Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log


  • This topic is locked This topic is locked
12 replies to this topic

#1 Magzter

Magzter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Australia
  • Local time:04:50 PM

Posted 24 July 2007 - 05:10 PM

Yerh hi, im new to Hijacthis. I downloaded it and scanned my comp because my comp has really been stuffing up, i get constant pop ups, programs downloaded that I've never seen and my computer getting slow. I have used Ad-aware and S&D they did help a bit but not fully. So here is the log, if there is anything wrong please tell me.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:25 AM, on 7/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\TEMP\win129F.tmp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\magzter\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\s2f.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\winD70.tmp.exe
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\eujfdlvy.dll",forkonce
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Magicantispy] C:\Program Files\Magicantispy\Magicantispy.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000005-0000-0000-0000-100009000004} - http://c.imputati.com/l/2fe4f069d3222c5f17...f58e4f19_35.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

--
End of file - 9140 bytes

Thanks.

---Matthew

BC AdBot (Login to Remove)

 


#2 Magzter

Magzter
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Australia
  • Local time:04:50 PM

Posted 25 July 2007 - 12:50 AM

Hmmm...It seems that the computer has got all the pop ups back since i got rid of it yesterday.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:50 PM

Posted 26 July 2007 - 05:40 AM

Hello,

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer during HijackThis Cleanup
Then, Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

Then, * Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt.
Post the contents of this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 Magzter

Magzter
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Australia
  • Local time:04:50 PM

Posted 26 July 2007 - 07:24 AM

Here you go, just as you asked.

Attached Files



#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:50 PM

Posted 26 July 2007 - 07:44 AM

Hi,

Please do not attach your logs, but copy and paste them in the thread instead...

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\system32\ouoehvxp.dll
C:\WINDOWS\system32\ssqnnoo.dll
C:\WINDOWS\system32\uvxepkuq.dll
C:\Program Files\codec_setup.exe

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"=-
"Magicantispy"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000005-0000-0000-0000-100009000004}]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 Magzter

Magzter
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Australia
  • Local time:04:50 PM

Posted 26 July 2007 - 08:12 AM

Okay, here are the logs.

Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:10 PM, on 7/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\program files\steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\magzter\Desktop\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINDOWS\system32\urqqrqr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: urqqrqr - C:\WINDOWS\SYSTEM32\urqqrqr.dll
O20 - Winlogon Notify: winkcv32 - C:\WINDOWS\SYSTEM32\winkcv32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

--
End of file - 8507 bytes


And the combofix log.

"magzter" - 2007-07-26 22:58:39 [GMT 10:00] - ComboFix 07-07-24.5 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\magzter\Desktop\CFScript.txt
* Created a new restore point


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\jlkkj.bak1
C:\WINDOWS\system32\jlkkj.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\magzter\APPLIC~1\Install.dat
C:\Program Files\codec_setup.exe
C:\WINDOWS\system32\ouoehvxp.dll
C:\WINDOWS\system32\ssqnnoo.dll
C:\WINDOWS\system32\uvxepkuq.dll


((((((((((((((((((((((((( Files Created from 2007-06-26 to 2007-07-26 )))))))))))))))))))))))))))))))


2007-07-26 22:22 <DIR> d-------- C:\Program Files\Magicantispy
2007-07-26 22:19 31,254 --a------ C:\WINDOWS\system32\urqqrqr.dll
2007-07-26 22:07 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-25 07:53 <DIR> d-------- C:\DOCUME~1\magzter\APPLIC~1\McAfee
2007-07-24 07:55 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-24 07:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-17 19:04 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-07-17 18:44 <DIR> d-------- C:\ijji
2007-07-17 18:43 <DIR> d-------- C:\DOCUME~1\magzter\APPLIC~1\InstallShield
2007-07-17 18:11 <DIR> d--h----- C:\DOCUME~1\magzter\APPLIC~1\IJJIGame
2007-07-16 22:14 <DIR> d-------- C:\Program Files\Xfire
2007-07-16 22:14 <DIR> d-------- C:\DOCUME~1\magzter\APPLIC~1\Xfire
2007-07-14 13:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-10 19:05 <DIR> d-------- C:\DOCUME~1\rob\APPLIC~1\Apple Computer
2007-07-10 18:59 <DIR> d-------- C:\Program Files\BearShare Applications
2007-07-06 21:37 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-06 21:37 <DIR> d-------- C:\Fraps
2007-07-03 18:27 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-07-03 16:54 <DIR> d-------- C:\DOCUME~1\Dom\Contacts
2007-07-03 16:52 <DIR> d-------- C:\DOCUME~1\Dom\APPLIC~1\SiteAdvisor
2007-07-01 14:34 <DIR> d-------- C:\DOCUME~1\rob\APPLIC~1\SiteAdvisor
2007-06-30 19:47 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-06-30 19:46 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-06-30 19:46 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-06-30 19:46 <DIR> d-------- C:\DOCUME~1\magzter\APPLIC~1\SiteAdvisor
2007-06-30 19:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-06-30 19:44 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-06-30 19:44 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-06-30 19:44 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-06-30 19:44 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-06-30 19:44 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-06-30 19:44 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-06-30 19:42 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-06-30 13:46 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-30 13:45 94,208 --a------ C:\WINDOWS\system32\mclsp.dll
2007-06-30 13:45 90,112 --a------ C:\WINDOWS\system32\mcrtl32.dll
2007-06-30 13:45 32,768 --a------ C:\WINDOWS\system32\instlsp.exe
2007-06-30 13:45 11,264 --a------ C:\WINDOWS\system32\sporder.dll
2007-06-30 13:44 <DIR> d-------- C:\Program Files\McAfee
2007-06-30 13:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-06-30 13:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
2007-06-30 13:41 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2007-06-30 13:41 288,320 -ra------ C:\WINDOWS\system32\mcgdmgr.dll
2007-06-30 13:41 <DIR> d-------- C:\Program Files\McAfee.com
2007-06-29 20:37 <DIR> d-------- C:\DOCUME~1\magzter\Shared
2007-06-29 20:37 <DIR> d-------- C:\DOCUME~1\magzter\Incomplete
2007-06-29 20:36 <DIR> d-------- C:\Program Files\LimeWire
2007-06-29 20:36 <DIR> d-------- C:\DOCUME~1\magzter\APPLIC~1\LimeWire
2007-06-29 16:07 22,528 --a------ C:\WINDOWS\system32\winkcv32.dll
2007-06-26 17:29 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-06-26 17:28 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2007-06-26 17:28 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-26 13:04:47 -------- d-----w C:\Program Files\Steam
2007-07-23 21:50:37 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-07-20 06:06:18 -------- d-----w C:\Program Files\World of Warcraft
2007-07-17 08:43:59 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-30 09:19:29 -------- d-----w C:\Program Files\Google
2007-06-29 13:17:17 -------- d-----w C:\DOCUME~1\magzter\APPLIC~1\Ventrilo
2007-06-24 21:40:19 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-06-23 01:26:25 -------- d-----w C:\DOCUME~1\magzter\APPLIC~1\Google
2007-06-22 23:25:39 -------- d-----w C:\Program Files\MSXML 4.0
2007-06-22 07:29:04 -------- d-----w C:\DOCUME~1\magzter\APPLIC~1\PC Suite
2007-06-22 06:27:06 -------- d-----w C:\Program Files\Nokia
2007-06-22 06:25:22 -------- d-----w C:\Program Files\DIFX
2007-06-22 06:25:06 -------- d-----w C:\Program Files\Common Files\PCSuite
2007-06-22 06:25:06 -------- d-----w C:\Program Files\Common Files\Nokia
2007-06-20 11:29:31 -------- d-----w C:\DOCUME~1\magzter\APPLIC~1\Apple Computer
2007-06-20 11:29:26 -------- d-----w C:\Program Files\iTunes
2007-06-20 11:29:22 -------- d-----w C:\Program Files\iPod
2007-06-20 11:29:06 -------- d-----w C:\Program Files\QuickTime
2007-06-20 11:28:32 -------- d-----w C:\Program Files\Apple Software Update
2007-06-18 08:07:42 13,013 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-06-18 08:07:39 -------- d-----w C:\Program Files\Illustrate
2007-06-18 07:28:24 -------- d-----w C:\Program Files\XAudioTools
2007-06-18 07:23:24 -------- d-----w C:\Program Files\NCH Swift Sound
2007-06-18 07:20:35 21,120 ----a-w C:\WINDOWS\system32\drivers\nchssvad.sys
2007-06-18 07:19:22 -------- d-----w C:\DOCUME~1\magzter\APPLIC~1\NCH Swift Sound
2007-06-18 06:41:26 -------- d-----w C:\DOCUME~1\magzter\APPLIC~1\uTorrent
2007-06-16 08:03:38 -------- d-----w C:\DOCUME~1\magzter\APPLIC~1\Leadertech
2007-06-14 09:04:35 -------- d-----w C:\Program Files\utorrent
2007-06-10 06:22:10 -------- d-----w C:\DOCUME~1\magzter\APPLIC~1\Lavasoft
2007-06-10 05:45:59 -------- d-----w C:\Program Files\VentSrv
2007-06-10 05:45:47 -------- d-----w C:\Program Files\Ventrilo
2007-06-10 02:53:26 -------- d-----w C:\DOCUME~1\magzter\APPLIC~1\WinRAR
2007-06-10 02:26:14 -------- d-----w C:\DOCUME~1\magzter\APPLIC~1\AdobeUM
2007-06-10 01:58:25 -------- d-----w C:\Program Files\MSN Messenger
2007-06-10 01:43:02 -------- d-----w C:\Program Files\Messenger
2007-06-10 01:37:43 -------- d-----w C:\DOCUME~1\magzter\APPLIC~1\Logitech
2007-06-10 01:30:54 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-06-10 01:30:49 -------- d-----w C:\Program Files\Logitech
2007-06-10 01:30:15 -------- d-----w C:\Program Files\Common Files\Logitech
2007-06-08 10:36:45 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-06-07 14:35:10 -------- d-----w C:\Program Files\Common Files\ODBC
2007-06-07 14:35:07 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-06-07 07:34:24 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-06-07 07:34:24 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-06-07 07:11:12 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-06-07 07:11:12 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-06-07 07:11:12 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-06-07 07:11:12 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-06-07 07:11:12 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-06-07 07:11:12 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-06-07 07:11:12 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-06-07 07:11:12 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-06-07 07:11:12 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-06-07 07:11:12 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-06-07 07:11:12 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-06-07 07:11:12 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-06-07 07:11:12 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-06-07 07:11:12 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-06-07 07:11:12 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-06-07 07:11:12 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-06-07 07:11:12 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-06-07 07:11:12 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-06-07 07:11:12 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-06-07 07:11:12 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-06-07 07:11:12 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-06-07 07:11:12 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-06-07 07:11:12 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-06-07 07:11:12 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-06-07 07:11:12 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-06-07 07:11:12 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
2007-06-07 07:11:12 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
2007-06-07 07:11:12 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
2007-06-07 07:11:12 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-07 07:11:12 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-06-07 07:11:11 5,644,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-06-07 07:11:11 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-06-07 07:11:11 323,584 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-06-07 07:11:11 323,584 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-06-07 07:11:11 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-07 07:11:11 278,528 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-06-07 07:11:11 274,432 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-06-07 07:11:11 274,432 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-06-07 07:11:11 274,432 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-06-07 07:11:11 270,336 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-06-07 07:11:11 266,240 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-06-07 07:11:11 266,240 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-06-07 07:11:11 266,240 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-06-07 07:11:11 262,144 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-06-07 07:11:11 262,144 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-06-07 07:11:11 262,144 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-06-07 07:11:11 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-06-07 07:11:11 253,952 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-06-07 07:11:11 249,856 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-06-07 07:11:11 249,856 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-06-07 07:11:11 249,856 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-06-07 07:11:11 249,856 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-06-07 07:11:11 249,856 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-06-07 07:11:11 245,760 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-06-07 07:11:11 245,760 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-06-07 07:11:11 241,664 ----a-w C:\WINDOWS\system32\nvrsfi.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3964D8D6-86D0-493A-B460-A805B5401114}]
2007-07-26 22:19 31254 --a------ C:\WINDOWS\system32\urqqrqr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 17:20 C:\WINDOWS\stsystra.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"nwiz"="nwiz.exe" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 14:46 C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 16:30]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-04-11 04:35]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-07 17:10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-06-25 16:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Steam"="c:\program files\steam\steam.exe" [2007-07-14 17:08]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 02:24]

C:\Documents and Settings\magzter\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-07-11 11:06:10]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-06-25 16:39:56]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-06-10 11:30:13]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3964D8D6-86D0-493A-B460-A805B5401114}"= C:\WINDOWS\system32\urqqrqr.dll [2007-07-26 22:19 31254]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqrqr]
urqqrqr.dll 2007-07-26 22:19 31254 C:\WINDOWS\system32\urqqrqr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkcv32]
winkcv32.dll 2007-06-29 16:07 22528 C:\WINDOWS\system32\winkcv32.dll

R1 MPFP;MPFP;C:\WINDOWS\system32\Drivers\Mpfp.sys
R3 E100B;Intel® PRO Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
R3 LHidUsbK;Logitech SetPoint USB Receiver device driver;C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
R3 LMouKE;Logitech SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
R3 Pcouffin;Low level access layer for CD devices;C:\WINDOWS\system32\Drivers\Pcouffin.sys
R3 STHDA;SigmaTel High Definition Audio CODEC;C:\WINDOWS\system32\drivers\sthda.sys
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\C:\WINDOWS\system32\drivers\NSDriver.sys
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;\??\C:\WINDOWS\system32\drivers\AWRTPD.sys
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter;\??\C:\WINDOWS\system32\drivers\AWRTRD.sys
S3 NCHSSVAD;SoundTap Recorder;C:\WINDOWS\system32\drivers\nchssvad.sys
S3 nmwcd;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys
S3 Nokia USB Generic;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys
S3 Nokia USB Modem;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys
S3 Nokia USB Port;Nokia USB Port;C:\WINDOWS\system32\drivers\nmwcdcj.sys


Contents of the 'Scheduled Tasks' folder
2007-07-13 03:24:05 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-30 09:43:43 C:\WINDOWS\tasks\McDefragTask.job
2007-06-30 09:43:42 C:\WINDOWS\tasks\McQcTask.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-26 23:04:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-26 23:06:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-26 23:06
C:\ComboFix2.txt ... 2007-07-26 22:17

--- E O F ---

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:50 PM

Posted 26 July 2007 - 08:32 AM

Hi,

We'll have to give this another round..

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\system32\urqqrqr.dll
C:\WINDOWS\system32\winkcv32.dll

Folder::
C:\Program Files\Magicantispy

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3964D8D6-86D0-493A-B460-A805B5401114}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3964D8D6-86D0-493A-B460-A805B5401114}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqrqr]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkcv32]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 Magzter

Magzter
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Australia
  • Local time:04:50 PM

Posted 26 July 2007 - 08:47 AM

Hello again, here you are.

"magzter" - 2007-07-26 23:37:44 [GMT 10:00] - ComboFix 07-07-24.5 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\magzter\Desktop\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Magicantispy
C:\Program Files\Magicantispy\Magicantispy.exe
C:\WINDOWS\system32\urqqrqr.dll
C:\WINDOWS\system32\winkcv32.dll


((((((((((((((((((((((((( Files Created from 2007-06-26 to 2007-07-26 )))))))))))))))))))))))))))))))


2007-07-26 22:07 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-25 07:53 <DIR> d-------- C:\DOCUME~1\magzter\APPLIC~1\McAfee
2007-07-24 07:55 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-24 07:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-17 19:04 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-07-17 18:44 <DIR> d-------- C:\ijji
2007-07-17 18:43 <DIR> d-------- C:\DOCUME~1\magzter\APPLIC~1\InstallShield
2007-07-17 18:11 <DIR> d--h----- C:\DOCUME~1\magzter\APPLIC~1\IJJIGame
2007-07-16 22:14 <DIR> d-------- C:\Program Files\Xfire
2007-07-16 22:14 <DIR> d-------- C:\DOCUME~1\magzter\APPLIC~1\Xfire
2007-07-14 13:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-10 19:05 <DIR> d-------- C:\DOCUME~1\rob\APPLIC~1\Apple Computer
2007-07-10 18:59 <DIR> d-------- C:\Program Files\BearShare Applications
2007-07-06 21:37 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-06 21:37 <DIR> d-------- C:\Fraps
2007-07-03 18:27 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-07-03 16:54 <DIR> d-------- C:\DOCUME~1\Dom\Contacts
2007-07-03 16:52 <DIR> d-------- C:\DOCUME~1\Dom\APPLIC~1\SiteAdvisor
2007-07-01 14:34 <DIR> d-------- C:\DOCUME~1\rob\APPLIC~1\SiteAdvisor
2007-06-30 19:47 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-06-30 19:46 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-06-30 19:46 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-06-30 19:46 <DIR> d-------- C:\DOCUME~1\magzter\APPLIC~1\SiteAdvisor
2007-06-30 19:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-06-30 19:44 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-06-30 19:44 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-06-30 19:44 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-06-30 19:44 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-06-30 19:44 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-06-30 19:44 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-06-30 19:42 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-06-30 13:46 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-30 13:45 94,208 --a------ C:\WINDOWS\system32\mclsp.dll
2007-06-30 13:45 90,112 --a------ C:\WINDOWS\system32\mcrtl32.dll
2007-06-30 13:45 32,768 --a------ C:\WINDOWS\system32\instlsp.exe
2007-06-30 13:45 11,264 --a------ C:\WINDOWS\system32\sporder.dll
2007-06-30 13:44 <DIR> d-------- C:\Program Files\McAfee
2007-06-30 13:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-06-30 13:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
2007-06-30 13:41 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2007-06-30 13:41 288,320 -ra------ C:\WINDOWS\system32\mcgdmgr.dll
2007-06-30 13:41 <DIR> d-------- C:\Program Files\McAfee.com
2007-06-29 20:37 <DIR> d-------- C:\DOCUME~1\magzter\Shared
2007-06-29 20:37 <DIR> d-------- C:\DOCUME~1\magzter\Incomplete
2007-06-29 20:36 <DIR> d-------- C:\Program Files\LimeWire
2007-06-29 20:36 <DIR> d-------- C:\DOCUME~1\magzter\APPLIC~1\LimeWire
2007-06-26 17:29 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-06-26 17:28 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2007-06-26 17:28 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-26 13:43:03 -------- d-----w C:\Program Files\Steam
2007-07-23 21:50:37 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-07-20 06:06:18 -------- d-----w C:\Program Files\World of Warcraft
2007-07-17 08:43:59 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-30 09:19:29 -------- d-----w C:\Program Files\Google
2007-06-29 13:17:17 -------- d-----w C:\DOCUME~1\magzter\APPLIC~1\Ventrilo
2007-06-24 21:40:19 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-06-23 01:26:25 -------- d-----w C:\DOCUME~1\magzter\APPLIC~1\Google
2007-06-22 23:25:39 -------- d-----w C:\Program Files\MSXML 4.0
2007-06-22 07:29:04 -------- d-----w C:\DOCUME~1\magzter\APPLIC~1\PC Suite
2007-06-22 06:27:06 -------- d-----w C:\Program Files\Nokia
2007-06-22 06:25:22 -------- d-----w C:\Program Files\DIFX
2007-06-22 06:25:06 -------- d-----w C:\Program Files\Common Files\PCSuite
2007-06-22 06:25:06 -------- d-----w C:\Program Files\Common Files\Nokia
2007-06-20 11:29:31 -------- d-----w C:\DOCUME~1\magzter\APPLIC~1\Apple Computer
2007-06-20 11:29:26 -------- d-----w C:\Program Files\iTunes
2007-06-20 11:29:22 -------- d-----w C:\Program Files\iPod
2007-06-20 11:29:06 -------- d-----w C:\Program Files\QuickTime
2007-06-20 11:28:32 -------- d-----w C:\Program Files\Apple Software Update
2007-06-18 08:07:42 13,013 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-06-18 08:07:39 -------- d-----w C:\Program Files\Illustrate
2007-06-18 07:28:24 -------- d-----w C:\Program Files\XAudioTools
2007-06-18 07:23:24 -------- d-----w C:\Program Files\NCH Swift Sound
2007-06-18 07:20:35 21,120 ----a-w C:\WINDOWS\system32\drivers\nchssvad.sys
2007-06-18 07:19:22 -------- d-----w C:\DOCUME~1\magzter\APPLIC~1\NCH Swift Sound
2007-06-18 06:41:26 -------- d-----w C:\DOCUME~1\magzter\APPLIC~1\uTorrent
2007-06-16 08:03:38 -------- d-----w C:\DOCUME~1\magzter\APPLIC~1\Leadertech
2007-06-14 09:04:35 -------- d-----w C:\Program Files\utorrent
2007-06-10 06:22:10 -------- d-----w C:\DOCUME~1\magzter\APPLIC~1\Lavasoft
2007-06-10 05:45:59 -------- d-----w C:\Program Files\VentSrv
2007-06-10 05:45:47 -------- d-----w C:\Program Files\Ventrilo
2007-06-10 02:53:26 -------- d-----w C:\DOCUME~1\magzter\APPLIC~1\WinRAR
2007-06-10 02:26:14 -------- d-----w C:\DOCUME~1\magzter\APPLIC~1\AdobeUM
2007-06-10 01:58:25 -------- d-----w C:\Program Files\MSN Messenger
2007-06-10 01:43:02 -------- d-----w C:\Program Files\Messenger
2007-06-10 01:37:43 -------- d-----w C:\DOCUME~1\magzter\APPLIC~1\Logitech
2007-06-10 01:30:54 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-06-10 01:30:49 -------- d-----w C:\Program Files\Logitech
2007-06-10 01:30:15 -------- d-----w C:\Program Files\Common Files\Logitech
2007-06-08 10:36:45 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-06-07 14:35:10 -------- d-----w C:\Program Files\Common Files\ODBC
2007-06-07 14:35:07 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-06-07 07:34:24 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-06-07 07:34:24 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-06-07 07:11:12 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-06-07 07:11:12 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-06-07 07:11:12 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-06-07 07:11:12 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-06-07 07:11:12 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-06-07 07:11:12 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-06-07 07:11:12 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-06-07 07:11:12 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-06-07 07:11:12 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-06-07 07:11:12 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-06-07 07:11:12 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-06-07 07:11:12 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-06-07 07:11:12 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-06-07 07:11:12 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-06-07 07:11:12 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-06-07 07:11:12 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-06-07 07:11:12 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-06-07 07:11:12 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-06-07 07:11:12 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-06-07 07:11:12 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-06-07 07:11:12 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-06-07 07:11:12 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-06-07 07:11:12 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-06-07 07:11:12 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-06-07 07:11:12 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-06-07 07:11:12 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
2007-06-07 07:11:12 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
2007-06-07 07:11:12 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
2007-06-07 07:11:12 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-07 07:11:12 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-06-07 07:11:11 5,644,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-06-07 07:11:11 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-06-07 07:11:11 323,584 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-06-07 07:11:11 323,584 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-06-07 07:11:11 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-07 07:11:11 278,528 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-06-07 07:11:11 274,432 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-06-07 07:11:11 274,432 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-06-07 07:11:11 274,432 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-06-07 07:11:11 270,336 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-06-07 07:11:11 266,240 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-06-07 07:11:11 266,240 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-06-07 07:11:11 266,240 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-06-07 07:11:11 262,144 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-06-07 07:11:11 262,144 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-06-07 07:11:11 262,144 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-06-07 07:11:11 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-06-07 07:11:11 253,952 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-06-07 07:11:11 249,856 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-06-07 07:11:11 249,856 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-06-07 07:11:11 249,856 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-06-07 07:11:11 249,856 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-06-07 07:11:11 249,856 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-06-07 07:11:11 245,760 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-06-07 07:11:11 245,760 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-06-07 07:11:11 241,664 ----a-w C:\WINDOWS\system32\nvrsfi.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 17:20 C:\WINDOWS\stsystra.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"nwiz"="nwiz.exe" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 14:46 C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 16:30]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-04-11 04:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-06-25 16:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Steam"="c:\program files\steam\steam.exe" [2007-07-14 17:08]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 02:24]

C:\Documents and Settings\magzter\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-07-11 11:06:10]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-06-25 16:39:56]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-06-10 11:30:13]

R1 MPFP;MPFP;C:\WINDOWS\system32\Drivers\Mpfp.sys
R3 E100B;Intel® PRO Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
R3 LHidUsbK;Logitech SetPoint USB Receiver device driver;C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
R3 LMouKE;Logitech SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
R3 Pcouffin;Low level access layer for CD devices;C:\WINDOWS\system32\Drivers\Pcouffin.sys
R3 STHDA;SigmaTel High Definition Audio CODEC;C:\WINDOWS\system32\drivers\sthda.sys
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\C:\WINDOWS\system32\drivers\NSDriver.sys
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;\??\C:\WINDOWS\system32\drivers\AWRTPD.sys
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter;\??\C:\WINDOWS\system32\drivers\AWRTRD.sys
S3 NCHSSVAD;SoundTap Recorder;C:\WINDOWS\system32\drivers\nchssvad.sys
S3 nmwcd;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys
S3 Nokia USB Generic;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys
S3 Nokia USB Modem;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys
S3 Nokia USB Port;Nokia USB Port;C:\WINDOWS\system32\drivers\nmwcdcj.sys


Contents of the 'Scheduled Tasks' folder
2007-07-13 03:24:05 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-30 09:43:43 C:\WINDOWS\tasks\McDefragTask.job
2007-06-30 09:43:42 C:\WINDOWS\tasks\McQcTask.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-26 23:42:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-26 23:44:20 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-26 23:44
C:\ComboFix2.txt ... 2007-07-26 23:06
C:\ComboFix3.txt ... 2007-07-26 22:17

--- E O F ---






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:49 PM, on 7/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\magzter\Desktop\HiJackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

--
End of file - 8192 bytes

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:50 PM

Posted 26 July 2007 - 01:08 PM

Ok;

That worked.

Delete the C:\Qoobox folder

Let me know in your next reply how things are now..
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 Magzter

Magzter
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Australia
  • Local time:04:50 PM

Posted 26 July 2007 - 05:34 PM

Well, so far everything has been going good (i don't get auto-minimized anymore) but i scanned my computer a couple more times and mcafee tells me i have something called 'Winfixer' and it 'Cannot be completely removed' but besides that my computer has been going preety good, i'll post another update here in a couple of days. Thanks for the help.

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:50 PM

Posted 27 July 2007 - 03:39 AM

Hi,

Can you let me know where McAfee is still finding WinFixer? What file and in what folder is it present?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:50 PM

Posted 04 August 2007 - 04:29 AM

Problem solved here?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:50 PM

Posted 16 August 2007 - 01:03 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users