I Have 2 files the first is the combofix text file and then the log file
ComboFix 07-09-14.2 - "Amy" 2007-09-14 16:44:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.319 [GMT -4:00]
.
ADS - svchost.exe: deleted 51200 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\6.tmp
C:\DOCUME~1\Cam\APPLIC~1\Starware
C:\DOCUME~1\Cam\APPLIC~1\Starware\MasterOptions.xml
C:\DOCUME~1\Cam\APPLIC~1\Starware\ToolbarOptions.xml
C:\DOCUME~1\LOCALS~1\APPLIC~1\Starware
C:\DOCUME~1\LOCALS~1\APPLIC~1\Starware\MasterOptions.xml
C:\DOCUME~1\LOCALS~1\APPLIC~1\Starware\ProductOptions.xml
C:\DOCUME~1\LOCALS~1\APPLIC~1\Starware\ToolbarOptions.xml
C:\DOCUME~1\Naomi\APPLIC~1\DOBE~1
C:\DOCUME~1\Naomi\APPLIC~1\Starware
C:\DOCUME~1\Naomi\APPLIC~1\Starware\MasterOptions.xml
C:\DOCUME~1\Naomi\APPLIC~1\Starware\ProductOptions.xml
C:\DOCUME~1\Naomi\APPLIC~1\Starware\ToolbarOptions.xml
C:\DOCUME~1\Naomi\MYDOCU~1\CROSOF~1
C:\Program Files\Common Files\crosof~1.net
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\PopSwatr\History\allowed
C:\Program Files\FunWebProducts\PopSwatr\History\notallow
C:\Program Files\FunWebProducts\ScreenSaver\Images\006CDCC6.urr
C:\Program Files\inetget2
C:\Program Files\ISM
C:\Program Files\ISM\BndDrive2.dll
C:\Program Files\ISM\BndDrive3.dll
C:\Program Files\ISM\dictionary.gz
C:\Program Files\ISM\ISMModule4.exe
C:\Program Files\ISM\syncupd.exe
C:\Program Files\ISM\targets.gz
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_bfeats.dat
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\ystem3~1
C:\WINDOWS\Casino.ico
C:\WINDOWS\cookies.ini
C:\WINDOWS\deskcfg.tmp
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\clnyueoi.dll
C:\WINDOWS\system32\cvjjupxt.exe
C:\WINDOWS\SYSTEM32\elbehvto.ini
C:\WINDOWS\system32\fojtttpt.dll
C:\WINDOWS\SYSTEM32\ggxvwvbp.ini
C:\WINDOWS\SYSTEM32\ioeuynlc.ini
C:\WINDOWS\system32\jpnnhxhe.dll
C:\WINDOWS\system32\kkactdkg.exe
C:\WINDOWS\system32\nlxgolev.dll
C:\WINDOWS\system32\otvheble.dll
C:\WINDOWS\system32\pbvwvxgg.dll
C:\WINDOWS\system32\pftfdjlf.dll
C:\WINDOWS\system32\prrdynpv.dll
C:\WINDOWS\system32\qfoprudu.exe
C:\WINDOWS\system32\simp_dll.dll
C:\WINDOWS\system32\supsyqiv.dll
C:\WINDOWS\system32\tmossqba.exe
C:\WINDOWS\SYSTEM32\tptttjof.ini
C:\WINDOWS\SYSTEM32\ttstv.bak1
C:\WINDOWS\SYSTEM32\ttstv.bak2
C:\WINDOWS\SYSTEM32\ttstv.ini
C:\WINDOWS\SYSTEM32\ttstv.ini2
C:\WINDOWS\SYSTEM32\ttstv.tmp
C:\WINDOWS\system32\unnxvtbb.exe
C:\WINDOWS\system32\uoldbqaw.dll
C:\WINDOWS\SYSTEM32\viqyspus.ini
C:\WINDOWS\system32\vojppjow.exe
C:\WINDOWS\SYSTEM32\vpnydrrp.ini
C:\WINDOWS\system32\vtstt.dll
C:\WINDOWS\SYSTEM32\waqbdlou.ini
C:\WINDOWS\wr.txt
C:\WINDOWS\ymbols~1
Infected copy of C:\WINDOWS\system32\ntoskrnl.exe was found & disinfected
Restored copy from - C:\WINDOWS\system32\dllcache\ntoskrnl.exe
Infected copy of C:\WINDOWS\system32\ntkrnlpa.exe was found & disinfected
Restored copy from - C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_ASC355
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_ICF
-------\asc355
-------\DomainService
-------\ICF
((((((((((((((((((((((((( Files Created from 2007-08-14 to 2007-09-14 )))))))))))))))))))))))))))))))
.
2007-09-14 16:39 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-13 18:47 1,330 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-09-13 18:46 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2007-09-13 18:46 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2007-09-13 18:46 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-09-12 21:21 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-09-12 21:16 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-09-12 21:16 37,480 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-09-12 21:16 34,184 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-09-12 21:16 32,008 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-09-12 21:16 170,408 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-09-12 21:15 109,608 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-09-12 21:12 <DIR> d-------- C:\Program Files\McAfee.com
2007-09-12 21:12 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-09-12 21:11 <DIR> d-------- C:\Program Files\McAfee
2007-09-12 21:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-09-12 20:10 <DIR> d-------- C:\DOCUME~1\Naomi\APPLIC~1\Aim
2007-09-12 20:08 <DIR> d-------- C:\Program Files\Viewpoint
2007-09-12 15:40 <DIR> d-------- C:\WINDOWS\Profiles
2007-09-12 15:11 <DIR> d-------- C:\DOCUME~1\Naomi\APPLIC~1\SUPERAntiSpyware.com
2007-09-11 16:05 76,285 --a------ C:\Program Files\setup.exe
2007-09-11 16:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-11 16:00 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-11 16:00 <DIR> d-------- C:\DOCUME~1\Amy\APPLIC~1\SUPERAntiSpyware.com
2007-09-11 15:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-04 20:45 24,064 --------- C:\WINDOWS\SYSTEM32\xfnbxjqyajdoc.dll
2007-09-03 16:21 <DIR> d-------- C:\Program Files\Words
2007-08-30 10:34 <DIR> d---s---- C:\DOCUME~1\LOCALS~1\UserData
2007-08-19 09:58 <DIR> d-------- C:\WINDOWS\wokk
2007-08-19 09:58 <DIR> d-------- C:\Program Files\Common Files\wokk
2007-08-19 09:45 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-08-18 18:20 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-08-18 18:19 <DIR> d--hs---- C:\WINDOWS\TmFvbWk
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-13 20:21 --------- d-------- C:\Program Files\AIM
2007-09-12 20:21 --------- d-------- C:\DOCUME~1\Naomi\APPLIC~1\Viewpoint
2007-09-12 20:08 --------- d-------- C:\Program Files\Common Files\AOL
2007-09-12 20:08 --------- d-------- C:\Program Files\AOD
2007-09-12 20:08 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-09-11 19:08 --------- d--h----- C:\DOCUME~1\Amy\APPLIC~1\Gtek
2007-09-11 11:29 --------- d-------- C:\Program Files\NetWaiting
2007-09-07 17:48 --------- d-------- C:\Program Files\LimeWire
2007-08-31 18:46 --------- d-------- C:\Program Files\Common Files\Real
2007-07-29 19:58 --------- d-------- C:\Program Files\Dell
2007-07-29 19:57 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-29 19:57 --------- d-------- C:\Program Files\Canon
2007-07-29 18:28 --------- d-------- C:\Program Files\EarthLink Setup
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 17:42]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 22:15]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 05:50 C:\WINDOWS\LOGI_MWX.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2006-05-14 19:58:25]
DESKTOP.INI [2004-08-10 15:04:12]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-04-02 15:15:24]
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [2006-10-30 20:01:07]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 13:59:36]
Wireless USB 2.0 WLAN Card Utility.lnk - C:\Program Files\Dell Wireless\PRISMCFG.exe [2005-04-02 15:14:43]
C:\DOCUME~1\Amy\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-08-10 15:04:12]
C:\DOCUME~1\Cam\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-08-10 15:04:12]
C:\DOCUME~1\Naomi\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-08-10 15:04:12]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"GPBvNXbNVTAOVtD"= {140105DC-BEAB-AF76-95CA-8678539685C0} - C:\WINDOWS\system32\yymgp.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IPNEPT]
IPNEPT.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\vtstt
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\DNINDIS5.SYS
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys
S3 DELL_A02;Dell TrueMobile 1300 USB2.0 WLAN Card Driver;C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
S4 PRISMSVC;PRISMSVC;C:\WINDOWS\system32\PRISMSVC.EXE
.
Contents of the 'Scheduled Tasks' folder
"2007-09-13 01:14:18 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-09-13 01:14:16 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-09-14 17:11:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-14 17:13:38 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-14 17:13
.
--- E O F ---
LOG FILE:
ComboFix 07-09-14.2 - "Amy" 2007-09-14 16:44:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.319 [GMT -4:00]
.
ADS - svchost.exe: deleted 51200 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\6.tmp
C:\DOCUME~1\Cam\APPLIC~1\Starware
C:\DOCUME~1\Cam\APPLIC~1\Starware\MasterOptions.xml
C:\DOCUME~1\Cam\APPLIC~1\Starware\ToolbarOptions.xml
C:\DOCUME~1\LOCALS~1\APPLIC~1\Starware
C:\DOCUME~1\LOCALS~1\APPLIC~1\Starware\MasterOptions.xml
C:\DOCUME~1\LOCALS~1\APPLIC~1\Starware\ProductOptions.xml
C:\DOCUME~1\LOCALS~1\APPLIC~1\Starware\ToolbarOptions.xml
C:\DOCUME~1\Naomi\APPLIC~1\DOBE~1
C:\DOCUME~1\Naomi\APPLIC~1\Starware
C:\DOCUME~1\Naomi\APPLIC~1\Starware\MasterOptions.xml
C:\DOCUME~1\Naomi\APPLIC~1\Starware\ProductOptions.xml
C:\DOCUME~1\Naomi\APPLIC~1\Starware\ToolbarOptions.xml
C:\DOCUME~1\Naomi\MYDOCU~1\CROSOF~1
C:\Program Files\Common Files\crosof~1.net
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\PopSwatr\History\allowed
C:\Program Files\FunWebProducts\PopSwatr\History\notallow
C:\Program Files\FunWebProducts\ScreenSaver\Images\006CDCC6.urr
C:\Program Files\inetget2
C:\Program Files\ISM
C:\Program Files\ISM\BndDrive2.dll
C:\Program Files\ISM\BndDrive3.dll
C:\Program Files\ISM\dictionary.gz
C:\Program Files\ISM\ISMModule4.exe
C:\Program Files\ISM\syncupd.exe
C:\Program Files\ISM\targets.gz
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_bfeats.dat
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\ystem3~1
C:\WINDOWS\Casino.ico
C:\WINDOWS\cookies.ini
C:\WINDOWS\deskcfg.tmp
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\clnyueoi.dll
C:\WINDOWS\system32\cvjjupxt.exe
C:\WINDOWS\SYSTEM32\elbehvto.ini
C:\WINDOWS\system32\fojtttpt.dll
C:\WINDOWS\SYSTEM32\ggxvwvbp.ini
C:\WINDOWS\SYSTEM32\ioeuynlc.ini
C:\WINDOWS\system32\jpnnhxhe.dll
C:\WINDOWS\system32\kkactdkg.exe
C:\WINDOWS\system32\nlxgolev.dll
C:\WINDOWS\system32\otvheble.dll
C:\WINDOWS\system32\pbvwvxgg.dll
C:\WINDOWS\system32\pftfdjlf.dll
C:\WINDOWS\system32\prrdynpv.dll
C:\WINDOWS\system32\qfoprudu.exe
C:\WINDOWS\system32\simp_dll.dll
C:\WINDOWS\system32\supsyqiv.dll
C:\WINDOWS\system32\tmossqba.exe
C:\WINDOWS\SYSTEM32\tptttjof.ini
C:\WINDOWS\SYSTEM32\ttstv.bak1
C:\WINDOWS\SYSTEM32\ttstv.bak2
C:\WINDOWS\SYSTEM32\ttstv.ini
C:\WINDOWS\SYSTEM32\ttstv.ini2
C:\WINDOWS\SYSTEM32\ttstv.tmp
C:\WINDOWS\system32\unnxvtbb.exe
C:\WINDOWS\system32\uoldbqaw.dll
C:\WINDOWS\SYSTEM32\viqyspus.ini
C:\WINDOWS\system32\vojppjow.exe
C:\WINDOWS\SYSTEM32\vpnydrrp.ini
C:\WINDOWS\system32\vtstt.dll
C:\WINDOWS\SYSTEM32\waqbdlou.ini
C:\WINDOWS\wr.txt
C:\WINDOWS\ymbols~1
Infected copy of C:\WINDOWS\system32\ntoskrnl.exe was found & disinfected
Restored copy from - C:\WINDOWS\system32\dllcache\ntoskrnl.exe
Infected copy of C:\WINDOWS\system32\ntkrnlpa.exe was found & disinfected
Restored copy from - C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_ASC355
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_ICF
-------\asc355
-------\DomainService
-------\ICF
((((((((((((((((((((((((( Files Created from 2007-08-14 to 2007-09-14 )))))))))))))))))))))))))))))))
.
2007-09-14 16:39 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-13 18:47 1,330 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-09-13 18:46 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2007-09-13 18:46 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2007-09-13 18:46 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-09-12 21:21 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-09-12 21:16
There were no results to ADSPY log
Here is Uninstall list:
AOL Instant Messenger
AOL Toolbar 2.0
APC PowerChute Personal Edition
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Conexant D850 56K V.9x DFVc Modem
Dell Media Experience
DellSupport
Digital Line Detect
EarthLink setup files
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
Internet Speed Monitor
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Logitech MouseWare 9.79.1
Macromedia Flash Player
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Helper
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
QuickBooks Simple Start Special Edition
QuickTime
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
SUPERAntiSpyware Free Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
USB 2.0 Wireless LAN Card Utility
Viewpoint Media Player
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WordPerfect Office 12
And here is new Hijackthis file:
Logfile of HijackThis v1.99.1
Scan saved at 5:38:12 PM, on 9/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.dell4me.com/myway
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/fu ... 0.0.15.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} -
http://static.zangocash.com/cab/Zango/i ... 36ade56825
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IPNEPT - IPNEPT.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: GPBvNXbNVTAOVtD - {140105DC-BEAB-AF76-95CA-8678539685C0} - C:\WINDOWS\system32\yymgp.dll (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe