\Application Data\McAfee\MSC\Logs\Events.dat
+ 2007-10-18 10:36:04 105,472 ----a-w C:\WINDOWS\Profiles\All Users\Application Data\McAfee\MSC\Logs\Events.dat
- 2007-10-17 10:58:10 393,216 ----a-w C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-18 10:37:18 425,984 ----a-w C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-30 22:59]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45]
"MRT"="C:\WINDOWS\system32\MRT.exe" [2007-06-05 23:38]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 23:25 C:\WINDOWS\KHALMNPR.Exe]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 20:40]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-24 22:33]
"nwiz"="nwiz.exe" [2006-07-24 22:33 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-24 22:33]
"hid_start"="C:\WINDOWS\system32\gzmrotate.dll" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 02:14]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 12:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Printing Migration"=rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters

C:\Documents and Settings\tabatha\Start Menu\Programs\Startup\
Photo Express Calendar Checker SE.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [2005-11-07 04:11:15]
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2005-03-09 15:49:38]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-02-03 20:06:42]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-11-18 00:31:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ATI Launchpad"=
"Weather"=C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Ulead Memory Card Detector"=C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 Trial\Monitor.exe
"PE2CKFNT SE"=C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"TaskMonitor"=C:\WINDOWS\taskmon.exe
"SystemTray"=SysTray.Exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"HydarVisionDesktopManager"=desk98.exe
"EM_EXEC"=C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
"KEMailKb"=C:\PROGRA~1\KEMAILKB\KEMailKb.EXE
"Adaptec DirectCD"=D:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
"HP CD-Writer"=D:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
"LexStart"=Lexstart.exe
"LexmarkPrinTray"=PrinTray.exe
"MCUpdateExe"=C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
"QuickTime Task"="C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
"OmgStartup"=C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
"SetPoint"=C:\Program Files\Logitech\SetPoint\KEM.EXE
"SsAAD.exe"=C:\PROGRA~1\SONY\SONICS~1\SSAAD.EXE
"CleanReg"=C:\WINDOWS\SYSTEM32\coclean.exe EnumPorts
"LXCFCATS"=rundll32 C:\WINDOWS\SYSTEM\LXCFtime.dll,_RunDLLEntry@16
"ScanRegistry"=C:\WINDOWS\scanregw.exe /autorun
"VSOCheckTask"="C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
"VirusScan Online"="C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
"MCAgentExe"=C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
"MPFEXE"="C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
"MCTskShd"=C:\PROGRA~1\MCAFEE.COM\AGENT\mctskshd.exe
"WinampAgent"=C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"QuickTime Task"="C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
"MCUpdateExe"=C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
"MCAgentExe"=C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
"MPFEXE"="C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
"MCTskShd"=C:\PROGRA~1\MCAFEE.COM\AGENT\mctskshd.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"VSOCheckTask"="C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
"CY_BG"=C:\WINDOWS\CY_BG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"KB891711"=C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"SchedulingAgent"=mstask.exe
"McVsRte"=C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding

R2 X4HSX32;X4HSX32;\??\C:\Program Files\GameTap\bin\Release\X4HSX32.Sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
"2006-07-25 01:54:58 C:\WINDOWS\Tasks\ScanDisk.job"
"2007-10-07 03:00:02 C:\WINDOWS\Tasks\Tune-up Application Start.job"
"2007-10-16 16:00:02 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer tsid_09272005082920.job"
"2007-06-16 06:46:56 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-14 06:46:02 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-08 09:21:20 C:\WINDOWS\Tasks\McQcTask.job"
"2007-10-15 08:29:38 C:\WINDOWS\Tasks\McDefragTask.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-18 06:38:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-18 6:41:06 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-17 07:05
.
--- E O F ---
sweettweeter
Active Member
 
Posts: 7
Joined: October 15th, 2007, 8:14 pm

Unread postby Shaba » October 19th, 2007, 3:57 am

Hi

Much better :)

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby sweettweeter » October 20th, 2007, 3:19 am

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, October 20, 2007 3:09:08 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/10/2007
Kaspersky Anti-Virus database records: 441296
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 224520
Number of viruses found: 21
Number of infected objects: 94
Number of suspicious objects: 2
Duration of the scan process: 03:56:10

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\Profiles\All Users\Application Data\McAfee\MSC\mcusers.dat Object is locked skipped
C:\WINDOWS\Profiles\All Users\Application Data\McAfee\MSC\Logs\{E6A2328E-38A4-4E8C-AB03-06920CA70385}.log Object is locked skipped
C:\WINDOWS\Profiles\All Users\Application Data\McAfee\MSC\Logs\{F35F8E2A-CD65-434B-8899-4724482C2DE3}.log Object is locked skipped
C:\WINDOWS\Profiles\All Users\Application Data\McAfee\MSC\Logs\{ACA02B3C-5282-43A0-BD7B-65855BD22C71}.log Object is locked skipped
C:\WINDOWS\Profiles\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\WINDOWS\Profiles\All Users\Application Data\McAfee\VirusScan\Data\TFR2.tmp Object is locked skipped
C:\WINDOWS\Profiles\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\WINDOWS\Profiles\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\WINDOWS\Profiles\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\WINDOWS\Profiles\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.5/wbuninst.exe Suspicious: Password-protected-EXE skipped
C:\WINDOWS\Profiles\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\bbc1\bsasven2.exe/stream/data0002 Infected: not-a-virus:Downloader.Win32.Agent.q skipped
C:\WINDOWS\SYSTEM32\bbc1\bsasven2.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.AdBand.a skipped
C:\WINDOWS\SYSTEM32\bbc1\bsasven2.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.a skipped
C:\WINDOWS\SYSTEM32\bbc1\bsasven2.exe NSIS: infected - 3 skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\TEMP\mcmsc_0zGdd7ayuTO5XB6 Object is locked skipped
C:\WINDOWS\TEMP\mcafee_oX0awuN7d0itfbQ Object is locked skipped
C:\WINDOWS\TEMP\mcafee_cEcWIAnVfrHThkg Object is locked skipped
C:\WINDOWS\TEMP\mcmsc_ZoatGMx03B99NRC Object is locked skipped
C:\WINDOWS\TEMP\mcmsc_r3BTijptzLduoYT Object is locked skipped
C:\WINDOWS\TEMP\mcmsc_PBHmPEgRpxOFoqd Object is locked skipped
C:\WINDOWS\TEMP\mcmsc_2ZHXaD12YTCWvv3 Object is locked skipped
C:\WINDOWS\TEMP\mcmsc_4ujuNaATOZBtznZ Object is locked skipped
C:\WINDOWS\SchedLog.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\Shared\06 Track 6 (bloodsimple).wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\WINDOWS\Shared\01 Track 1.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\WINDOWS\Shared\02 Track 2.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\WINDOWS\Shared\03 Track 3.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\WINDOWS\Shared\07 Track 7 (bloodsimple).wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\WINDOWS\Shared\02 Track 2 (bloodsimple).wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\WINDOWS\Shared\01 Track 1 (bloodsimple).wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\WINDOWS\.jpi_cache\jar\1.0\nRT.jar-1d5ec957-4fb3e658.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\WINDOWS\.jpi_cache\jar\1.0\nRT.jar-1d5ec957-4fb3e658.zip ZIP: infected - 1 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\Program Files\Maxis\The Sims\Downloads\Download puppy luv with the fastest BitTorrent downloader\BitDownload-3.2.0.0-setup-0311.exe/file02 Infected: not-a-virus:AdWare.Win32.Lop.bo skipped
C:\Program Files\Maxis\The Sims\Downloads\Download puppy luv with the fastest BitTorrent downloader\BitDownload-3.2.0.0-setup-0311.exe/file13 Infected: Trojan.Win32.Obfuscated.en skipped
C:\Program Files\Maxis\The Sims\Downloads\Download puppy luv with the fastest BitTorrent downloader\BitDownload-3.2.0.0-setup-0311.exe Inno: infected - 2 skipped
C:\Program Files\Bleeposaurus 2 Dragonfire\bfgt_silent_ne.exe/data0000.cab/nickarcade.dll Infected: not-a-virus:AdWare.Win32.BHO.w skipped
C:\Program Files\Bleeposaurus 2 Dragonfire\bfgt_silent_ne.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.BHO.w skipped
C:\Program Files\Bleeposaurus 2 Dragonfire\bfgt_silent_ne.exe Rsrc-Package: infected - 2 skipped
C:\Downloads\PEDALTOTHEMETALSETUP-DM[1].EXE Infected: not-a-virus:AdWare.Win32.Trymedia.a skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\hbilakww.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\nsw47.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.ha skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\bbdjojll.exe.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.g skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\gzmrotate.dll.vir Infected: not-a-virus:AdWare.Win32.TrafficSol.k skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\ps.exe.vir/data0006 Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\ps.exe.vir NSIS: infected - 1 skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\rnpkmmdx.exe.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.g skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\sjkgdtco.exe.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.g skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\vbmkqpmr.exe.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.g skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\taocppex.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\qoobox\Quarantine\C\WINDOWS\Profiles\All Users\Application Data\setup film inter bib\data help.exe.vir Infected: Trojan.Win32.Obfuscated.en skipped
C:\qoobox\Quarantine\C\Program Files\Temporary\wininstall.exe.vir Infected: Trojan.Win32.Agent.bqn skipped
C:\qoobox\Quarantine\C\Program Files\Hammer.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\qoobox\Quarantine\C\Program Files\BitDownload\TorrentManager.dll.vir Infected: not-a-virus:AdWare.Win32.Lop.bo skipped
C:\VundoFix Backups\mzagaawh.dll.bad Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\VundoFix Backups\bibchool.dll.bad Infected: Trojan.Win32.Pakes.su skipped
C:\VundoFix Backups\jhqqtwug.dll.bad Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\Documents and Settings\john2\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\john2\ntuser.dat Object is locked skipped
C:\Documents and Settings\kathy\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kathy\Local Settings\History\History.IE5\MSHist012007101920071020\index.dat Object is locked skipped
C:\Documents and Settings\kathy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\kathy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\kathy\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\kathy\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\kathy\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP123\A0022673.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP123\A0022675.dll Infected: not-a-virus:AdWare.Win32.TrafficSol.k skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP123\A0022686.dll Infected: not-a-virus:AdWare.Win32.AdBand.a skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP123\A0022693.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP123\A0022712.exe/data0006 Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP123\A0022712.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP123\A0022714.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP124\A0022773.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP125\A0022788.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP125\A0022789.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP125\A0022795.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP125\A0022807.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP125\A0023797.dll Infected: not-a-virus:AdWare.Win32.TrafficSol.k skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP125\A0023804.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP126\A0023813.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP128\A0023932.exe Object is locked skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP128\A0023933.vbs Object is locked skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP128\A0023938.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP128\A0024824.dll Infected: Trojan.Win32.Pakes.sc skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP128\A0024825.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP128\A0024831.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP129\A0025824.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP129\A0025835.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP129\A0025848.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP130\A0027869.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP131\A0027878.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP131\A0027932.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP131\A0027933.exe Infected: not-a-virus:AdWare.Win32.SecToolBar.g skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP131\A0029947.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP131\A0029959.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP131\A0029973.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP131\A0029976.DLL Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP131\A0029987.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP137\A0030537.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP137\A0030542.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP137\A0030557.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP137\A0030564.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP137\A0030577.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP137\A0031575.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP138\A0031580.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP138\A0031587.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP138\A0031604.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP139\A0032622.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP139\A0032623.dll Infected: not-a-virus:AdWare.Win32.BHO.ha skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP139\A0032634.exe Infected: Trojan.Win32.Agent.bqn skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP139\A0032636.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP139\A0032668.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP139\A0032704.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP140\A0033741.dll Infected: not-a-virus:AdWare.Win32.Lop.bo skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP140\A0033745.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP140\A0033748.exe Infected: not-a-virus:AdWare.Win32.SecToolBar.g skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP140\A0033749.dll Infected: not-a-virus:AdWare.Win32.TrafficSol.k skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP140\A0033750.exe/data0006 Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP140\A0033750.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP140\A0033752.exe Infected: not-a-virus:AdWare.Win32.SecToolBar.g skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP140\A0033753.exe Infected: not-a-virus:AdWare.Win32.SecToolBar.g skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP140\A0033754.exe Infected: not-a-virus:AdWare.Win32.SecToolBar.g skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP140\A0033759.DLL Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP140\A0033763.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\System Volume Information\_restore{642AC0AA-113E-4EC9-801C-F6FC7E2A9683}\RP141\change.log Object is locked skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:17:23 AM, on 10/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\sweettweeter.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-299502267-492894223-854245398-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'john2')
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://software-dl.real.com/14f90097b40 ... st_Win.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWe ... taller.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWi ... ontrol.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/bo ... oardID.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 14430 bytes


This has helped I do not have any more pop-ups and I thank you very much for that and helping me.

Kathy
sweettweeter
Active Member
 
Posts: 7
Joined: October 15th, 2007, 8:14 pm

Unread postby Shaba » October 20th, 2007, 4:41 am

Hi

Glad to hear :)

Empty these folders:

C:\WINDOWS\Profiles\All Users\Application Data\Spybot - Search & Destroy\Recovery
C:\Program Files\Maxis\The Sims\Downloads\Download puppy luv with the fastest BitTorrent downloader
C:\qoobox\Quarantine
C:\VundoFix Backups
C:\WINDOWS\.jpi_cache\jar\1.0\

Delete these:

C:\WINDOWS\SYSTEM32\bbc1
C:\WINDOWS\Shared\06 Track 6 (bloodsimple).wma I
C:\WINDOWS\Shared\01 Track 1.wma
C:\WINDOWS\Shared\02 Track 2.wma
C:\WINDOWS\Shared\03 Track 3.wma
C:\WINDOWS\Shared\07 Track 7 (bloodsimple).wma
C:\WINDOWS\Shared\02 Track 2 (bloodsimple).wma
C:\WINDOWS\Shared\01 Track 1 (bloodsimple).wma
C:\Program Files\Bleeposaurus 2 Dragonfire\bfgt_silent_ne.exe
C:\Downloads\PEDALTOTHEMETALSETUP-DM[1].EXE

Empty Recycle Bin

Re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby Shaba » October 27th, 2007, 4:54 am

sweettweeter?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 34 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware