Thanks Michael. As instructed I am posting the ComboFix Log and the new Hijackthis Log
ComboFix 08-09-14.01 - Darrin Blue 2008-09-14 17:28:30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.259 [GMT -5:00]
Running from: C:\Documents and Settings\Darrin Blue\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyCleaner
C:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyCleaner\PCPrivacyCleaner.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyCleaner\Uninstall PCPrivacyCleaner.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\UltimateCleaner 2007
C:\Documents and Settings\Darrin Blue\Application Data\Microsoft\Internet Explorer\Quick Launch\PCPrivacyCleaner.lnk
C:\Documents and Settings\Darrin Blue\Application Data\Microsoft\Windows\lsass.exe
C:\Documents and Settings\Darrin Blue\Favorites\Error Cleaner.url
C:\Documents and Settings\Darrin Blue\Favorites\Privacy Protector.url
C:\Documents and Settings\Darrin Blue\Favorites\Spyware&Malware Protection.url
C:\Program Files\PCPrivacyCleaner
C:\Program Files\PCPrivacyCleaner\pcpc.exe
C:\Program Files\VAV
C:\Program Files\VAV\vav.cpl
C:\Program Files\VAV\vav.exe
C:\Program Files\VAV\vav0.dat
C:\Program Files\VAV\vav1.dat
C:\Program Files\VirusRemover2008
C:\Program Files\VirusRemover2008\Viruses.bdt
C:\Program Files\VirusRemover2008\VRM2008.exe
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\ewgn.exe
C:\WINDOWS\system32\awtrQKca.dll
C:\WINDOWS\system32\bigljn.dll
C:\WINDOWS\SYSTEM32\bmfluorn.ini
C:\WINDOWS\SYSTEM32\ddraoiwf.ini
C:\WINDOWS\system32\dlqapgvy.dll
C:\WINDOWS\SYSTEM32\dpulfuqs.ini
C:\WINDOWS\system32\eequdp.dll
C:\WINDOWS\system32\fbbehp.dll
C:\WINDOWS\system32\fzfwyu.dll
C:\WINDOWS\system32\hOYyaccf.ini
C:\WINDOWS\SYSTEM32\hOYyaccf.ini2
C:\WINDOWS\SYSTEM32\jwapyugq.ini
C:\WINDOWS\system32\lmdv.bin
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mmvvluam.dll
C:\WINDOWS\system32\nroulfmb.dll
C:\WINDOWS\system32\oqiwtv.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pjwxlmjk.dll
C:\WINDOWS\system32\qukxboat.dll
C:\WINDOWS\system32\rcmviaox.ini
C:\WINDOWS\system32\rhgnkk.dll
C:\WINDOWS\system32\squflupd.dll
C:\WINDOWS\system32\ssqQhhGA.dll
C:\WINDOWS\system32\uskovgkw.dll
C:\WINDOWS\system32\vav.cpl
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\SYSTEM32\xbtheyel.ini
C:\WINDOWS\system32\xoaivmcr.dll
C:\WINDOWS\system32\yaleibnf.dll
----- BITS: Possible infected sites -----
http://contrhost.net.
((((((((((((((((((((((((( Files Created from 2008-08-14 to 2008-09-14 )))))))))))))))))))))))))))))))
.
2008-09-12 13:05 . 2008-09-12 13:05 21,184 --ahs---- C:\WINDOWS\SYSTEM32\__c0038D5A.jpg
2008-09-09 16:27 . 2008-09-09 16:27 <DIR> d-------- C:\Documents and Settings\Darrin Blue\Application Data\PCPrivacyCleaner
2008-09-09 11:15 . 2008-09-09 11:15 <DIR> d-------- C:\Documents and Settings\Darrin Blue\Application Data\VirusRemover2008
2008-09-09 08:02 . 2008-09-09 08:03 326,144 --a------ C:\WINDOWS\SYSTEM32\fccayYOh.dll
2008-09-09 07:54 . 2008-09-08 17:32 3,262 --a------ C:\WINDOWS\SYSTEM32\2.ico
2008-09-09 07:50 . 2008-09-09 07:50 <DIR> d-------- C:\Program Files\MSA
2008-09-09 07:50 . 2008-09-09 05:41 393,216 --a------ C:\WINDOWS\dtseqrxk.dll
2008-09-09 07:50 . 2008-09-09 05:41 339,968 --a------ C:\WINDOWS\vmgspntblge.dll
2008-09-09 07:50 . 2008-09-09 05:41 204,800 --a------ C:\WINDOWS\fqbewlna.dll
2008-09-09 07:50 . 2008-09-09 05:41 200,704 --a------ C:\WINDOWS\mgxfebsq.dll
2008-09-09 07:50 . 2008-09-08 16:50 165,888 --a------ C:\WINDOWS\SYSTEM32\MSa.cpl
2008-09-09 07:50 . 2008-09-09 05:41 131,072 --a------ C:\WINDOWS\mqgldfvo.exe
2008-09-09 07:50 . 2008-09-08 17:32 31,232 --a------ C:\x
2008-09-09 07:50 . 2008-09-08 17:32 3,262 --a------ C:\WINDOWS\SYSTEM32\1.ico
2008-09-06 17:34 . 2008-09-06 17:34 25,088 --a------ C:\WINDOWS\SYSTEM32\supsafe.dll
2008-09-06 17:34 . 2008-09-06 17:34 25,088 --a------ C:\WINDOWS\SYSTEM32\roisafe.dll
2008-08-27 20:13 . 2008-08-27 20:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\CatRoot_bak
2008-08-18 21:35 . 2008-08-18 21:35 <DIR> d-------- C:\Program Files\iPod
2008-08-18 21:35 . 2008-08-18 21:35 <DIR> d-------- C:\Documents and Settings\Darrin Blue\Application Data\Apple Computer
2008-08-18 21:34 . 2008-08-18 21:35 <DIR> d-------- C:\Program Files\iTunes
2008-08-18 21:34 . 2008-08-18 21:34 <DIR> d-------- C:\Program Files\Bonjour
2008-08-18 21:33 . 2008-08-18 21:34 <DIR> d-------- C:\Program Files\QuickTime
2008-08-18 21:33 . 2008-08-18 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-18 21:32 . 2008-08-18 21:32 <DIR> d----c--- C:\WINDOWS\SYSTEM32\DRVSTORE
2008-08-18 21:32 . 2008-08-18 21:32 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-18 21:31 . 2008-08-18 21:31 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-08-18 21:31 . 2008-08-18 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-12 06:02 --------- d-----w C:\Documents and Settings\Darrin Blue\Application Data\WeatherBug
2008-09-09 16:39 --------- d-----w C:\Program Files\Common Files\Real
2008-09-09 16:39 --------- d-----w C:\Program Files\Common Files\Java
2008-09-09 15:42 --------- d-----w C:\Program Files\Rhapsody
2008-08-14 20:25 --------- d-----w C:\Program Files\Aquatica 3D
2008-07-21 20:19 --------- d-----w C:\Documents and Settings\Julia Blue\Application Data\HP
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2008-07-18 03:47 --------- d-----w C:\Program Files\QUICKENW
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-24 15:57 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-06-23 09:20 70,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-05-28 19:44 86,776 -c--a-w C:\Documents and Settings\Darrin Blue\Application Data\GDIPFONTCACHEV1.DAT
2004-05-11 20:14 167 -c-ha-w C:\Documents and Settings\Darrin Blue\hpothb07.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4473547F-BA76-4657-9961-F92A4969556D}]
2008-09-09 08:03 326144 --a------ C:\WINDOWS\system32\fccayYOh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CBA410D-20B1-43AA-91E4-0F83CF4E249D}]
2008-09-09 05:41 339968 --a------ C:\WINDOWS\vmgspntblge.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8485774-8230-4D88-B00F-4A04A3E4FC1C}]
2008-09-06 17:34 25088 --a------ C:\WINDOWS\system32\roisafe.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{64D115E0-EF9F-4980-AAF3-F1BC78E0AF05}"= "C:\WINDOWS\fqbewlna.dll" [2008-09-09 204800]
[HKEY_CLASSES_ROOT\clsid\{64d115e0-ef9f-4980-aaf3-f1bc78e0af05}]
[HKEY_CLASSES_ROOT\fqbewlna.1]
[HKEY_CLASSES_ROOT\TypeLib\{FFC1107B-5E36-4377-93A3-A1445D03E3EA}]
[HKEY_CLASSES_ROOT\fqbewlna]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2004-08-31 1597440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"McAfee QuickClean Imonitor"="C:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe" [2004-08-25 94208]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred"="C:\Program Files\McAfee\McAfee Shared Components\Shredder 5\SHRED32.EXE" [2004-08-15 57344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 126976]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2005-05-10 110592]
"Optimum Online"="C:\Program Files\Optimum Online\Netsurf.exe" [2004-07-06 802816]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-05-10 11776]
"AutoUpdater"="C:\Program Files\AutoUpdate\AutoUpdate.exe" [2006-02-16 225280]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2001-10-05 24576]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2001-08-23 331830]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 28738]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Billminder.lnk - C:\Program Files\QUICKENW\BILLMIND.EXE [2002-09-02 36864]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2002-08-28 45056]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2005-05-12 73728]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 24633]
Quicken Startup.lnk - C:\Program Files\QUICKENW\QWDLLS.EXE [2002-09-02 36864]
Shortcut to Daytext.lnk - C:\Program Files\Daytext\Daytext.exe [2000-09-23 176128]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-02-05 54512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0038D5A]
2008-09-12 13:05 21184 C:\WINDOWS\SYSTEM32\__c0038D5A.jpg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=fbbehp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo! Games\\Yahoo! Pin High Country Club Golf\\Course1.exe"=
"C:\\Program Files\\Yahoo! Games\\Yahoo! Ten Pin Championship Bowling\\Yahoo Ten Pin Championship Bowling.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"C:\\WINDOWS\\SYSTEM32\\USMT\\migwiz.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 38144]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
BHO-{75d842a9-c22e-4ddc-8ff2-18e22595a9f7} - C:\WINDOWS\system32\fbbehp.dll
HKCU-Run-MoneyAgent - C:\Program Files\Microsoft Money\System\Money Express.exe
HKCU-Run-\YUR59.exe - C:\Windows\system32\YUR59.exe
HKCU-Run-\YUR5A.exe - C:\Windows\system32\YUR5A.exe
HKCU-Run-\YUR5B.exe - C:\Windows\system32\YUR5B.exe
HKCU-Run-\YUR5C.exe - C:\Windows\system32\YUR5C.exe
HKCU-Run-\YUR1.exe - C:\Windows\system32\YUR1.exe
HKCU-Run-\YUR2.exe - C:\Windows\system32\YUR2.exe
HKCU-Run-\YUR3.exe - C:\Windows\system32\YUR3.exe
HKCU-Run-\YUR4.exe - C:\Windows\system32\YUR4.exe
HKLM-Run-\YUR59.exe - C:\Windows\system32\YUR59.exe
HKLM-Run-\YUR5A.exe - C:\Windows\system32\YUR5A.exe
HKLM-Run-\YUR5B.exe - C:\Windows\system32\YUR5B.exe
HKLM-Run-\YUR5C.exe - C:\Windows\system32\YUR5C.exe
HKLM-Run-ANTIVIRUS - C:\Program Files\VAV\vav.exe
HKLM-Run-\YUR1.exe - C:\Windows\system32\YUR1.exe
HKLM-Run-\YUR2.exe - C:\Windows\system32\YUR2.exe
HKLM-Run-\YUR3.exe - C:\Windows\system32\YUR3.exe
HKLM-Run-\YUR4.exe - C:\Windows\system32\YUR4.exe
HKLM-Run-VirusRemover2008 - C:\Program Files\VirusRemover2008\VRM2008.exe
HKLM-Run-18022052 - C:\WINDOWS\system32\nroulfmb.dll
Notify-avicore - avicore.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Darrin Blue\Application Data\Mozilla\Firefox\Profiles\
0okg97ne.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-09-14 17:38:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\Documents and Settings\Darrin Blue\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.ccbceb54.ini.inuse
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\__c0038D5A.jpg
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\WINDOWS\SYSTEM32\HPZipm12.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\SYSTEM32\dwwin.exe
.
**************************************************************************
.
Completion time: 2008-09-14 17:49:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-14 22:49:44
Pre-Run: 4,774,940,672 bytes free
Post-Run: 4,705,255,424 bytes free
289 --- E O F --- 2008-08-14 08:02:41
****************************************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:57, on 9/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {4473547F-BA76-4657-9961-F92A4969556D} - C:\WINDOWS\system32\fccayYOh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: QXK Olive - {8CBA410D-20B1-43AA-91E4-0F83CF4E249D} - C:\WINDOWS\vmgspntblge.dll
O2 - BHO: Safe surf - {A8485774-8230-4D88-B00F-4A04A3E4FC1C} - C:\WINDOWS\system32\roisafe.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: fqbewlna - {64D115E0-EF9F-4980-AAF3-F1BC78E0AF05} - C:\WINDOWS\fqbewlna.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] "C:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe" /START
O4 - HKCU\..\RunOnce: [DelayShred] "C:\Program Files\McAfee\McAfee Shared Components\Shredder 5\SHRED32.EXE" /q C:\DOCUME~1\DARRIN~1\LOCALS~1\TEMPOR~1\Content.SH! C:\DOCUME~1\DARRIN~1\LOCALS~1\TEMPOR~1\Content.IE5\G9O70J8V\SPACER~2.SH! C:\DOCUME~1\DARRIN~1\LOCALS~1\TEMPOR~1\Content.IE5\2XHQFAL8\CAHCA5~1.SH! C:\DOCUME~1\DARRIN~1\LOCALS~1\TEMPOR~1\Content.IE5\T4715BZV\CLICKC~1.SH! C:\DOCUME~1\DARRIN~1\LOCALS~1\TEMPOR~1\Content.IE5\T4715BZV\SPACER~1.SH! C:\DOCUME~1\DARRIN~1\LOCALS~1\TEMPOR~1\Content.IE5\G9O70J8V\SPACER~1.SH! C:\DOCUME~1\DARRIN~1\LOCALS~1\History\History.SH!
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Shortcut to Daytext.lnk = C:\Program Files\Daytext\Daytext.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O20 - AppInit_DLLs: fbbehp.dll
O20 - Winlogon Notify: __c0038D5A - C:\WINDOWS\SYSTEM32\__c0038D5A.jpg
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
--
End of file - 8927 bytes