Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Adware-Zeno Removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Paul W. » August 29th, 2007, 10:15 pm

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 8:47:29 AM 8/28/2007

Listing files found while scanning....

C:\windows\system32\abivmufl.exe
C:\windows\system32\awfxfctm.dll
C:\windows\system32\bmijorcq.dll
C:\windows\system32\bnuxiyes.exe
C:\windows\system32\cdwxtnev.ini
C:\windows\system32\ckyfbknq.ini
C:\windows\system32\cxrtwftf.dll
C:\windows\system32\dfsjfatn.dll
C:\windows\system32\dsrjjoew.dll
C:\windows\system32\elexrvgi.ini
C:\windows\system32\epujdqik.ini
C:\windows\system32\ftfwtrxc.ini
C:\windows\system32\fwikvujh.ini
C:\windows\system32\fxdhnhxq.exe
C:\windows\system32\giqhrjoh.ini
C:\windows\system32\hhtsxpwt.dll
C:\windows\system32\hiqdnkxu.dll
C:\windows\system32\hjuvkiwf.dll
C:\windows\system32\hojrhqig.dll
C:\windows\system32\htpvlcsc.exe
C:\windows\system32\igvrxele.dll
C:\windows\system32\inixgujn.ini
C:\windows\system32\jpjmonlr.dll
C:\windows\system32\jtghdtfw.ini
C:\windows\system32\kiqdjupe.dll
C:\windows\system32\lsxcophw.ini
C:\windows\system32\mhtclilw.ini
C:\windows\system32\mnaknmvp.ini
C:\windows\system32\mrpwfftl.exe
C:\windows\system32\mtcfxfwa.ini
C:\windows\system32\njugxini.dll
C:\windows\system32\ntafjsfd.ini
C:\windows\system32\ohsfsooo.ini
C:\windows\system32\olgisait.dll
C:\WINDOWS\system32\onalvvur.dll
C:\windows\system32\ooosfsho.dll
C:\windows\system32\orlbejqx.ini
C:\windows\system32\orsyvfcg.exe
C:\WINDOWS\system32\oxstfycy.dll
C:\windows\system32\pexpeqlv.exe
C:\windows\system32\pjnfopbw.ini
C:\windows\system32\psmwtctu.dll
C:\windows\system32\pvmnkanm.dll
C:\windows\system32\qcrojimb.ini
C:\windows\system32\qlwkhsgf.exe
C:\windows\system32\qnkbfykc.dll
C:\windows\system32\rcqcipxv.ini
C:\windows\system32\rlnomjpj.ini
C:\windows\system32\rpiahceo.exe
C:\windows\system32\rradbyxt.dll
C:\windows\system32\siitdbpu.ini
C:\WINDOWS\system32\sstts.dll
C:\windows\system32\tiasiglo.ini
C:\windows\system32\twpxsthh.ini
C:\windows\system32\txybdarr.ini
C:\windows\system32\upbdtiis.dll
C:\windows\system32\utctwmsp.ini
C:\windows\system32\uxkndqih.ini
C:\windows\system32\ventxwdc.dll
C:\windows\system32\vxpicqcr.dll
C:\windows\system32\wbpofnjp.dll
C:\windows\system32\weojjrsd.ini
C:\windows\system32\wftdhgtj.dll
C:\windows\system32\whpocxsl.dll
C:\windows\system32\wlilcthm.dll
C:\windows\system32\xqjeblro.dll
C:\windows\system32\ygvkoohu.exe

Beginning removal...

Attempting to delete C:\windows\system32\abivmufl.exe
C:\windows\system32\abivmufl.exe Has been deleted!

Attempting to delete C:\windows\system32\awfxfctm.dll
C:\windows\system32\awfxfctm.dll Has been deleted!

Attempting to delete C:\windows\system32\bmijorcq.dll
C:\windows\system32\bmijorcq.dll Has been deleted!

Attempting to delete C:\windows\system32\bnuxiyes.exe
C:\windows\system32\bnuxiyes.exe Has been deleted!

Attempting to delete C:\windows\system32\cdwxtnev.ini
C:\windows\system32\cdwxtnev.ini Has been deleted!

Attempting to delete C:\windows\system32\ckyfbknq.ini
C:\windows\system32\ckyfbknq.ini Has been deleted!

Attempting to delete C:\windows\system32\cxrtwftf.dll
C:\windows\system32\cxrtwftf.dll Has been deleted!

Attempting to delete C:\windows\system32\dfsjfatn.dll
C:\windows\system32\dfsjfatn.dll Has been deleted!

Attempting to delete C:\windows\system32\dsrjjoew.dll
C:\windows\system32\dsrjjoew.dll Has been deleted!

Attempting to delete C:\windows\system32\elexrvgi.ini
C:\windows\system32\elexrvgi.ini Has been deleted!

Attempting to delete C:\windows\system32\epujdqik.ini
C:\windows\system32\epujdqik.ini Has been deleted!

Attempting to delete C:\windows\system32\ftfwtrxc.ini
C:\windows\system32\ftfwtrxc.ini Has been deleted!

Attempting to delete C:\windows\system32\fwikvujh.ini
C:\windows\system32\fwikvujh.ini Has been deleted!

Attempting to delete C:\windows\system32\fxdhnhxq.exe
C:\windows\system32\fxdhnhxq.exe Has been deleted!

Attempting to delete C:\windows\system32\giqhrjoh.ini
C:\windows\system32\giqhrjoh.ini Has been deleted!

Attempting to delete C:\windows\system32\hhtsxpwt.dll
C:\windows\system32\hhtsxpwt.dll Has been deleted!

Attempting to delete C:\windows\system32\hiqdnkxu.dll
C:\windows\system32\hiqdnkxu.dll Has been deleted!

Attempting to delete C:\windows\system32\hjuvkiwf.dll
C:\windows\system32\hjuvkiwf.dll Has been deleted!

Attempting to delete C:\windows\system32\hojrhqig.dll
C:\windows\system32\hojrhqig.dll Has been deleted!

Attempting to delete C:\windows\system32\htpvlcsc.exe
C:\windows\system32\htpvlcsc.exe Has been deleted!

Attempting to delete C:\windows\system32\igvrxele.dll
C:\windows\system32\igvrxele.dll Has been deleted!

Attempting to delete C:\windows\system32\inixgujn.ini
C:\windows\system32\inixgujn.ini Has been deleted!

Attempting to delete C:\windows\system32\jpjmonlr.dll
C:\windows\system32\jpjmonlr.dll Has been deleted!

Attempting to delete C:\windows\system32\jtghdtfw.ini
C:\windows\system32\jtghdtfw.ini Has been deleted!

Attempting to delete C:\windows\system32\kiqdjupe.dll
C:\windows\system32\kiqdjupe.dll Has been deleted!

Attempting to delete C:\windows\system32\lsxcophw.ini
C:\windows\system32\lsxcophw.ini Has been deleted!

Attempting to delete C:\windows\system32\mhtclilw.ini
C:\windows\system32\mhtclilw.ini Has been deleted!

Attempting to delete C:\windows\system32\mnaknmvp.ini
C:\windows\system32\mnaknmvp.ini Has been deleted!

Attempting to delete C:\windows\system32\mrpwfftl.exe
C:\windows\system32\mrpwfftl.exe Has been deleted!

Attempting to delete C:\windows\system32\mtcfxfwa.ini
C:\windows\system32\mtcfxfwa.ini Has been deleted!

Attempting to delete C:\windows\system32\njugxini.dll
C:\windows\system32\njugxini.dll Has been deleted!

Attempting to delete C:\windows\system32\ntafjsfd.ini
C:\windows\system32\ntafjsfd.ini Has been deleted!

Attempting to delete C:\windows\system32\ohsfsooo.ini
C:\windows\system32\ohsfsooo.ini Has been deleted!

Attempting to delete C:\windows\system32\olgisait.dll
C:\windows\system32\olgisait.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\onalvvur.dll
C:\WINDOWS\system32\onalvvur.dll Has been deleted!

Attempting to delete C:\windows\system32\ooosfsho.dll
C:\windows\system32\ooosfsho.dll Has been deleted!

Attempting to delete C:\windows\system32\orlbejqx.ini
C:\windows\system32\orlbejqx.ini Has been deleted!

Attempting to delete C:\windows\system32\orsyvfcg.exe
C:\windows\system32\orsyvfcg.exe Has been deleted!

Attempting to delete C:\windows\system32\pexpeqlv.exe
C:\windows\system32\pexpeqlv.exe Has been deleted!

Attempting to delete C:\windows\system32\pjnfopbw.ini
C:\windows\system32\pjnfopbw.ini Has been deleted!

Attempting to delete C:\windows\system32\psmwtctu.dll
C:\windows\system32\psmwtctu.dll Has been deleted!

Attempting to delete C:\windows\system32\pvmnkanm.dll
C:\windows\system32\pvmnkanm.dll Has been deleted!

Attempting to delete C:\windows\system32\qcrojimb.ini
C:\windows\system32\qcrojimb.ini Has been deleted!

Attempting to delete C:\windows\system32\qlwkhsgf.exe
C:\windows\system32\qlwkhsgf.exe Has been deleted!

Attempting to delete C:\windows\system32\qnkbfykc.dll
C:\windows\system32\qnkbfykc.dll Has been deleted!

Attempting to delete C:\windows\system32\rcqcipxv.ini
C:\windows\system32\rcqcipxv.ini Has been deleted!

Attempting to delete C:\windows\system32\rlnomjpj.ini
C:\windows\system32\rlnomjpj.ini Has been deleted!

Attempting to delete C:\windows\system32\rpiahceo.exe
C:\windows\system32\rpiahceo.exe Has been deleted!

Attempting to delete C:\windows\system32\rradbyxt.dll
C:\windows\system32\rradbyxt.dll Has been deleted!

Attempting to delete C:\windows\system32\siitdbpu.ini
C:\windows\system32\siitdbpu.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sstts.dll Has been deleted!

Attempting to delete C:\windows\system32\tiasiglo.ini
C:\windows\system32\tiasiglo.ini Has been deleted!

Attempting to delete C:\windows\system32\twpxsthh.ini
C:\windows\system32\twpxsthh.ini Has been deleted!

Attempting to delete C:\windows\system32\txybdarr.ini
C:\windows\system32\txybdarr.ini Has been deleted!

Attempting to delete C:\windows\system32\upbdtiis.dll
C:\windows\system32\upbdtiis.dll Has been deleted!

Attempting to delete C:\windows\system32\utctwmsp.ini
C:\windows\system32\utctwmsp.ini Has been deleted!

Attempting to delete C:\windows\system32\uxkndqih.ini
C:\windows\system32\uxkndqih.ini Has been deleted!

Attempting to delete C:\windows\system32\ventxwdc.dll
C:\windows\system32\ventxwdc.dll Has been deleted!

Attempting to delete C:\windows\system32\vxpicqcr.dll
C:\windows\system32\vxpicqcr.dll Has been deleted!

Attempting to delete C:\windows\system32\wbpofnjp.dll
C:\windows\system32\wbpofnjp.dll Has been deleted!

Attempting to delete C:\windows\system32\weojjrsd.ini
C:\windows\system32\weojjrsd.ini Has been deleted!

Attempting to delete C:\windows\system32\wftdhgtj.dll
C:\windows\system32\wftdhgtj.dll Has been deleted!

Attempting to delete C:\windows\system32\whpocxsl.dll
C:\windows\system32\whpocxsl.dll Has been deleted!

Attempting to delete C:\windows\system32\wlilcthm.dll
C:\windows\system32\wlilcthm.dll Has been deleted!

Attempting to delete C:\windows\system32\xqjeblro.dll
C:\windows\system32\xqjeblro.dll Has been deleted!

Attempting to delete C:\windows\system32\ygvkoohu.exe
C:\windows\system32\ygvkoohu.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 8:52:43 AM 8/28/2007

Listing files found while scanning....

C:\WINDOWS\system32\oxstfycy.dll
C:\WINDOWS\system32\ycyftsxo.ini
C:\WINDOWS\system32\ycyftsxo.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ycyftsxo.ini
C:\WINDOWS\system32\ycyftsxo.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ycyftsxo.tmp
C:\WINDOWS\system32\ycyftsxo.tmp Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Beginning removal...

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 12:49:35 AM 8/29/2007

Listing files found while scanning....

C:\WINDOWS\system32\oxstfycy.dll

Beginning removal...

Beginning removal...

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 1:31:00 AM 8/29/2007

Listing files found while scanning....

C:\WINDOWS\system32\oxstfycy.dll

Beginning removal...

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 1:34:55 AM 8/29/2007

Listing files found while scanning....

C:\WINDOWS\system32\oxstfycy.dll

Beginning removal...

Performing Repairs to the registry.
Done!

Beginning removal...

Performing Repairs to the registry.
Done!
Paul W.
Regular Member
 
Posts: 19
Joined: August 27th, 2007, 3:03 am
Location: Illinois
Advertisement
Register to Remove

Unread postby ndmmxiaomayi » August 30th, 2007, 11:59 am

Hi Paul,

Please download Combofix from Tech Support Forum or Bleeping Computer. Save it to your desktop.

Double click to run it. Follow the prompts. Once done, it will reboot and a log will be produced. Please post that log and a new HijackThis log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

Please post back the Combofix log (C:\Combofix.txt) as well as a new HijackThis log.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby Paul W. » August 30th, 2007, 9:45 pm

ComboFix 07-08-30.3 - "Paul W." 2007-08-30 20:31:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.609 [GMT -5:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Windows NT\megeri22011.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ansqrysj.exe
C:\WINDOWS\system32\B1
C:\WINDOWS\system32\bnbkmpxn.exe
C:\WINDOWS\system32\eyxgfcju.exe
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\fahkvsqs.exe
C:\WINDOWS\system32\fhutapqg.exe
C:\WINDOWS\system32\frgaxnyk.exe
C:\WINDOWS\system32\jymwahxw.exe
C:\WINDOWS\system32\rfbtvlah.exe
C:\WINDOWS\system32\tjqeecma.exe
C:\WINDOWS\system32\win
C:\WINDOWS\system32\Y1
C:\WINDOWS\system32\Y2


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-31 )))))))))))))))))))))))))))))))


2007-08-30 20:29 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-30 20:28 1,467,462 --a------ C:\ComboFix.exe
2007-08-28 08:47 <DIR> d-------- C:\VundoFix Backups
2007-08-27 23:37 <DIR> d-------- C:\DOCUME~1\PAULWI~1\APPLIC~1\CyberLink
2007-08-27 11:06 1,601,846 ---hs---- C:\WINDOWS\SYSTEM32\sttss.ini2
2007-08-27 02:28 <DIR> d-------- C:\Program Files\Dumb
2007-08-27 00:32 <DIR> d--h----- C:\WINDOWS\SYSTEM32\GroupPolicy
2007-08-26 21:04 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-26 21:04 <DIR> d-------- C:\DOCUME~1\PAULWI~1\APPLIC~1\Lavasoft
2007-08-10 01:11 1,611,560 ---hs---- C:\WINDOWS\SYSTEM32\sttss.bak2
2007-08-08 21:30 1,729,208 ---hs---- C:\WINDOWS\SYSTEM32\sttss.bak1
2007-08-08 17:50 <DIR> d-------- C:\Temp
2007-08-04 00:44 <DIR> dr-h----- C:\MSOCache


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-30 20:25 --------- d-------- C:\DOCUME~1\PAULWI~1\APPLIC~1\ComcastToolbar
2007-08-20 13:08 --------- d-------- C:\Program Files\RGB
2007-08-11 02:12 --------- d-------- C:\Program Files\Common Files\scanner
2007-08-10 01:34 --------- d-------- C:\Program Files\Google
2007-08-10 01:27 --------- d-------- C:\Program Files\Startup Inspector for Windows
2007-08-10 01:24 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-10 01:23 --------- d-------- C:\Program Files\DivX
2007-08-10 01:17 --------- d-------- C:\DOCUME~1\PAULWI~1\APPLIC~1\wsInspector
2007-08-10 00:59 --------- d-------- C:\Program Files\McAfee
2007-08-09 23:51 --------- d-------- C:\DOCUME~1\CHERIC~1\APPLIC~1\Aim
2007-08-09 23:32 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-31 08:39 --------- d-------- C:\Program Files\Common Files\McAfee
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-24 12:02 33800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-07-24 07:40 79304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-07-21 09:08 40488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-07-21 09:08 35240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-07-21 09:08 201288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-07-17 14:26 --------- d-------- C:\DOCUME~1\CHARSI~1\APPLIC~1\COMCASTTOOLBAR
2007-07-13 09:20 113952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-06-26 10:13 851968 --------- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 09:35 665600 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-15 03:12 96256 --------- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-15 03:12 616960 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-15 03:12 55808 --------- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-15 03:12 532480 --------- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-15 03:12 474112 --a------ C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 03:12 449024 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-15 03:12 39424 --a------ C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-15 03:12 357888 --a------ C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-15 03:12 3064320 --------- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-15 03:12 251904 --------- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-15 03:12 205824 --------- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-15 03:12 16384 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-15 03:12 151040 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 03:12 1498112 --a------ C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-15 03:12 146432 --------- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-15 03:12 1054208 --------- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 03:12 1022976 --a------ C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 05:32 18432 --------- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 05:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2006-03-29 20:57 9583368 --a------ C:\DOCUME~1\PAULWI~1\DesktopDoctor1.5.1.exe
2005-08-25 12:10 9516504 --a------ C:\DOCUME~1\CHARSI~1\DesktopDoctor1.0.exe
2006-11-16 03:30:46 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{769FDC93-9326-4C09-A9EF-AA4BA67284C3}]
C:\WINDOWS\system32\sstts.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKAgentExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [2005-03-23 16:33]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe" [2005-03-23 15:47]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 19:19]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 05:08]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 21:56]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-11-23 14:42]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2005-03-09 19:10]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 02:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-03-23 16:33]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2006-04-19 09:30]
"AWMON"="C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" [2005-05-25 12:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"CheckNetworkConnection"="C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=9a966111-ec8c-4369-be6c-74dd82ac6fe6

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-08-19 17:07:20]

C:\DOCUME~1\CHARSI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-08-19 17:07:20]

C:\DOCUME~1\CHERIC~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-08-19 17:07:20]

C:\DOCUME~1\PAULWI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-08-19 17:07:20]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-08-19 17:07:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\megeri]
C:\Program Files\Windows NT\megeri22011.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\system32\rradbyxt.dll",forkonce

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"DSBrokerService"=3 (0x3)
"BITS"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)

R3 atinewp2;ATI eHomeWonder, WDM Video CODEC;C:\WINDOWS\system32\DRIVERS\atinewp2.sys
R3 P17;SB Live! 24-bit;C:\WINDOWS\system32\drivers\P17.sys


Contents of the 'Scheduled Tasks' folder
2007-08-15 06:11:32 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-08-01 06:00:02 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-30 20:35:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-30 20:36:47 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-30 20:36

--- E O F ---











Logfile of HijackThis v1.99.1
Scan saved at 8:38:25 PM, on 8/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\system32\CMD.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~2.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {769FDC93-9326-4C09-A9EF-AA4BA67284C3} - C:\WINDOWS\system32\sstts.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~2.DLL
O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=9a966111-ec8c-4369-be6c-74dd82ac6fe6
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe


Ad-Aware SE Plus
Adobe Reader 7.0
AIM 6.0
ATI Display Driver
Comcast Rhapsody
Comcast Toolbar
Creative MediaSource
Dell Driver Reset Tool
DellSupport
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
hp deskjet 3600
hp deskjet 3600 series
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
HP Update
Image Resizer Powertoy for Windows XP
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
iTunes
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Macromedia Flash Player
McAfee SecurityCenter
McAfee SpamKiller
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Office Excel Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft PowerPoint Viewer 97
Modem Event Monitor
Modem Helper
Modem On Hold
Musicmatch® Jukebox
Picture Package
PowerDVD 5.3
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Sonic Encoders
Sony USB Driver
Sound Blaster Live! 24-bit
The Weather Channel Desktop
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Paul W.
Regular Member
 
Posts: 19
Joined: August 27th, 2007, 3:03 am
Location: Illinois

Unread postby ndmmxiaomayi » August 31st, 2007, 1:36 pm

Hello Paul,

Please open Notepad and copy and paste the following in the Code box into Notepad:

Code: Select all
http://forum.malwareremoval.com/viewtopic.php?t=22872

Suspect::
C:\Program Files\Windows NT\megeri22011.exe

File::
C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\rradbyxt.dll

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{769FDC93-9326-4C09-A9EF-AA4BA67284C3}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]


Click on File > Save As.

Copy and paste CFScript.txt into the File Name field.

Click Save.

Referring to the picture below, drag CFScript.txt into Combofix.

Image

When finished, it will produce a log. Please post this log in your next reply.

Additonally, ComboFix will generate a zipped file on your desktop called [4]-Submit_Date_Time.zip and Internet Explorer will open on clicking OK. Please follow the instructions on the website to submit the zipped file for analysis.

In your next reply, please post:

  1. Combofix log (C:\Combofix.txt)
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby ndmmxiaomayi » September 1st, 2007, 12:21 am

Hello Paul,

Please ignore the above message and follow this one instead.

Step 1

Please disable Lavasoft Ad-watch temporary as it may interfere with the fixes. You can re-enable it after your computer is clean.

  1. Right click on the Ad-Watch icon in the system tray (next to the clock).
  2. There will be two options called Active and Automatic.
  3. Uncheck (untick) both of these boxes.

Step 2

Please open Notepad and copy and paste the following in the Code box into Notepad:

Code: Select all
File::
C:\WINDOWS\SYSTEM32\sttss.ini2
C:\WINDOWS\SYSTEM32\sttss.bak2
C:\WINDOWS\SYSTEM32\sttss.bak1

Folder::
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{769FDC93-9326-4C09-A9EF-AA4BA67284C3}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\megeri]


Click on File > Save As.

Copy and paste CFScript.txt into the File Name field.

Click Save.

Referring to the picture below, drag CFScript.txt into Combofix.

Image

When finished, it will produce a log. Please post this log in your next reply.

In your next reply, please post:

  1. Combofix log (C:\Combofix.txt)
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby Paul W. » September 1st, 2007, 2:48 am

ComboFix 07-08-30.3 - "Paul W" 2007-09-01 1:35:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.615 [GMT -5:00]
Command switches used :: C:\Documents and Settings\Paul Wills Sr\Desktop\Shortcut to CFScript.txt.lnk
* Created a new restore point

FILE::
C:\WINDOWS\SYSTEM32\sttss.ini2
C:\WINDOWS\SYSTEM32\sttss.bak2
C:\WINDOWS\SYSTEM32\sttss.bak1


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\VundoFix Backups
C:\VundoFix Backups\abivmufl.exe.bad
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\awfxfctm.dll.bad
C:\VundoFix Backups\bmijorcq.dll.bad
C:\VundoFix Backups\cdwxtnev.ini.bad
C:\VundoFix Backups\ckyfbknq.ini.bad
C:\VundoFix Backups\cxrtwftf.dll.bad
C:\VundoFix Backups\dfsjfatn.dll.bad
C:\VundoFix Backups\dsrjjoew.dll.bad
C:\VundoFix Backups\elexrvgi.ini.bad
C:\VundoFix Backups\epujdqik.ini.bad
C:\VundoFix Backups\ftfwtrxc.ini.bad
C:\VundoFix Backups\fwikvujh.ini.bad
C:\VundoFix Backups\fxdhnhxq.exe.bad
C:\VundoFix Backups\giqhrjoh.ini.bad
C:\VundoFix Backups\hhtsxpwt.dll.bad
C:\VundoFix Backups\hiqdnkxu.dll.bad
C:\VundoFix Backups\hjuvkiwf.dll.bad
C:\VundoFix Backups\hojrhqig.dll.bad
C:\VundoFix Backups\igvrxele.dll.bad
C:\VundoFix Backups\inixgujn.ini.bad
C:\VundoFix Backups\jpjmonlr.dll.bad
C:\VundoFix Backups\jtghdtfw.ini.bad
C:\VundoFix Backups\kiqdjupe.dll.bad
C:\VundoFix Backups\lsxcophw.ini.bad
C:\VundoFix Backups\mhtclilw.ini.bad
C:\VundoFix Backups\mnaknmvp.ini.bad
C:\VundoFix Backups\mrpwfftl.exe.bad
C:\VundoFix Backups\mtcfxfwa.ini.bad
C:\VundoFix Backups\njugxini.dll.bad
C:\VundoFix Backups\ntafjsfd.ini.bad
C:\VundoFix Backups\ohsfsooo.ini.bad
C:\VundoFix Backups\olgisait.dll.bad
C:\VundoFix Backups\onalvvur.dll.bad
C:\VundoFix Backups\ooosfsho.dll.bad
C:\VundoFix Backups\orlbejqx.ini.bad
C:\VundoFix Backups\orsyvfcg.exe.bad
C:\VundoFix Backups\pexpeqlv.exe.bad
C:\VundoFix Backups\pjnfopbw.ini.bad
C:\VundoFix Backups\psmwtctu.dll.bad
C:\VundoFix Backups\pvmnkanm.dll.bad
C:\VundoFix Backups\qcrojimb.ini.bad
C:\VundoFix Backups\qlwkhsgf.exe.bad
C:\VundoFix Backups\qnkbfykc.dll.bad
C:\VundoFix Backups\rcqcipxv.ini.bad
C:\VundoFix Backups\rlnomjpj.ini.bad
C:\VundoFix Backups\rpiahceo.exe.bad
C:\VundoFix Backups\rradbyxt.dll.bad
C:\VundoFix Backups\siitdbpu.ini.bad
C:\VundoFix Backups\sstts.dll.bad
C:\VundoFix Backups\tiasiglo.ini.bad
C:\VundoFix Backups\twpxsthh.ini.bad
C:\VundoFix Backups\txybdarr.ini.bad
C:\VundoFix Backups\upbdtiis.dll.bad
C:\VundoFix Backups\utctwmsp.ini.bad
C:\VundoFix Backups\uxkndqih.ini.bad
C:\VundoFix Backups\ventxwdc.dll.bad
C:\VundoFix Backups\vxpicqcr.dll.bad
C:\VundoFix Backups\wbpofnjp.dll.bad
C:\VundoFix Backups\weojjrsd.ini.bad
C:\VundoFix Backups\wftdhgtj.dll.bad
C:\VundoFix Backups\whpocxsl.dll.bad
C:\VundoFix Backups\wlilcthm.dll.bad
C:\VundoFix Backups\xqjeblro.dll.bad
C:\VundoFix Backups\ycyftsxo.ini.bad
C:\VundoFix Backups\ycyftsxo.tmp.bad
C:\VundoFix Backups\ygvkoohu.exe.bad
C:\WINDOWS\SYSTEM32\sttss.bak1
C:\WINDOWS\SYSTEM32\sttss.bak2
C:\WINDOWS\SYSTEM32\sttss.ini2


((((((((((((((((((((((((( Files Created from 2007-08-01 to 2007-09-01 )))))))))))))))))))))))))))))))


2007-08-30 20:29 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-27 23:37 <DIR> d-------- C:\DOCUME~1\PAULWI~1\APPLIC~1\CyberLink
2007-08-27 02:28 <DIR> d-------- C:\Program Files\Dumb
2007-08-27 00:32 <DIR> d--h----- C:\WINDOWS\SYSTEM32\GroupPolicy
2007-08-26 21:04 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-26 21:04 <DIR> d-------- C:\DOCUME~1\PAULWI~1\APPLIC~1\Lavasoft
2007-08-08 17:50 <DIR> d-------- C:\Temp
2007-08-04 00:44 <DIR> dr-h----- C:\MSOCache


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-01 01:14 --------- d-------- C:\DOCUME~1\PAULWI~1\APPLIC~1\ComcastToolbar
2007-08-20 13:08 --------- d-------- C:\Program Files\RGB
2007-08-11 02:12 --------- d-------- C:\Program Files\Common Files\scanner
2007-08-10 01:34 --------- d-------- C:\Program Files\Google
2007-08-10 01:27 --------- d-------- C:\Program Files\Startup Inspector for Windows
2007-08-10 01:24 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-10 01:23 --------- d-------- C:\Program Files\DivX
2007-08-10 01:17 --------- d-------- C:\DOCUME~1\PAULWI~1\APPLIC~1\wsInspector
2007-08-10 00:59 --------- d-------- C:\Program Files\McAfee
2007-08-09 23:51 --------- d-------- C:\DOCUME~1\CHERIC~1\APPLIC~1\Aim
2007-08-09 23:32 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-31 08:39 --------- d-------- C:\Program Files\Common Files\McAfee
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-24 12:02 33800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-07-24 07:40 79304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-07-21 09:08 40488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-07-21 09:08 35240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-07-21 09:08 201288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-07-17 14:26 --------- d-------- C:\DOCUME~1\CHARSI~1\APPLIC~1\COMCASTTOOLBAR
2007-07-13 09:20 113952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-06-26 10:13 851968 --------- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 09:35 665600 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-15 03:12 96256 --------- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-15 03:12 616960 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-15 03:12 55808 --------- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-15 03:12 532480 --------- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-15 03:12 474112 --a------ C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 03:12 449024 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-15 03:12 39424 --a------ C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-15 03:12 357888 --a------ C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-15 03:12 3064320 --------- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-15 03:12 251904 --------- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-15 03:12 205824 --------- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-15 03:12 16384 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-15 03:12 151040 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 03:12 1498112 --a------ C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-15 03:12 146432 --------- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-15 03:12 1054208 --------- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 03:12 1022976 --a------ C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 05:32 18432 --------- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 05:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2006-03-29 20:57 9583368 --a------ C:\DOCUME~1\PAULWI~1\DesktopDoctor1.5.1.exe
2005-08-25 12:10 9516504 --a------ C:\DOCUME~1\CHARSI~1\DesktopDoctor1.0.exe
2006-11-16 03:30:46 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys


((((((((((((((((((((((((((((( snapshot_2007-08-30_203628.17 )))))))))))))))))))))))))))))))))))))))))

----a-w 32,768 2007-09-01 06:16:26 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
----a-w 32,768 2007-09-01 06:16:26 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-09-01 06:16:26 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

----a-w 32,768 2007-08-31 01:26:43 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
----a-w 32,768 2007-08-31 01:26:43 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-08-31 01:26:43 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKAgentExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [2005-03-23 16:33]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe" [2005-03-23 15:47]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 19:19]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 05:08]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 21:56]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-11-23 14:42]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2005-03-09 19:10]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 02:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [2005-03-23 16:33]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2006-04-19 09:30]
"AWMON"="C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" [2005-05-25 12:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"CheckNetworkConnection"="C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=9a966111-ec8c-4369-be6c-74dd82ac6fe6

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-08-19 17:07:20]

C:\DOCUME~1\CHARSI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-08-19 17:07:20]

C:\DOCUME~1\CHERIC~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-08-19 17:07:20]

C:\DOCUME~1\PAULWI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-08-19 17:07:20]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-08-19 17:07:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"DSBrokerService"=3 (0x3)
"BITS"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)

R3 atinewp2;ATI eHomeWonder, WDM Video CODEC;C:\WINDOWS\system32\DRIVERS\atinewp2.sys
R3 P17;SB Live! 24-bit;C:\WINDOWS\system32\drivers\P17.sys


Contents of the 'Scheduled Tasks' folder
2007-08-15 06:11:32 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-08-01 06:00:02 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-01 01:40:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-01 1:40:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-01 01:40
C:\ComboFix2.txt ... 2007-08-30 20:36

--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 1:44:37 AM, on 9/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~2.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~2.DLL
O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=9a966111-ec8c-4369-be6c-74dd82ac6fe6
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

Ad-Aware SE Plus
Adobe Reader 7.0
AIM 6.0
ATI Display Driver
Comcast Rhapsody
Comcast Toolbar
Creative MediaSource
Dell Driver Reset Tool
DellSupport
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
hp deskjet 3600
hp deskjet 3600 series
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
HP Update
Image Resizer Powertoy for Windows XP
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
iTunes
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Macromedia Flash Player
McAfee SecurityCenter
McAfee SpamKiller
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Office Excel Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft PowerPoint Viewer 97
Modem Event Monitor
Modem Helper
Modem On Hold
Musicmatch® Jukebox
Picture Package
PowerDVD 5.3
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Sonic Encoders
Sony USB Driver
Sound Blaster Live! 24-bit
The Weather Channel Desktop
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Paul W.
Regular Member
 
Posts: 19
Joined: August 27th, 2007, 3:03 am
Location: Illinois

Unread postby ndmmxiaomayi » September 3rd, 2007, 6:33 am

Hello Paul,

Step 1

  1. Please download AVG Anti-Spyware and save it to your desktop.
  2. Double click on avgas-setup-7.5.0.50.exe to install AVG Anti-Spyware. Install it in the default location.
  3. Once installed, start AVG Anti-Spyware by going to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
  4. In the main screen, you should see Your Computer's Security.
    • Next to Resident Shield, click on Change state. It should now be Inactive.
    • Next to Automatic Updates, click on Change state. It should now be Inactive.
    • Next to Last Update, click on Update now. If your firewall prompts you, tell your firewall to allow it. Should you be unable to update it, download the updates from here. Save it to your desktop. Double click to run the installation and the updates will be installed. Make sure AVG Anti-Spyware is closed during the installation.
    • Right-click the AVG Anti-Spyware icon near the clock and uncheck (untick) Start with Windows. Confirm by clicking Yes.
  5. Now click on the Scanner button at the top.
  6. Select the Settings tab.
  7. Under How to act?, click on Recommended actions and select Quarantine.
  8. Under How to scan?, check (tick) all the boxes.
  9. Under Possibly unwanted software:, check (tick) all the boxes.
  10. Under Reports:, uncheck (untick) the Only if threats were found box and select Do not automatically generate report.
  11. Under What to scan?, select Scan every file.
Do not run a scan yet. You will run a scan later.

Step 2

Please download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All.
  • Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All.
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All.
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Step 3

Please print out or save this set of instructions as you will not have internet access during the fix.

Reboot into Safe Mode by following the instructions below:

  1. When you see BIOS screen, start pressing F8.
  2. A boot menu will appear shortly.
  3. Using the up down arrows, select Safe Mode and press the Enter key.
  4. Windows will now load.
  5. Log in to your usual account.

Step 4

  1. Start AVG Anti-Spyware by going to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
  2. Click on the Scanner button at the top.
  3. Select the Scan tab.
  4. Click on Complete System Scan to start the scan.
  5. When the scan has finished, follow the instructions below.
    IMPORTANT: Don't click on the Save Scan Report button before you did hit the Apply all Actions button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  6. When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  7. Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Restart your computer back into Normal Mode.

In your next reply, please post:

  1. The AVG Antispyware scan report
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby Paul W. » September 3rd, 2007, 1:58 pm

Thank you, here it is:


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:45:36 PM 9/3/2007

+ Scan result:



C:\Program Files\ComcastToolbar\comcasttoolbar.dll_0_ -> Adware.BHO : Cleaned with backup (quarantined).


::Report end



Logfile of HijackThis v1.99.1
Scan saved at 12:50:25 PM, on 9/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~2.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~2.DLL
O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=9a966111-ec8c-4369-be6c-74dd82ac6fe6
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

Ad-Aware SE Plus
Adobe Reader 7.0.9
AIM 6.0
ATI Display Driver
AVG Anti-Spyware 7.5
Comcast Rhapsody
Comcast Toolbar
Creative MediaSource
Dell Driver Reset Tool
DellSupport
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
hp deskjet 3600
hp deskjet 3600 series
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
HP Update
Image Resizer Powertoy for Windows XP
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
iTunes
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Macromedia Flash Player
McAfee SecurityCenter
McAfee SpamKiller
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Office Excel Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft PowerPoint Viewer 97
Modem Event Monitor
Modem Helper
Modem On Hold
Musicmatch® Jukebox
Picture Package
PowerDVD 5.3
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Sonic Encoders
Sony USB Driver
Sound Blaster Live! 24-bit
The Weather Channel Desktop
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Paul W.
Regular Member
 
Posts: 19
Joined: August 27th, 2007, 3:03 am
Location: Illinois

Unread postby ndmmxiaomayi » September 5th, 2007, 9:53 am

Hello Paul,

Please go to Kaspersky website and perform an online antivirus scan.
Please use Internet Explorer as it uses ActiveX.

  1. Click on Kaspersky Online Scanner button.
  2. Read through the requirements and privacy statement and click on Accept button.
  3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an ActiveX from Kaspersky. Click Yes.
  4. When the downloads have finished, click on Next button.
  5. Click on Scan Settings button.
  6. Select extended under Scan using the following antivirus database:
  7. Check (tick) these boxes under Scan options:
    • Scan Archives
    • Scan Mail Bases
  8. Click OK
  9. Click on My Computer under Please select a target to scan:
  10. Once the scan is complete it will display if your system has been infected. Click on Save as text button and save it to your desktop.
  11. Copy and paste this log in your next reply.


Please post back the Kaspersky report as well as new HijackThis log in your next reply.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby Paul W. » September 5th, 2007, 11:58 am

When I try clicking on the Kaspersky Online Scanner box, it loads for a second then disappears?
Paul W.
Regular Member
 
Posts: 19
Joined: August 27th, 2007, 3:03 am
Location: Illinois

Unread postby ndmmxiaomayi » September 6th, 2007, 7:25 am

Hi Paul,

Do you use a pop up blocker? Do you see any warning messages about pop ups being blocked?
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby Paul W. » September 6th, 2007, 9:52 am

Yes.
Paul W.
Regular Member
 
Posts: 19
Joined: August 27th, 2007, 3:03 am
Location: Illinois

Unread postby ndmmxiaomayi » September 7th, 2007, 12:41 am

Can you please tell your popup blocker to allow pop ups from Kaspersky website temporarily so that you can run the scan.

Or if it's the pop-up blocker within Internet Explorer, please click on the light yellow message box at the top and click on Allow.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby Paul W. » September 8th, 2007, 12:20 am

I've tried and still the same results?
Paul W.
Regular Member
 
Posts: 19
Joined: August 27th, 2007, 3:03 am
Location: Illinois

Unread postby ndmmxiaomayi » September 9th, 2007, 10:38 pm

Hello Paul,

Please try Trend Micro Sysclean instead.

  1. Please download Sysclean Package by Trend Micro and save it to your desktop.
  2. Download the latest Virus Pattern Files by Trend Micro and save it to your destkop. It is named lptXXX, where XXX are numbers.
    Note: Do not download the Virus Pattern Files if you don't intend to do a scan. Only download it when you want to do a scan, as they are being updated daily.
  3. Create a new folder on your desktop.
    • Right click on your desktop.
    • Click on New > Folder.
    • Type in Trend Micro as the name of the folder.
  4. Select sysclean.com by clicking once. Press Ctrl + X simultaneously.
  5. Open the Trend Micro folder you created earlier. Press Ctrl + V to paste sysclean.com into the folder.
    • Right click and select Extract All.
    • Click on Browse. Navigate to the Trend Micro folder and click OK.
    • Click Next, then Finish.
  6. Close all opened windows except the Trend Micro folder.
  7. Double click on sysclean.com to run it.
  8. Uncheck (untick) Automatically Clean Infected Files box.
  9. Once the scanning is done, click Exit.
  10. A sysclean.log is created in the Trend Micro folder.
  11. Copy and paste that log in your next reply.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 394 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware