Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lots Of New Windows Opening, And Possable Trojans


  • This topic is locked This topic is locked
16 replies to this topic

#1 tigerthunder

tigerthunder

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 20 August 2007 - 08:12 AM

well heres the logfle it looks bad, lots of new windows opening on start up and during internet useage.
thanks in advance



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:18 AM, on 8/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\I8kfanGUI\i8kfangui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/explore.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.comcast.net/explore.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/explore.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\TFR633.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: (no name) - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\jkhgdd.dll",sitypnow
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\i8kfangui.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {3759252A-7748-4DBE-AD87-AE8CE8D244D6} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {B79A9CFB-D5BB-4268-817A-592369A3E917} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {B9C1644D-47B6-405D-9EB2-9DED17903595} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.mbakercorp.com/CFIDE/classes/CFJava.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} - http://static.waverevenue.com/website.cab
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) -
O20 - Winlogon Notify: cefiiabd - C:\WINDOWS\system32\cefiiabd.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 11352 bytes

BC AdBot (Login to Remove)

 


#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:11:37 AM

Posted 20 August 2007 - 03:31 PM

Hello tigerthunder :thumbsup:

My name is SNOWHITE and I will be helping you with your Malware problem.

PLEASE READ THIS POST COMPLETELY, IT MAY MAKE IT EASIER FOR YOU IF YOU COPY AND PASTE THIS POST INTO A NEW TEXT DOCUMENT OR PRINT IT FOR REFERENCE LATER



Please follow the steps below exactly in the order they are written:

Step #1

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Step #2

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
In your next post please include the following reports:
  • VundoFix report
  • dss scan reports main.txt and extra.txt
Let me know how the things went.


Regards,
SNOWHITE
Posted Image

#3 tigerthunder

tigerthunder
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 20 August 2007 - 09:20 PM

well it seemed to go well, i still have aditional windows opening when im useing internet explorer. thank you so much for your help so far i really aprecatie the time and quick responce to the first post

here are the reports

vundo fix
VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 3:08:54 PM 7/25/2007

Listing files found while scanning....

C:\WINDOWS\system32\TFR3F.dll
C:\WINDOWS\system32\TFRF2.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\TFR3F.dll
C:\WINDOWS\system32\TFR3F.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\TFRF2.dll
C:\WINDOWS\system32\TFRF2.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 4:07:09 PM 7/25/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 8:29:49 PM 8/5/2007

Listing files found while scanning....

C:\WINDOWS\system32\TFR35.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\TFR35.dll
C:\WINDOWS\system32\TFR35.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 9:08:55 PM 8/20/2007

Listing files found while scanning....

C:\WINDOWS\system32\TFR1D.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\TFR1D.dll
C:\WINDOWS\system32\TFR1D.dll Has been deleted!

Performing Repairs to the registry.
Done!


dss reports
main
Deckard's System Scanner v20070819.64
Run by Justin on 2007-08-20 22:00:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-08-21 02:00:58 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Justin.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:18 AM, on 8/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\I8kfanGUI\i8kfangui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/explore.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.comcast.net/explore.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/explore.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\TFR633.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: (no name) - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\jkhgdd.dll",sitypnow
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\i8kfangui.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {3759252A-7748-4DBE-AD87-AE8CE8D244D6} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {B79A9CFB-D5BB-4268-817A-592369A3E917} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {B9C1644D-47B6-405D-9EB2-9DED17903595} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.mbakercorp.com/CFIDE/classes/CFJava.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} - http://static.waverevenue.com/website.cab
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) -
O20 - Winlogon Notify: cefiiabd - C:\WINDOWS\system32\cefiiabd.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 11352 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\Program Files\Windows NT\Accessories\WORDPAD.EXE" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R0 Vmodem (W2k Vmodem) - c:\windows\system32\drivers\vmodem.sys <Not Verified; PCTEL, INC.; HSP Modem Modem Device>
R0 Vpctcom (W2k Vpctcom) - c:\windows\system32\drivers\vpctcom.sys <Not Verified; PCtel, Inc.; HSP Modem Virtual Control Device>
R0 Vvoice (W2k Vvoice) - c:\windows\system32\drivers\vvoice.sys <Not Verified; PCtel, Inc.; PCTEL HSP Modem Voice Device>
R1 fanio (FanIO driver) - c:\windows\system32\drivers\fanio.sys <Not Verified; CD; fanio.sys>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R2 MaVctrl - c:\windows\system32\drivers\mavc2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
R3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 Ptserial (W2K Pctel Serial Device Driver) - c:\windows\system32\drivers\ptserial.sys <Not Verified; PCTEL, INC.; HSP Modem Serial Device>
R3 STAC97 (Audio Driver (WDM) - SigmaTel CODEC) - c:\windows\system32\drivers\stac97.sys <Not Verified; SigmaTel, Inc.; AC'97 Audio Controller with SigmaTel CODEC device driver.>

S3 ApfiltrService (Alps Touch Pad Filter Driver for Windows 2000/XP) - c:\windows\system32\drivers\apfiltr.sys <Not Verified; Alps Electric Co., Ltd.; Alps Touch Pad Driver for Windows 2000/XP>
S3 Bridge (MAC Bridge) - c:\windows\system32\drivers\bridge.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 BridgeMP (MAC Bridge Miniport) - c:\windows\system32\drivers\bridge.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 BWNDIS5 (BWNDIS5 NDIS Protocol Driver) - c:\windows\system32\bwndis5.sys (file missing)
S3 EL90XBC (3Com EtherLink XL 90XB/C Adapter Driver) - c:\windows\system32\drivers\el90xbc5.sys <Not Verified; 3Com Corporation; 3Com EtherLink PCI>
S3 gpibclsb (GPIB Board Class Driver) - c:\windows\system32\drivers\gpibclsb.sys (file missing)
S3 gpibclsd (GPIB Device Class Driver) - c:\windows\system32\drivers\gpibclsd.sys (file missing)
S3 i81x - c:\windows\system32\drivers\i81xnt5.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP0 - c:\windows\system32\drivers\wadv01nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP1 - c:\windows\system32\drivers\wadv02nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP2 - c:\windows\system32\drivers\wadv05nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP3 - c:\windows\system32\drivers\wsiintxx.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP4 - c:\windows\system32\drivers\wvchntxx.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimTV0 - c:\windows\system32\drivers\watv01nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimTV1 - c:\windows\system32\drivers\watv02nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 iAimTV3 - c:\windows\system32\drivers\watv04nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimTV4 - c:\windows\system32\drivers\wch7xxnt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 LSWPCv4 (Wireless-B Notebook Adapter Driver) - c:\windows\system32\drivers\rtl8180.sys <Not Verified; Realtek Semiconductor Corporation; Realtek RTL8180 Wireless LAN (Mini-)PCI NIC>
S4 cbidf - c:\windows\system32\drivers\cbidf2k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 dac2w2k - c:\windows\system32\drivers\dac2w2k.sys <Not Verified; Mylex Corporation; Mylex Disk Array Controller Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT>

S2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-08-20 21:56:13 434 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2007-08-17 19:22:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-15 01:40:08 266 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-08-14 07:10:07 364 --a------ C:\WINDOWS\Tasks\XoftSpySE.job
2007-08-01 01:01:39 358 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2007-07-20 and 2007-08-20 -----------------------------

2007-08-20 10:32:30 79360 --a------ C:\WINDOWS\ssqnmj.dll
2007-08-20 09:25:24 0 dr-----c- C:\Documents and Settings\NetworkService\Favorites
2007-08-20 09:19:31 60496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
2007-08-20 09:19:30 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
2007-08-20 09:19:19 0 d------c- C:\Program Files\Sygate
2007-08-20 09:04:16 0 d------c- C:\Program Files\Trend Micro
2007-08-20 09:02:09 79360 --a------ C:\WINDOWS\jkhgdd.dll
2007-08-20 09:01:53 70144 --a------ C:\WINDOWS\system32\TFR633.dll
2007-08-20 05:39:17 70144 --a------ C:\WINDOWS\system32\TFR60A.dll
2007-08-19 22:14:40 0 d------c- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-19 22:12:16 70144 --a------ C:\WINDOWS\system32\TFR5B5.dll
2007-08-19 22:08:26 70144 --a------ C:\WINDOWS\system32\TFR5B3.dll
2007-08-19 18:06:31 0 d------c- C:\Program Files\Lavasoft
2007-08-19 18:06:31 0 d------c- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-19 18:05:48 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-19 11:21:45 79872 --a------ C:\WINDOWS\tusppn.dll
2007-08-17 20:27:21 70656 --a------ C:\WINDOWS\system32\TFR1D1.dll
2007-08-17 20:27:21 79360 --a------ C:\WINDOWS\ssrspp.dll
2007-08-16 23:03:17 70144 --a------ C:\WINDOWS\system32\TFR13B.dll
2007-08-15 21:18:37 126464 --a------ C:\WINDOWS\iiiggg.dll
2007-08-15 21:18:03 70144 --a------ C:\WINDOWS\system32\TFR39.dll
2007-08-15 20:19:52 126464 --a------ C:\WINDOWS\opqnnm.dll
2007-08-15 20:19:45 70144 --a------ C:\WINDOWS\system32\TFR37.dll
2007-08-15 09:54:10 126464 --a------ C:\WINDOWS\byyvwu.dll
2007-08-15 09:53:55 70144 --a------ C:\WINDOWS\system32\TFR21.dll
2007-08-15 03:01:26 221184 --a------ C:\WINDOWS\system32\wmpns.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Player>
2007-08-14 07:11:24 126464 --a------ C:\WINDOWS\rqrqoo.dll
2007-08-14 07:11:19 70656 --a------ C:\WINDOWS\system32\TFR95.dll
2007-08-13 10:18:26 126464 --a------ C:\WINDOWS\opmlkl.dll
2007-08-13 09:49:55 126464 --a------ C:\WINDOWS\iifddc.dll
2007-08-13 09:45:19 70144 --a------ C:\WINDOWS\system32\TFRFC.dll
2007-08-12 22:01:43 126464 --a------ C:\WINDOWS\vtrpnn.dll
2007-08-12 21:58:14 70656 --a------ C:\WINDOWS\system32\TFR82.dll
2007-08-11 16:57:52 126464 --a------ C:\WINDOWS\awwuts.dll
2007-08-11 08:33:39 126464 --a------ C:\WINDOWS\cbbaab.dll
2007-08-11 08:33:06 70144 --a------ C:\WINDOWS\system32\TFR19.dll
2007-08-10 21:57:37 70656 --a------ C:\WINDOWS\system32\TFR42.dll
2007-08-10 19:30:14 0 dr-h---c- C:\Documents and Settings\Justin\Recent
2007-08-09 18:40:07 126464 --a------ C:\WINDOWS\urrsqo.dll
2007-08-08 18:08:08 70144 --a------ C:\WINDOWS\system32\TFR2E.dll
2007-08-08 05:36:06 126464 --a------ C:\WINDOWS\qomjih.dll
2007-08-07 22:59:28 70144 --a------ C:\WINDOWS\system32\TFR28.dll
2007-08-07 21:04:01 126976 --a------ C:\WINDOWS\wvvuvu.dll
2007-08-07 20:58:55 70144 --a------ C:\WINDOWS\system32\TFR6.dll
2007-08-07 19:07:23 126976 --a------ C:\WINDOWS\jkjihe.dll
2007-08-07 19:04:52 70144 --a------ C:\WINDOWS\system32\TFR1C.dll
2007-08-07 07:24:20 126464 --a------ C:\WINDOWS\pmkkif.dll
2007-08-07 07:23:45 69632 --a------ C:\WINDOWS\system32\TFRB4.dll
2007-08-06 17:54:16 69632 --a------ C:\WINDOWS\system32\TFR20.dll
2007-08-06 10:45:20 126464 --a------ C:\WINDOWS\rqrrsp.dll
2007-08-06 10:44:46 69632 --a------ C:\WINDOWS\system32\TFR44.dll
2007-08-06 10:14:32 126464 --a------ C:\WINDOWS\hgdbxu.dll
2007-08-06 10:12:20 69632 --a------ C:\WINDOWS\system32\TFR40.dll
2007-08-06 09:14:02 69632 --a------ C:\WINDOWS\system32\TFR5.dll
2007-08-06 08:31:16 126464 --a------ C:\WINDOWS\urstuu.dll
2007-08-06 08:18:14 69632 --a------ C:\WINDOWS\system32\TFR4.dll
2007-08-06 05:36:49 126464 --a------ C:\WINDOWS\fcbbyw.dll
2007-08-06 05:36:08 69632 --a------ C:\WINDOWS\system32\TFR2.dll
2007-08-06 00:08:35 126464 --a------ C:\WINDOWS\tuvsqp.dll
2007-08-06 00:08:22 69632 --a------ C:\WINDOWS\system32\TFR4F.dll
2007-08-05 20:54:19 0 d------c- C:\Program Files\CCleaner
2007-08-05 20:29:11 126976 --a------ C:\WINDOWS\ssrrpp.dll
2007-08-05 20:29:07 69632 --a------ C:\WINDOWS\system32\TFR81.dll
2007-08-05 20:24:19 126976 --a------ C:\WINDOWS\iihefc.dll
2007-08-05 20:24:17 69632 --a------ C:\WINDOWS\system32\TFR7F.dll
2007-08-05 19:38:23 69632 --a------ C:\WINDOWS\system32\TFR10.dll
2007-08-05 19:38:13 126976 --a------ C:\WINDOWS\wvvspm.dll
2007-08-03 08:11:38 70144 --a------ C:\WINDOWS\system32\TFR71.dll
2007-08-03 08:11:01 126976 --a------ C:\WINDOWS\ljgfeb.dll
2007-08-02 05:39:29 70144 --a------ C:\WINDOWS\system32\TFR68.dll
2007-08-02 05:38:37 126976 --a------ C:\WINDOWS\ddbbcd.dll
2007-07-31 07:10:44 69632 --a------ C:\WINDOWS\system32\TFR33.dll
2007-07-31 07:10:16 126464 --a------ C:\WINDOWS\xxvwwt.dll
2007-07-30 20:34:19 70144 --a------ C:\WINDOWS\system32\TFR4D.dll
2007-07-30 20:34:06 126464 --a------ C:\WINDOWS\hggddb.dll
2007-07-29 21:10:09 69632 --a------ C:\WINDOWS\system32\TFR31.dll
2007-07-29 21:09:56 126976 --a------ C:\WINDOWS\wvtssp.dll
2007-07-29 21:07:04 70144 --a------ C:\WINDOWS\system32\TFR2F.dll
2007-07-29 20:51:54 126976 --a------ C:\WINDOWS\pmljhe.dll
2007-07-29 16:43:22 56 --a------ C:\WINDOWS\system32\cefiiabd.cmd
2007-07-29 09:38:06 0 d------c- C:\Program Files\QuickTime
2007-07-29 09:34:33 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-07-29 09:33:40 0 d-------- C:\Program Files\Common Files\Apple
2007-07-29 09:33:37 0 d------c- C:\Documents and Settings\All Users\Application Data\Apple
2007-07-27 19:05:25 126464 --a------ C:\WINDOWS\tustsq.dll
2007-07-27 19:05:20 69632 --a------ C:\WINDOWS\system32\TFR50.dll
2007-07-27 18:43:05 70144 --a------ C:\WINDOWS\system32\TFR4C.dll
2007-07-27 18:42:26 126464 --a------ C:\WINDOWS\qonmlj.dll
2007-07-25 15:08:54 0 d------c- C:\VundoFix Backups
2007-07-25 14:35:48 126464 --a------ C:\WINDOWS\gedbxu.dll
2007-07-25 11:59:38 67072 --a------ C:\WINDOWS\system32\TFR2D.dll
2007-07-25 11:59:26 126464 --a------ C:\WINDOWS\urpono.dll
2007-07-25 08:38:09 67072 --a------ C:\WINDOWS\system32\TFRE.dll
2007-07-25 08:37:45 126464 --a------ C:\WINDOWS\cbxxxv.dll
2007-07-24 08:15:15 137728 --a------ C:\WINDOWS\system32\cefiiabd.dll
2007-07-24 08:10:57 70144 --a------ C:\WINDOWS\system32\TFR26.dll
2007-07-24 08:00:59 126464 --a------ C:\WINDOWS\urstrq.dll
2007-07-22 19:45:13 70144 --a------ C:\WINDOWS\system32\TFRFE.dll
2007-07-21 17:47:37 67072 --a------ C:\WINDOWS\system32\TFR5F.dll
2007-07-21 17:47:07 125952 --a------ C:\WINDOWS\ssrqon.dll


-- Find3M Report ---------------------------------------------------------------

2007-08-20 17:57:06 0 d-------- C:\Program Files\iTunes
2007-08-20 14:50:28 0 d-------- C:\Program Files\Full Tilt Poker
2007-08-19 22:42:27 0 d-------- C:\Program Files\bearshare
2007-08-19 18:05:48 0 d-------- C:\Program Files\Common Files
2007-08-19 11:21:10 70144 --a------ C:\WINDOWS\system32\TFR23.dll
2007-08-10 22:50:30 0 d------c- C:\Program Files\XoftSpySE
2007-08-05 20:43:30 0 d-------- C:\Program Files\McAfee
2007-08-01 05:53:50 0 d-------- C:\Program Files\Common Files\McAfee
2007-07-29 09:42:58 0 d-------- C:\Program Files\iPod
2007-07-29 09:35:05 0 d------c- C:\Program Files\Apple Software Update
2007-07-28 19:35:32 0 d------c- C:\Documents and Settings\Justin\Application Data\Adobe
2007-07-23 20:43:26 0 d-------- C:\Program Files\Java
2007-07-19 10:23:17 67072 --a------ C:\WINDOWS\system32\TFR75.dll
2007-07-19 10:22:24 125952 --a------ C:\WINDOWS\mlkkkk.dll
2007-07-18 20:46:54 67072 --a------ C:\WINDOWS\system32\TFRF.dll
2007-07-18 20:42:43 125952 --a------ C:\WINDOWS\ljgdca.dll
2007-07-18 17:59:49 67072 --a------ C:\WINDOWS\system32\TFRD.dll
2007-07-18 10:38:25 67072 --a------ C:\WINDOWS\system32\TFR25.dll
2007-07-17 06:07:40 125952 --a------ C:\WINDOWS\ljigff.dll
2007-07-17 06:07:32 67072 --a------ C:\WINDOWS\system32\TFRB5.dll
2007-07-16 19:26:54 67072 --a------ C:\WINDOWS\system32\TFR5B.dll
2007-07-15 21:52:23 0 d-------- C:\Program Files\ComcastToolbar
2007-07-15 21:47:57 67072 --a------ C:\WINDOWS\system32\TFR15.dll
2007-07-15 21:29:29 67072 --a------ C:\WINDOWS\system32\TFR13.dll
2007-07-15 21:28:58 125952 --a------ C:\WINDOWS\fcyxyv.dll
2007-07-15 19:28:11 67072 --a------ C:\WINDOWS\system32\TFR48.dll
2007-07-15 18:42:56 125952 --a------ C:\WINDOWS\ssqqro.dll
2007-07-15 18:42:50 67072 --a------ C:\WINDOWS\system32\TFR43.dll
2007-07-15 16:22:21 67072 --a------ C:\WINDOWS\system32\TFR3E.dll
2007-07-15 09:24:11 125952 --a------ C:\WINDOWS\iihhij.dll
2007-07-15 09:24:01 67072 --a------ C:\WINDOWS\system32\TFRA1.dll
2007-07-14 08:09:08 126464 --a------ C:\WINDOWS\jkkiij.dll
2007-07-14 08:08:54 67072 --a------ C:\WINDOWS\system32\TFRB.dll
2007-07-13 22:14:25 67072 --a------ C:\WINDOWS\system32\TFR4A.dll
2007-07-11 16:47:46 126464 --a------ C:\WINDOWS\cbyxuu.dll
2007-07-11 16:47:34 67072 --a------ C:\WINDOWS\system32\TFR1B.dll
2007-07-08 10:25:36 125952 --a------ C:\WINDOWS\xxxwtu.dll
2007-07-08 10:25:30 67072 --a------ C:\WINDOWS\system32\TFR3D.dll
2007-07-07 19:05:12 67072 --a------ C:\WINDOWS\system32\TFR14F.dll
2007-07-07 15:23:03 126464 --a------ C:\WINDOWS\pmljhf.dll
2007-07-07 15:22:51 67072 --a------ C:\WINDOWS\system32\TFR11D.dll
2007-07-07 12:44:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-07 12:26:35 67072 --a------ C:\WINDOWS\system32\TFRD7.dll
2007-07-07 12:12:05 67072 --a------ C:\WINDOWS\system32\TFRD5.dll
2007-07-07 12:11:31 126464 --a------ C:\WINDOWS\xxvwtt.dll
2007-07-07 08:06:02 0 d-------- C:\Program Files\SolidWorks
2007-07-06 22:50:26 67072 --a------ C:\WINDOWS\system32\TFR73.dll
2007-07-06 07:25:40 125952 --a------ C:\WINDOWS\tusqol.dll
2007-07-06 07:25:30 67072 --a------ C:\WINDOWS\system32\TFR29.dll
2007-07-06 06:47:36 125952 --a------ C:\WINDOWS\opqpqr.dll
2007-07-06 06:47:22 67072 --a------ C:\WINDOWS\system32\TFR55.dll
2007-07-05 18:56:04 67072 --a------ C:\WINDOWS\system32\TFR57.dll
2007-07-05 18:37:43 67072 --a------ C:\WINDOWS\system32\TFR46.dll
2007-07-05 17:43:59 126464 --a------ C:\WINDOWS\bywwwx.dll
2007-07-04 07:59:06 125952 --a------ C:\WINDOWS\vtrsrr.dll
2007-07-03 09:55:57 126464 --a------ C:\WINDOWS\mliifg.dll
2007-07-03 09:37:29 0 d-------- C:\Program Files\Common Files\Scanner
2007-07-03 09:17:26 126464 -----n--- C:\WINDOWS\hgdaay.dll
2007-07-03 09:11:21 0 d-------- C:\Program Files\Windows Live Safety Center
2007-07-02 16:24:16 61952 --a------ C:\WINDOWS\system32\TFRA2.dll
2007-07-02 16:24:11 168448 --a------ C:\WINDOWS\urrqpo.dll
2007-07-02 15:59:11 61952 --a------ C:\WINDOWS\system32\TFRA0.dll
2007-07-02 15:59:09 168448 --a------ C:\WINDOWS\opmmmk.dll
2007-07-01 21:44:35 168448 --a------ C:\WINDOWS\opqrpo.dll
2007-07-01 21:43:56 61952 --a------ C:\WINDOWS\system32\TFR24.dll
2007-07-01 10:20:01 168448 --a------ C:\WINDOWS\qonopn.dll
2007-07-01 10:19:55 61952 --a------ C:\WINDOWS\system32\TFR166.dll
2007-06-29 20:45:04 168448 --a----c- C:\WINDOWS\ljgggf.dll
2007-06-29 18:07:11 168448 --a----c- C:\WINDOWS\opqqqr.dll
2007-06-29 18:06:54 61952 --a------ C:\WINDOWS\system32\TFR2B.dll
2007-06-29 17:58:14 0 d-------- C:\Program Files\Google
2007-06-29 10:48:23 0 d------c- C:\Program Files\AIM
2007-06-29 10:47:57 0 d------c- C:\Documents and Settings\Justin\Application Data\Aim
2007-06-29 10:33:41 61952 --a------ C:\WINDOWS\system32\TFR3C.dll
2007-05-22 18:39:29 17192 --a------ C:\WINDOWS\system32\nvModes.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [08/22/2002 08:28 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/26/2004 01:01 PM]
"nwiz"="nwiz.exe" [10/26/2004 01:01 PM C:\WINDOWS\SYSTEM32\nwiz.exe]
"PCTVOICE"="pctspk.exe" [02/24/2003 04:35 PM C:\WINDOWS\SYSTEM32\pctspk.exe]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [07/17/2002 11:18 AM]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [12/17/2002 01:28 PM]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [05/27/2004 09:05 PM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 10:32 PM]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [08/27/2003 03:20 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [05/15/2003 07:41 PM]
"ZingSpooler"="C:\Program Files\Common Files\Zing\ZingSpooler.exe" [08/02/2002 04:39 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/16/2006 08:33 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2007 09:18 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 02:33 AM]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [10/15/2004 07:40 PM]
"MSOffice"="C:\WINDOWS\ssqnmj.dll" [08/20/2007 10:32 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [12/02/2003 07:00 PM]
"i8kfangui"="C:\Program Files\I8kfanGUI\i8kfangui.exe" [01/24/2004 10:26 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]

C:\Documents and Settings\Justin\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 10:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2/17/2005 10:54:38 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
Billminder.lnk - C:\Program Files\QUICKENW\BILLMIND.EXE [7/15/2006 12:07:28 PM]
DESKTOP.INI [9/3/2002 10:00:00 AM]
Quicken Startup.lnk - C:\Program Files\QUICKENW\QWDLLS.EXE [7/15/2006 12:07:54 PM]
Wireless-B Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe [8/24/2005 8:07:19 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cefiiabd]
C:\WINDOWS\system32\cefiiabd.dll 07/24/2007 08:14 AM 137728 C:\WINDOWS\SYSTEM32\cefiiabd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-08-20 22:14:05 ------------



extra

Deckard's System Scanner v20070819.64
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile Intel® Pentium® 4 - M CPU 2.20GHz
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 767.23 MiB / 405.92 MiB
Pagefile Memory (total/avail): 1874.39 MiB / 1541.26 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1975.06 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 27.91 GiB total, 5.38 GiB free.
D: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.)
AV: McAfee VirusScan v (McAfee)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\InterCasino Alerts US\\adsdotcom.exe"="C:\\Program Files\\InterCasino Alerts US\\adsdotcom.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Support.com\\bin\\tgcmd.exe"="C:\\Program Files\\Support.com\\bin\\tgcmd.exe:*:Enabled:ComcastSUPPORT / Support.com Agent"
"C:\\Program Files\\Voiceglo\\Glophone\\glophone.exe"="C:\\Program Files\\Voiceglo\\Glophone\\glophone.exe:*:Enabled:webphone"
"C:\\Program Files\\Imesh\\Client\\iMeshClient.exe"="C:\\Program Files\\Imesh\\Client\\iMeshClient.exe:*:Enabled:iMesh Client for PC platforms"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Imesh\\iMesh5\\iMesh.exe"="C:\\Program Files\\Imesh\\iMesh5\\iMesh.exe:*:Enabled:iMesh 5"
"C:\\My Music\\iTunes\\iTunes.exe"="C:\\My Music\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealOne Player"
"C:\\Program Files\\InterCasino Alerts US\\adsdotcom.exe"="C:\\Program Files\\InterCasino Alerts US\\adsdotcom.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Justin\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Justin
LOGONSERVER=\\LAPTOP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Justin\LOCALS~1\Temp
TMP=C:\DOCUME~1\Justin\LOCALS~1\Temp
USERDOMAIN=LAPTOP
USERNAME=Justin
USERPROFILE=C:\Documents and Settings\Justin
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Justin (admin)
Tammy (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AIM Toolbar --> C:\Program Files\AIM Toolbar\uninstall.exe
ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Apple Mobile Device Support --> MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
AutoCAD 2004 --> MsiExec.exe /I{5783F2D7-0201-0409-0002-0060B0CE6BBA}
Autodesk Express Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
Broadcom Advanced Control Suite --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Canon Camera Support Core Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{001AB29C-5468-4972-8D24-2EBDB2B12133}
Canon Camera Window DS for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}
Canon Camera Window MC 5 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{89EB3ED7-225A-412E-B048-623D502C000F}
Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{68D27126-BF6A-457D-8DD0-5F35E8D41310}
Canon PhotoRecord --> MsiExec.exe /X{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}
Canon RAW Image Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{001EB665-D9EC-415E-9E13-AD2125B2B992}
Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
Canon ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Comcast Toolbar --> C:\Program Files\ComcastToolbar\uninstall.exe
Cypress USB Mass Storage Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
Dell Modem-On-Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
DivX ;-) Audio --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\Tpack.inf
DivX Total Pack --> C:\Program Files\DivX Total Pack\uninstall.exe
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
FinePixViewer Ver.3.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{24ED4D80-8294-11D5-96CD-0040266301AD} /l1033
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Full Tilt Poker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
I8kfanGUI V2.2.0 --> "C:\Program Files\I8kfanGUI\uninstall.exe"
ImageMixer VCD for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"
ImageStation Easy Upload Tools --> C:\Program Files\Easy Upload Tools\UninstallHelper\UninstallHelper.exe
iMeshBar --> rundll32 C:\PROGRA~1\iMeshBar\bar\1.bin\iMeshBar.dll,O
InterCasino --> C:\WINDOWS\system32\UnCasino5.exe InterCasinoV8
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPod for Windows 2005-02-22 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B6ACFF51-248A-4290-B50B-E50C81F25B97} /l1033
iTunes --> MsiExec.exe /I{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.12.11 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia FreeHand 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D826618-59C6-11D4-976E-00C04F8EEB39}\Setup.exe" UNINSTALL
Macromedia Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Paint Shop Pro 7 --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
PCTEL 2304WT V.9x MDC Modem Drivers --> ptuninst.exe
Quicken 2002 Deluxe --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\QUICKENW\Uninst.isu" -c"C:\Program Files\QUICKENW\uninst.dll"
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SafeCast Shared Components --> C:\Program Files\Common Files\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareSignatures Removal Tool for SpyLocked4.1 --> C:\WINDOWS\unvise32.exe C:\Program Files\SSRemoval Tool\SpyLocked4.1\uninstal.log
Sygate Personal Firewall --> MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
USB Storage Adapter FX (SM1) --> SM1UN.EXE SM1FX_AT
VideoLAN VLC media player 0.7.2 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows XP Related --> Rundll32.exe C:\WINDOWS\lbbho.dll,Uninst
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Wireless-B Notebook Adapter Configuration Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{612E2F17-1BEF-4F15-A4E7-8BE501B561C0}\Setup.exe" -l0x9
WordPerfect Office 11 --> MsiExec.exe /I{54F90B55-BEB3-4F0D-8802-228822FA5921}
XoftSpySE --> C:\Program Files\XoftSpySE\uninstall.exe
Yahoo! Toolbar for Internet Explorer --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zoom Player 3 Professional --> C:\PROGRA~1\ZOOMPL~1\UNWISE.EXE C:\PROGRA~1\ZOOMPL~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type13615 / Error
Event Submitted/Written: 08/20/2007 10:40:08 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.5700.6, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type13612 / Error
Event Submitted/Written: 08/20/2007 09:27:33 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.5700.6, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type13606 / Error
Event Submitted/Written: 08/20/2007 09:18:28 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.5700.6, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type13605 / Error
Event Submitted/Written: 08/19/2007 10:45:43 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.5700.6, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type13604 / Error
Event Submitted/Written: 08/19/2007 10:45:18 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.5700.6, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type106086 / Error
Event Submitted/Written: 08/20/2007 09:21:37 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Viewpoint Manager Service service failed to start due to the following error:
%%3

Event Record #/Type106038 / Error
Event Submitted/Written: 08/20/2007 09:22:07 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Viewpoint Manager Service service failed to start due to the following error:
%%3

Event Record #/Type106025 / Error
Event Submitted/Written: 08/20/2007 09:19:33 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Wireless-B Notebook Adapter Driver service failed to start due to the following error:
%%1058

Event Record #/Type106024 / Error
Event Submitted/Written: 08/20/2007 09:19:33 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The 3Com EtherLink XL 90XB/C Adapter Driver service failed to start due to the following error:
%%1058

Event Record #/Type105999 / Error
Event Submitted/Written: 08/19/2007 08:17:43 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Viewpoint Manager Service service failed to start due to the following error:
%%3



-- End of Deckard's System Scanner: finished at 2007-08-20 22:14:05 ------------



thank yo again

#4 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:11:37 AM

Posted 21 August 2007 - 09:12 AM

Hello tigerthunder,

Please follow the steps below exactly in the order they are written:

Step #1

Download this program:

suspicious files packer

Highlight the files listed below in bold and right-click and selecting copy.

C:\WINDOWS\system32\cefiiabd.cmd
C:\WINDOWS\system32\cefiiabd.dll
C:\WINDOWS\ssqnmj.dll
C:\WINDOWS\tusppn.dll
C:\WINDOWS\ssrspp.dll
C:\WINDOWS\iiiggg.dll
C:\WINDOWS\opqnnm.dll
C:\WINDOWS\byyvwu.dll
C:\WINDOWS\rqrqoo.dll
C:\WINDOWS\opmlkl.dll
C:\WINDOWS\iifddc.dll
C:\WINDOWS\hgdaay.dll
C:\WINDOWS\jkhgdd.dll
C:\WINDOWS\tustsq.dll
C:\WINDOWS\qonmlj.dll
C:\WINDOWS\gedbxu.dll
C:\WINDOWS\system32\TFR633.dll
C:\WINDOWS\system32\TFR5B3.dll
C:\WINDOWS\system32\TFR1D1.dll
C:\WINDOWS\system32\TFR13B.dll
C:\WINDOWS\system32\TFR39.dll
C:\WINDOWS\system32\TFR37.dll
C:\WINDOWS\system32\TFR21.dll
C:\WINDOWS\system32\TFR95.dll
C:\WINDOWS\system32\TFR31.dll
C:\WINDOWS\system32\TFR2F.dll


Then start the file packer program and right click in the white box and select paste to paste the copied file names in the field.

Then press the Continue button.

It will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.

Rename this file to tigerthunder.cab

Click on this link:
http://www.bleepingcomputer.com/submit-malware.php?channel=29
and fill in the required fields, then Browse for this filename: tigerthunder.cab
Click on the Send File button.

Thank you!

Step #2

1. Download combofix from one of these links:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply also post new HijackThis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


Regards,
SNOWHITE
Posted Image

#5 tigerthunder

tigerthunder
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 21 August 2007 - 07:01 PM

ok heres the new logs

combofix

ComboFix 07-08-17.2 - "Justin" 2007-08-21 19:42:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.274 [GMT -4:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Justin\Desktop.\internet explorer.lnk
C:\WINDOWS\acdgjl.ini
C:\WINDOWS\befgjl.ini
C:\WINDOWS\dcbbdd.ini
C:\WINDOWS\ddbbcd.dll
C:\WINDOWS\ehijkj.ini
C:\WINDOWS\ehjlmp.ini
C:\WINDOWS\fcyxyv.dll
C:\WINDOWS\ffgijl.ini
C:\WINDOWS\iihefc.dll
C:\WINDOWS\iihhij.dll
C:\WINDOWS\jihhii.ini
C:\WINDOWS\jkjihe.dll
C:\WINDOWS\ljgdca.dll
C:\WINDOWS\ljgfeb.dll
C:\WINDOWS\ljigff.dll
C:\WINDOWS\loqsut.ini
C:\WINDOWS\mlkkkk.dll
C:\WINDOWS\mpsvvw.ini
C:\WINDOWS\noqrss.ini
C:\WINDOWS\opqpqr.dll
C:\WINDOWS\orqqss.ini
C:\WINDOWS\pmljhe.dll
C:\WINDOWS\pprrss.ini
C:\WINDOWS\psstvw.ini
C:\WINDOWS\rqpqpo.ini
C:\WINDOWS\rrsrtv.ini
C:\WINDOWS\ssqqro.dll
C:\WINDOWS\ssrqon.dll
C:\WINDOWS\ssrrpp.dll
C:\WINDOWS\tusqol.dll
C:\WINDOWS\utwxxx.ini
C:\WINDOWS\utwxxx.tmp
C:\WINDOWS\uvuvvw.ini
C:\WINDOWS\vtrsrr.dll
C:\WINDOWS\vyxycf.ini
C:\WINDOWS\wvtssp.dll
C:\WINDOWS\wvvspm.dll
C:\WINDOWS\wvvuvu.dll
C:\WINDOWS\xxxwtu.dll


((((((((((((((((((((((((( Files Created from 2007-07-21 to 2007-08-21 )))))))))))))))))))))))))))))))


2007-08-21 19:41 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-21 05:35 79,360 --a------ C:\WINDOWS\yaxvvt.dll
2007-08-20 22:00 <DIR> d----c--- C:\Deckard
2007-08-20 09:19 83,096 --a------ C:\WINDOWS\SYSTEM32\SSSensor.dll
2007-08-20 09:19 60,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Teefer.sys
2007-08-20 09:19 21,075 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wpsdrvnt.sys
2007-08-20 09:19 14,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg6n.sys
2007-08-20 09:19 14,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg5n.sys
2007-08-20 09:19 14,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg4n.sys
2007-08-20 09:19 14,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg3n.sys
2007-08-20 09:19 <DIR> d----c--- C:\Program Files\Sygate
2007-08-20 09:04 <DIR> d----c--- C:\Program Files\Trend Micro
2007-08-20 09:02 79,360 --a------ C:\WINDOWS\jkhgdd.dll
2007-08-20 09:01 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR633.dll
2007-08-20 05:39 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR60A.dll
2007-08-19 22:14 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-19 22:12 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR5B5.dll
2007-08-19 22:08 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR5B3.dll
2007-08-19 18:06 <DIR> d----c--- C:\Program Files\Lavasoft
2007-08-19 18:06 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-19 18:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-19 11:21 79,872 --a------ C:\WINDOWS\tusppn.dll
2007-08-17 20:27 79,360 --a------ C:\WINDOWS\ssrspp.dll
2007-08-17 20:27 70,656 --a------ C:\WINDOWS\SYSTEM32\TFR1D1.dll
2007-08-16 23:03 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR13B.dll
2007-08-15 21:18 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR39.dll
2007-08-15 21:18 126,464 --a------ C:\WINDOWS\iiiggg.dll
2007-08-15 20:19 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR37.dll
2007-08-15 20:19 126,464 --a------ C:\WINDOWS\opqnnm.dll
2007-08-15 09:54 126,464 --a------ C:\WINDOWS\byyvwu.dll
2007-08-15 09:53 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR21.dll
2007-08-15 03:01 221,184 --a------ C:\WINDOWS\SYSTEM32\wmpns.dll
2007-08-14 07:11 70,656 --a------ C:\WINDOWS\SYSTEM32\TFR95.dll
2007-08-14 07:11 126,464 --a------ C:\WINDOWS\rqrqoo.dll
2007-08-13 10:18 126,464 --a------ C:\WINDOWS\opmlkl.dll
2007-08-13 09:49 126,464 --a------ C:\WINDOWS\iifddc.dll
2007-08-13 09:45 70,144 --a------ C:\WINDOWS\SYSTEM32\TFRFC.dll
2007-08-12 22:01 126,464 --a------ C:\WINDOWS\vtrpnn.dll
2007-08-12 21:58 70,656 --a------ C:\WINDOWS\SYSTEM32\TFR82.dll
2007-08-11 16:57 126,464 --a------ C:\WINDOWS\awwuts.dll
2007-08-11 08:33 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR19.dll
2007-08-11 08:33 126,464 --a------ C:\WINDOWS\cbbaab.dll
2007-08-10 21:57 70,656 --a------ C:\WINDOWS\SYSTEM32\TFR42.dll
2007-08-09 18:40 126,464 --a------ C:\WINDOWS\urrsqo.dll
2007-08-08 18:08 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR2E.dll
2007-08-08 05:36 126,464 --a------ C:\WINDOWS\qomjih.dll
2007-08-07 22:59 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR28.dll
2007-08-07 20:58 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR6.dll
2007-08-07 19:04 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR1C.dll
2007-08-07 07:24 126,464 --a------ C:\WINDOWS\pmkkif.dll
2007-08-07 07:23 69,632 --a------ C:\WINDOWS\SYSTEM32\TFRB4.dll
2007-08-06 17:54 69,632 --a------ C:\WINDOWS\SYSTEM32\TFR20.dll
2007-08-06 10:45 126,464 --a------ C:\WINDOWS\rqrrsp.dll
2007-08-06 10:44 69,632 --a------ C:\WINDOWS\SYSTEM32\TFR44.dll
2007-08-06 10:14 126,464 --a------ C:\WINDOWS\hgdbxu.dll
2007-08-06 10:12 69,632 --a------ C:\WINDOWS\SYSTEM32\TFR40.dll
2007-08-06 09:14 69,632 --a------ C:\WINDOWS\SYSTEM32\TFR5.dll
2007-08-06 08:31 126,464 --a------ C:\WINDOWS\urstuu.dll
2007-08-06 08:18 69,632 --a------ C:\WINDOWS\SYSTEM32\TFR4.dll
2007-08-06 05:36 69,632 --a------ C:\WINDOWS\SYSTEM32\TFR2.dll
2007-08-06 05:36 126,464 --a------ C:\WINDOWS\fcbbyw.dll
2007-08-06 00:08 69,632 --a------ C:\WINDOWS\SYSTEM32\TFR4F.dll
2007-08-06 00:08 126,464 --a------ C:\WINDOWS\tuvsqp.dll
2007-08-05 20:54 <DIR> d----c--- C:\Program Files\CCleaner
2007-08-05 20:29 69,632 --a------ C:\WINDOWS\SYSTEM32\TFR81.dll
2007-08-05 20:24 69,632 --a------ C:\WINDOWS\SYSTEM32\TFR7F.dll
2007-08-05 19:38 69,632 --a------ C:\WINDOWS\SYSTEM32\TFR10.dll
2007-08-03 08:11 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR71.dll
2007-08-02 05:39 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR68.dll
2007-07-31 07:10 69,632 --a------ C:\WINDOWS\SYSTEM32\TFR33.dll
2007-07-31 07:10 126,464 --a------ C:\WINDOWS\xxvwwt.dll
2007-07-30 20:34 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR4D.dll
2007-07-30 20:34 126,464 --a------ C:\WINDOWS\hggddb.dll
2007-07-29 21:10 69,632 --a------ C:\WINDOWS\SYSTEM32\TFR31.dll
2007-07-29 21:07 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR2F.dll
2007-07-29 16:43 56 --a------ C:\WINDOWS\SYSTEM32\cefiiabd.cmd
2007-07-29 09:38 <DIR> d----c--- C:\Program Files\QuickTime
2007-07-29 09:34 <DIR> d----c--- C:\WINDOWS\SYSTEM32\DRVSTORE
2007-07-29 09:33 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-29 09:33 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-27 19:05 69,632 --a------ C:\WINDOWS\SYSTEM32\TFR50.dll
2007-07-27 19:05 126,464 --a------ C:\WINDOWS\tustsq.dll
2007-07-27 18:43 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR4C.dll
2007-07-27 18:42 126,464 --a------ C:\WINDOWS\qonmlj.dll
2007-07-25 15:08 <DIR> d----c--- C:\VundoFix Backups
2007-07-25 14:35 126,464 --a------ C:\WINDOWS\gedbxu.dll
2007-07-25 11:59 67,072 --a------ C:\WINDOWS\SYSTEM32\TFR2D.dll
2007-07-25 11:59 126,464 --a------ C:\WINDOWS\urpono.dll
2007-07-25 08:38 67,072 --a------ C:\WINDOWS\SYSTEM32\TFRE.dll
2007-07-25 08:37 126,464 --a------ C:\WINDOWS\cbxxxv.dll
2007-07-24 08:15 137,728 --a------ C:\WINDOWS\SYSTEM32\cefiiabd.dll
2007-07-24 08:10 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR26.dll
2007-07-24 08:00 126,464 --a------ C:\WINDOWS\urstrq.dll
2007-07-22 19:45 70,144 --a------ C:\WINDOWS\SYSTEM32\TFRFE.dll
2007-07-21 17:47 67,072 --a------ C:\WINDOWS\SYSTEM32\TFR5F.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-21 05:34 70144 --a------ C:\WINDOWS\system32\TFR3C.dll
2007-08-20 17:57 --------- d-------- C:\Program Files\iTunes
2007-08-20 14:50 --------- d-------- C:\Program Files\Full Tilt Poker
2007-08-19 22:42 --------- d-------- C:\Program Files\bearshare
2007-08-19 18:10 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-19 18:10 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-19 11:21 70144 --a------ C:\WINDOWS\system32\TFR23.dll
2007-08-10 22:50 --------- d----c--- C:\Program Files\XoftSpySE
2007-08-05 20:43 --------- d-------- C:\Program Files\McAfee
2007-08-01 05:53 --------- d-------- C:\Program Files\Common Files\McAfee
2007-07-29 09:42 --------- d-------- C:\Program Files\iPod
2007-07-29 09:35 --------- d----c--- C:\Program Files\Apple Software Update
2007-07-24 12:02 33800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-07-24 07:40 79304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-07-21 09:08 40488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-07-21 09:08 35240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-07-21 09:08 201288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-07-19 10:23 67072 --a------ C:\WINDOWS\system32\TFR75.dll
2007-07-18 20:46 67072 --a------ C:\WINDOWS\system32\TFRF.dll
2007-07-18 17:59 67072 --a------ C:\WINDOWS\system32\TFRD.dll
2007-07-18 10:38 67072 --a------ C:\WINDOWS\system32\TFR25.dll
2007-07-17 06:07 67072 --a------ C:\WINDOWS\system32\TFRB5.dll
2007-07-16 19:26 67072 --a------ C:\WINDOWS\system32\TFR5B.dll
2007-07-15 21:52 --------- d-------- C:\Program Files\ComcastToolbar
2007-07-15 21:47 67072 --a------ C:\WINDOWS\system32\TFR15.dll
2007-07-15 21:29 67072 --a------ C:\WINDOWS\system32\TFR13.dll
2007-07-15 19:28 67072 --a------ C:\WINDOWS\system32\TFR48.dll
2007-07-15 18:42 67072 --a------ C:\WINDOWS\system32\TFR43.dll
2007-07-15 16:22 67072 --a------ C:\WINDOWS\system32\TFR3E.dll
2007-07-15 09:24 67072 --a------ C:\WINDOWS\system32\TFRA1.dll
2007-07-14 08:09 126464 --a------ C:\WINDOWS\jkkiij.dll
2007-07-14 08:08 67072 --a------ C:\WINDOWS\system32\TFRB.dll
2007-07-13 22:14 67072 --a------ C:\WINDOWS\system32\TFR4A.dll
2007-07-13 09:20 113952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-07-11 16:47 67072 --a------ C:\WINDOWS\system32\TFR1B.dll
2007-07-11 16:47 126464 --a------ C:\WINDOWS\cbyxuu.dll
2007-07-08 10:25 67072 --a------ C:\WINDOWS\system32\TFR3D.dll
2007-07-07 19:05 67072 --a------ C:\WINDOWS\system32\TFR14F.dll
2007-07-07 15:23 126464 --a------ C:\WINDOWS\pmljhf.dll
2007-07-07 15:22 67072 --a------ C:\WINDOWS\system32\TFR11D.dll
2007-07-07 12:44 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-07 12:26 67072 --a------ C:\WINDOWS\system32\TFRD7.dll
2007-07-07 12:12 67072 --a------ C:\WINDOWS\system32\TFRD5.dll
2007-07-07 12:11 126464 --a------ C:\WINDOWS\xxvwtt.dll
2007-07-07 08:06 --------- d-------- C:\Program Files\SolidWorks
2007-07-06 22:50 67072 --a------ C:\WINDOWS\system32\TFR73.dll
2007-07-06 07:25 67072 --a------ C:\WINDOWS\system32\TFR29.dll
2007-07-06 06:47 67072 --a------ C:\WINDOWS\system32\TFR55.dll
2007-07-05 18:56 67072 --a------ C:\WINDOWS\system32\TFR57.dll
2007-07-05 18:37 67072 --a------ C:\WINDOWS\system32\TFR46.dll
2007-07-05 17:43 126464 --a------ C:\WINDOWS\bywwwx.dll
2007-07-03 09:55 126464 --a------ C:\WINDOWS\mliifg.dll
2007-07-03 09:37 --------- d-------- C:\Program Files\Common Files\Scanner
2007-07-03 09:17 126464 --------- C:\WINDOWS\hgdaay.dll
2007-07-03 09:11 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-07-02 16:24 61952 --a------ C:\WINDOWS\system32\TFRA2.dll
2007-07-02 16:24 168448 --a------ C:\WINDOWS\urrqpo.dll
2007-07-02 15:59 61952 --a------ C:\WINDOWS\system32\TFRA0.dll
2007-07-02 15:59 168448 --a------ C:\WINDOWS\opmmmk.dll
2007-07-01 21:44 168448 --a------ C:\WINDOWS\opqrpo.dll
2007-07-01 21:43 61952 --a------ C:\WINDOWS\system32\TFR24.dll
2007-07-01 10:20 168448 --a------ C:\WINDOWS\qonopn.dll
2007-07-01 10:19 61952 --a------ C:\WINDOWS\system32\TFR166.dll
2007-06-29 20:45 168448 --a--c--- C:\WINDOWS\ljgggf.dll
2007-06-29 18:07 168448 --a--c--- C:\WINDOWS\opqqqr.dll
2007-06-29 18:06 61952 --a------ C:\WINDOWS\system32\TFR2B.dll
2007-06-29 17:58 --------- d-------- C:\Program Files\Google
2007-06-29 10:48 --------- d----c--- C:\Program Files\AIM
2007-06-29 10:47 --------- d----c--- C:\DOCUME~1\Justin\APPLIC~1\Aim
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 06:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2003-08-27 15:19 36963 -ra--c--- C:\Program Files\Common Files\SM1updtr.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2002-08-22 20:28]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-26 13:01]
"nwiz"="nwiz.exe" [2004-10-26 13:01 C:\WINDOWS\SYSTEM32\nwiz.exe]
"PCTVOICE"="pctspk.exe" [2003-02-24 16:35 C:\WINDOWS\SYSTEM32\pctspk.exe]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-07-17 11:18]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 13:28]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 21:05]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 15:20]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 19:41]
"ZingSpooler"="C:\Program Files\Common Files\Zing\ZingSpooler.exe" [2002-08-02 16:39]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-16 20:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 02:33]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2003-12-02 19:00]
"i8kfangui"="C:\Program Files\I8kfanGUI\i8kfangui.exe" [2004-01-24 10:26]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

C:\Documents and Settings\Justin\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 10:00:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-02-17 22:54:38]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Billminder.lnk - C:\Program Files\QUICKENW\BILLMIND.EXE [2006-07-15 12:07:28]
DESKTOP.INI [2002-09-03 10:00:00]
Quicken Startup.lnk - C:\Program Files\QUICKENW\QWDLLS.EXE [2006-07-15 12:07:54]
Wireless-B Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe [2005-08-24 20:07:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cefiiabd]
C:\WINDOWS\system32\cefiiabd.dll 2007-07-24 08:14 137728 C:\WINDOWS\SYSTEM32\cefiiabd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 fanio;FanIO driver;\??\C:\WINDOWS\System32\drivers\fanio.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
S3 BWNDIS5;BWNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\BWNDIS5.SYS
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 gpibclsb;GPIB Board Class Driver;C:\WINDOWS\system32\Drivers\gpibclsb.sys
S3 gpibclsd;GPIB Device Class Driver;C:\WINDOWS\system32\Drivers\gpibclsd.sys
S3 LSWPCv4;Wireless-B Notebook Adapter Driver;C:\WINDOWS\system32\DRIVERS\rtl8180.sys


Contents of the 'Scheduled Tasks' folder
2007-08-17 23:22:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-15 05:40:08 C:\WINDOWS\Tasks\McDefragTask.job - C:\WINDOWS\system32\defrag.exe
2007-08-01 05:01:39 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-08-21 23:51:29 C:\WINDOWS\Tasks\XoftSpySE 2.job - C:\Program Files\XoftSpySE\XoftSpy.exe
2007-08-21 21:32:52 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-21 19:51:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-21 19:55:30 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-21 19:55

--- E O F ---

and the hijack this logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:47 PM, on 8/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\I8kfanGUI\i8kfangui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/explore.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.comcast.net/explore.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\i8kfangui.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {3759252A-7748-4DBE-AD87-AE8CE8D244D6} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {B79A9CFB-D5BB-4268-817A-592369A3E917} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {B9C1644D-47B6-405D-9EB2-9DED17903595} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.mbakercorp.com/CFIDE/classes/CFJava.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} - http://static.waverevenue.com/website.cab
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) -
O20 - Winlogon Notify: cefiiabd - C:\WINDOWS\system32\cefiiabd.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 10751 bytes


thank you again

lookforward to hering back from you

#6 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:11:37 AM

Posted 22 August 2007 - 04:47 PM

Hello tigerthunder, thanks for the files.

Please follow the steps below exactly in the order they are written:

Step #1

Please re-open HiJackThis and click on "Do a system scan only". Check the boxes next to all the entries listed below.

02 - BHO: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} - http://static.waverevenue.com/website.cab
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) -
O20 - Winlogon Notify: cefiiabd - C:\WINDOWS\system32\cefiiabd.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Step #2

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\yaxvvt.dll
C:\WINDOWS\awwuts.dll
C:\WINDOWS\cbbaab.dll
C:\WINDOWS\urrsqo.dll
C:\WINDOWS\qomjih.dll
C:\WINDOWS\vtrpnn.dll
C:\WINDOWS\pmkkif.dll
C:\WINDOWS\rqrrsp.dll
C:\WINDOWS\hgdbxu.dll
C:\WINDOWS\urstuu.dll
C:\WINDOWS\fcbbyw.dll
C:\WINDOWS\tuvsqp.dll
C:\WINDOWS\xxvwwt.dll
C:\WINDOWS\hggddb.dll
C:\WINDOWS\urpono.dll
C:\WINDOWS\jkhgdd.dll
C:\WINDOWS\gedbxu.dll
C:\WINDOWS\qonmlj.dll
C:\WINDOWS\tustsq.dll
C:\WINDOWS\opmlkl.dll
C:\WINDOWS\iifddc.dll
C:\WINDOWS\rqrqoo.dll
C:\WINDOWS\byyvwu.dll
C:\WINDOWS\opqnnm.dll
C:\WINDOWS\iiiggg.dll
C:\WINDOWS\ssrspp.dll
C:\WINDOWS\tusppn.dll
C:\WINDOWS\SYSTEM32\TFR633.dll
C:\WINDOWS\SYSTEM32\TFR60A.dll
C:\WINDOWS\SYSTEM32\TFR5B5.dll
C:\WINDOWS\SYSTEM32\TFR5B3.dll
C:\WINDOWS\SYSTEM32\TFR1D1.dll
C:\WINDOWS\SYSTEM32\TFR13B.dll
C:\WINDOWS\SYSTEM32\TFR39.dll
C:\WINDOWS\SYSTEM32\TFR37.dll
C:\WINDOWS\SYSTEM32\TFR21.dll
C:\WINDOWS\SYSTEM32\TFR95.dll
C:\WINDOWS\SYSTEM32\TFRFC.dll
C:\WINDOWS\SYSTEM32\TFR82.dll
C:\WINDOWS\SYSTEM32\TFR19.dll
C:\WINDOWS\SYSTEM32\TFR42.dll
C:\WINDOWS\SYSTEM32\TFR2E.dll
C:\WINDOWS\SYSTEM32\TFR28.dll
C:\WINDOWS\SYSTEM32\TFR6.dll
C:\WINDOWS\SYSTEM32\TFR1C.dll
C:\WINDOWS\SYSTEM32\TFRB4.dll
C:\WINDOWS\SYSTEM32\TFR20.dll
C:\WINDOWS\SYSTEM32\TFR44.dll
C:\WINDOWS\SYSTEM32\TFR40.dll
C:\WINDOWS\SYSTEM32\TFR5.dll
C:\WINDOWS\SYSTEM32\TFR4.dll
C:\WINDOWS\SYSTEM32\TFR2.dll
C:\WINDOWS\SYSTEM32\TFR4F.dll
C:\WINDOWS\SYSTEM32\TFR81.dll
C:\WINDOWS\SYSTEM32\TFR7F.dll
C:\WINDOWS\SYSTEM32\TFR10.dll
C:\WINDOWS\SYSTEM32\TFR71.dll
C:\WINDOWS\SYSTEM32\TFR68.dll
C:\WINDOWS\SYSTEM32\TFR33.dll
C:\WINDOWS\SYSTEM32\TFR4D.dll
C:\WINDOWS\SYSTEM32\TFR31.dll
C:\WINDOWS\SYSTEM32\TFR2F.dll
C:\WINDOWS\SYSTEM32\cefiiabd.cmd
C:\WINDOWS\SYSTEM32\TFR50.dll
C:\WINDOWS\SYSTEM32\TFR4C.dll
C:\WINDOWS\SYSTEM32\TFR2D.dll
C:\WINDOWS\SYSTEM32\TFRE.dll
C:\WINDOWS\SYSTEM32\cefiiabd.dll
C:\WINDOWS\SYSTEM32\TFR26.dll
C:\WINDOWS\SYSTEM32\TFRFE.dll
C:\WINDOWS\SYSTEM32\TFR5F.dll
C:\WINDOWS\system32\TFR3C.dll
C:\WINDOWS\system32\TFR23.dll
C:\WINDOWS\system32\TFR75.dll
C:\WINDOWS\system32\TFRF.dll
C:\WINDOWS\system32\TFRD.dll
C:\WINDOWS\system32\TFR25.dll
C:\WINDOWS\system32\TFRD7.dll
C:\WINDOWS\system32\TFRD5.dll
C:\WINDOWS\system32\TFR73.dll
C:\WINDOWS\system32\TFR29.dll
C:\WINDOWS\system32\TFR55.dll
C:\WINDOWS\system32\TFR57.dll
C:\WINDOWS\system32\TFR46.dll
C:\WINDOWS\system32\TFRA2.dll
C:\WINDOWS\system32\TFRA0.dll
C:\WINDOWS\system32\TFR24.dll
C:\WINDOWS\system32\TFR166.dll
C:\WINDOWS\system32\TFR2B.dll
C:\WINDOWS\system32\TFR5B.dll
C:\WINDOWS\system32\TFR15.dll
C:\WINDOWS\system32\TFR13.dll
C:\WINDOWS\system32\TFR48.dll
C:\WINDOWS\system32\TFR43.dll
C:\WINDOWS\system32\TFR3E.dll
C:\WINDOWS\system32\TFRA1.dll
C:\WINDOWS\system32\TFRB.dll
C:\WINDOWS\system32\TFR4A.dll
C:\WINDOWS\system32\TFR1B.dll
C:\WINDOWS\system32\TFR3D.dll
C:\WINDOWS\system32\TFR14F.dll
C:\WINDOWS\system32\TFR11D.dll

Collect::[29]
C:\WINDOWS\system32\TFRB5.dll
C:\WINDOWS\cbxxxv.dll
C:\WINDOWS\urstrq.dll
C:\WINDOWS\jkkiij.dll
C:\WINDOWS\cbyxuu.dll
C:\WINDOWS\pmljhf.dll
C:\WINDOWS\xxvwtt.dll
C:\WINDOWS\bywwwx.dll
C:\WINDOWS\mliifg.dll
C:\WINDOWS\hgdaay.dll
C:\WINDOWS\urrqpo.dll
C:\WINDOWS\opmmmk.dll
C:\WINDOWS\opqrpo.dll
C:\WINDOWS\qonopn.dll
C:\WINDOWS\ljgggf.dll
C:\WINDOWS\opqqqr.dll


Save this as "CFScript"


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

You will be asked to upload zipped file, please do so. Thank you.

Edited by SNOWHITE, 22 August 2007 - 06:09 PM.

SNOWHITE
Posted Image

#7 tigerthunder

tigerthunder
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 05 September 2007 - 09:43 PM

sorry it took me so long to get back to you i just moved into a new place.

i tryed to upload the file it asked for but i got a error message from your site it said "unknown error"
ive still got the issue of mutliple windows opening up when i use ie, also my computer has been running at 100% cpu when ever i use ie now so it is just barely working

thank you for your help i hope we can get this resolved

here is the log from combo fix


ComboFix 07-08-17.2 - "Justin" 2007-09-05 22:18:16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.406 [GMT -4:00]
Command switches used :: C:\Documents and Settings\Justin\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\yaxvvt.dll
C:\WINDOWS\awwuts.dll
C:\WINDOWS\cbbaab.dll
C:\WINDOWS\urrsqo.dll
C:\WINDOWS\qomjih.dll
C:\WINDOWS\vtrpnn.dll
C:\WINDOWS\pmkkif.dll
C:\WINDOWS\rqrrsp.dll
C:\WINDOWS\hgdbxu.dll
C:\WINDOWS\urstuu.dll
C:\WINDOWS\fcbbyw.dll
C:\WINDOWS\tuvsqp.dll
C:\WINDOWS\xxvwwt.dll
C:\WINDOWS\hggddb.dll
C:\WINDOWS\urpono.dll
C:\WINDOWS\jkhgdd.dll
C:\WINDOWS\gedbxu.dll
C:\WINDOWS\qonmlj.dll
C:\WINDOWS\tustsq.dll
C:\WINDOWS\opmlkl.dll
C:\WINDOWS\iifddc.dll
C:\WINDOWS\rqrqoo.dll
C:\WINDOWS\byyvwu.dll
C:\WINDOWS\opqnnm.dll
C:\WINDOWS\iiiggg.dll
C:\WINDOWS\ssrspp.dll
C:\WINDOWS\tusppn.dll
C:\WINDOWS\SYSTEM32\TFR633.dll
C:\WINDOWS\SYSTEM32\TFR60A.dll
C:\WINDOWS\SYSTEM32\TFR5B5.dll
C:\WINDOWS\SYSTEM32\TFR5B3.dll
C:\WINDOWS\SYSTEM32\TFR1D1.dll
C:\WINDOWS\SYSTEM32\TFR13B.dll
C:\WINDOWS\SYSTEM32\TFR39.dll
C:\WINDOWS\SYSTEM32\TFR37.dll
C:\WINDOWS\SYSTEM32\TFR21.dll
C:\WINDOWS\SYSTEM32\TFR95.dll
C:\WINDOWS\SYSTEM32\TFRFC.dll
C:\WINDOWS\SYSTEM32\TFR82.dll
C:\WINDOWS\SYSTEM32\TFR19.dll
C:\WINDOWS\SYSTEM32\TFR42.dll
C:\WINDOWS\SYSTEM32\TFR2E.dll
C:\WINDOWS\SYSTEM32\TFR28.dll
C:\WINDOWS\SYSTEM32\TFR6.dll
C:\WINDOWS\SYSTEM32\TFR1C.dll
C:\WINDOWS\SYSTEM32\TFRB4.dll
C:\WINDOWS\SYSTEM32\TFR20.dll
C:\WINDOWS\SYSTEM32\TFR44.dll
C:\WINDOWS\SYSTEM32\TFR40.dll
C:\WINDOWS\SYSTEM32\TFR5.dll
C:\WINDOWS\SYSTEM32\TFR4.dll
C:\WINDOWS\SYSTEM32\TFR2.dll
C:\WINDOWS\SYSTEM32\TFR4F.dll
C:\WINDOWS\SYSTEM32\TFR81.dll
C:\WINDOWS\SYSTEM32\TFR7F.dll
C:\WINDOWS\SYSTEM32\TFR10.dll
C:\WINDOWS\SYSTEM32\TFR71.dll
C:\WINDOWS\SYSTEM32\TFR68.dll
C:\WINDOWS\SYSTEM32\TFR33.dll
C:\WINDOWS\SYSTEM32\TFR4D.dll
C:\WINDOWS\SYSTEM32\TFR31.dll
C:\WINDOWS\SYSTEM32\TFR2F.dll
C:\WINDOWS\SYSTEM32\cefiiabd.cmd
C:\WINDOWS\SYSTEM32\TFR50.dll
C:\WINDOWS\SYSTEM32\TFR4C.dll
C:\WINDOWS\SYSTEM32\TFR2D.dll
C:\WINDOWS\SYSTEM32\TFRE.dll
C:\WINDOWS\SYSTEM32\cefiiabd.dll
C:\WINDOWS\SYSTEM32\TFR26.dll
C:\WINDOWS\SYSTEM32\TFRFE.dll
C:\WINDOWS\SYSTEM32\TFR5F.dll
C:\WINDOWS\system32\TFR3C.dll
C:\WINDOWS\system32\TFR23.dll
C:\WINDOWS\system32\TFR75.dll
C:\WINDOWS\system32\TFRF.dll
C:\WINDOWS\system32\TFRD.dll
C:\WINDOWS\system32\TFR25.dll
C:\WINDOWS\system32\TFRD7.dll
C:\WINDOWS\system32\TFRD5.dll
C:\WINDOWS\system32\TFR73.dll
C:\WINDOWS\system32\TFR29.dll
C:\WINDOWS\system32\TFR55.dll
C:\WINDOWS\system32\TFR57.dll
C:\WINDOWS\system32\TFR46.dll
C:\WINDOWS\system32\TFRA2.dll
C:\WINDOWS\system32\TFRA0.dll
C:\WINDOWS\system32\TFR24.dll
C:\WINDOWS\system32\TFR166.dll
C:\WINDOWS\system32\TFR2B.dll
C:\WINDOWS\system32\TFR5B.dll
C:\WINDOWS\system32\TFR15.dll
C:\WINDOWS\system32\TFR13.dll
C:\WINDOWS\system32\TFR48.dll
C:\WINDOWS\system32\TFR43.dll
C:\WINDOWS\system32\TFR3E.dll
C:\WINDOWS\system32\TFRA1.dll
C:\WINDOWS\system32\TFRB.dll
C:\WINDOWS\system32\TFR4A.dll
C:\WINDOWS\system32\TFR1B.dll
C:\WINDOWS\system32\TFR3D.dll
C:\WINDOWS\system32\TFR14F.dll
C:\WINDOWS\system32\TFR11D.dll
C:\WINDOWS\system32\TFRB5.dll
C:\WINDOWS\cbxxxv.dll
C:\WINDOWS\urstrq.dll
C:\WINDOWS\jkkiij.dll
C:\WINDOWS\cbyxuu.dll
C:\WINDOWS\pmljhf.dll
C:\WINDOWS\xxvwtt.dll
C:\WINDOWS\bywwwx.dll
C:\WINDOWS\mliifg.dll
C:\WINDOWS\hgdaay.dll
C:\WINDOWS\urrqpo.dll
C:\WINDOWS\opmmmk.dll
C:\WINDOWS\opqrpo.dll
C:\WINDOWS\qonopn.dll
C:\WINDOWS\ljgggf.dll
C:\WINDOWS\opqqqr.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\awwuts.dll
C:\WINDOWS\bywwwx.dll
C:\WINDOWS\byyvwu.dll
C:\WINDOWS\cbbaab.dll
C:\WINDOWS\cbxxxv.dll
C:\WINDOWS\cbyxuu.dll
C:\WINDOWS\fcbbyw.dll
C:\WINDOWS\gedbxu.dll
C:\WINDOWS\hgdaay.dll
C:\WINDOWS\hgdbxu.dll
C:\WINDOWS\hggddb.dll
C:\WINDOWS\iifddc.dll
C:\WINDOWS\iiiggg.dll
C:\WINDOWS\jkhgdd.dll
C:\WINDOWS\jkkiij.dll
C:\WINDOWS\ljgggf.dll
C:\WINDOWS\mliifg.dll
C:\WINDOWS\opmlkl.dll
C:\WINDOWS\opmmmk.dll
C:\WINDOWS\opqnnm.dll
C:\WINDOWS\opqqqr.dll
C:\WINDOWS\opqrpo.dll
C:\WINDOWS\pmkkif.dll
C:\WINDOWS\pmljhf.dll
C:\WINDOWS\qomjih.dll
C:\WINDOWS\qonmlj.dll
C:\WINDOWS\qonopn.dll
C:\WINDOWS\rqrqoo.dll
C:\WINDOWS\rqrrsp.dll
C:\WINDOWS\ssrspp.dll
C:\WINDOWS\SYSTEM32\cefiiabd.cmd
C:\WINDOWS\SYSTEM32\cefiiabd.dll
C:\WINDOWS\SYSTEM32\TFR10.dll
C:\WINDOWS\system32\TFR11D.dll
C:\WINDOWS\system32\TFR13.dll
C:\WINDOWS\SYSTEM32\TFR13B.dll
C:\WINDOWS\system32\TFR14F.dll
C:\WINDOWS\system32\TFR15.dll
C:\WINDOWS\system32\TFR166.dll
C:\WINDOWS\SYSTEM32\TFR19.dll
C:\WINDOWS\system32\TFR1B.dll
C:\WINDOWS\SYSTEM32\TFR1C.dll
C:\WINDOWS\SYSTEM32\TFR1D1.dll
C:\WINDOWS\SYSTEM32\TFR2.dll
C:\WINDOWS\SYSTEM32\TFR20.dll
C:\WINDOWS\SYSTEM32\TFR21.dll
C:\WINDOWS\system32\TFR23.dll
C:\WINDOWS\system32\TFR24.dll
C:\WINDOWS\system32\TFR25.dll
C:\WINDOWS\SYSTEM32\TFR26.dll
C:\WINDOWS\SYSTEM32\TFR28.dll
C:\WINDOWS\system32\TFR29.dll
C:\WINDOWS\system32\TFR2B.dll
C:\WINDOWS\SYSTEM32\TFR2D.dll
C:\WINDOWS\SYSTEM32\TFR2E.dll
C:\WINDOWS\SYSTEM32\TFR2F.dll
C:\WINDOWS\SYSTEM32\TFR31.dll
C:\WINDOWS\SYSTEM32\TFR33.dll
C:\WINDOWS\SYSTEM32\TFR37.dll
C:\WINDOWS\SYSTEM32\TFR39.dll
C:\WINDOWS\system32\TFR3C.dll
C:\WINDOWS\system32\TFR3D.dll
C:\WINDOWS\system32\TFR3E.dll
C:\WINDOWS\SYSTEM32\TFR4.dll
C:\WINDOWS\SYSTEM32\TFR40.dll
C:\WINDOWS\SYSTEM32\TFR42.dll
C:\WINDOWS\system32\TFR43.dll
C:\WINDOWS\SYSTEM32\TFR44.dll
C:\WINDOWS\system32\TFR46.dll
C:\WINDOWS\system32\TFR48.dll
C:\WINDOWS\system32\TFR4A.dll
C:\WINDOWS\SYSTEM32\TFR4C.dll
C:\WINDOWS\SYSTEM32\TFR4D.dll
C:\WINDOWS\SYSTEM32\TFR4F.dll
C:\WINDOWS\SYSTEM32\TFR5.dll
C:\WINDOWS\SYSTEM32\TFR50.dll
C:\WINDOWS\system32\TFR55.dll
C:\WINDOWS\system32\TFR57.dll
C:\WINDOWS\system32\TFR5B.dll
C:\WINDOWS\SYSTEM32\TFR5B3.dll
C:\WINDOWS\SYSTEM32\TFR5B5.dll
C:\WINDOWS\SYSTEM32\TFR5F.dll
C:\WINDOWS\SYSTEM32\TFR6.dll
C:\WINDOWS\SYSTEM32\TFR60A.dll
C:\WINDOWS\SYSTEM32\TFR633.dll
C:\WINDOWS\SYSTEM32\TFR68.dll
C:\WINDOWS\SYSTEM32\TFR71.dll
C:\WINDOWS\system32\TFR73.dll
C:\WINDOWS\system32\TFR75.dll
C:\WINDOWS\SYSTEM32\TFR7F.dll
C:\WINDOWS\SYSTEM32\TFR81.dll
C:\WINDOWS\SYSTEM32\TFR82.dll
C:\WINDOWS\SYSTEM32\TFR95.dll
C:\WINDOWS\system32\TFRA0.dll
C:\WINDOWS\system32\TFRA1.dll
C:\WINDOWS\system32\TFRA2.dll
C:\WINDOWS\system32\TFRB.dll
C:\WINDOWS\SYSTEM32\TFRB4.dll
C:\WINDOWS\system32\TFRB5.dll
C:\WINDOWS\system32\TFRD.dll
C:\WINDOWS\system32\TFRD5.dll
C:\WINDOWS\system32\TFRD7.dll
C:\WINDOWS\SYSTEM32\TFRE.dll
C:\WINDOWS\system32\TFRF.dll
C:\WINDOWS\SYSTEM32\TFRFC.dll
C:\WINDOWS\SYSTEM32\TFRFE.dll
C:\WINDOWS\tusppn.dll
C:\WINDOWS\tustsq.dll
C:\WINDOWS\tuvsqp.dll
C:\WINDOWS\urpono.dll
C:\WINDOWS\urrqpo.dll
C:\WINDOWS\urrsqo.dll
C:\WINDOWS\urstrq.dll
C:\WINDOWS\urstuu.dll
C:\WINDOWS\vtrpnn.dll
C:\WINDOWS\xxvwtt.dll
C:\WINDOWS\xxvwwt.dll
C:\WINDOWS\yaxvvt.dll


((((((((((((((((((((((((( Files Created from 2007-08-06 to 2007-09-06 )))))))))))))))))))))))))))))))


2007-09-05 10:31 79,360 --a------ C:\WINDOWS\khigge.dll
2007-09-05 10:31 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR52.dll
2007-09-04 17:58 79,360 --a------ C:\WINDOWS\tuvuur.dll
2007-09-04 17:57 70,144 --a------ C:\WINDOWS\SYSTEM32\TFRC2.dll
2007-09-03 20:51 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR14.dll
2007-09-03 20:14 70,144 --a------ C:\WINDOWS\SYSTEM32\TFRC4.dll
2007-09-02 13:50 79,872 --------- C:\WINDOWS\rqonmj.dll
2007-09-02 13:50 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR47.dll
2007-09-01 16:40 79,360 --a------ C:\WINDOWS\ljiiji.dll
2007-09-01 16:40 70,656 --a------ C:\WINDOWS\SYSTEM32\TFR165.dll
2007-08-31 20:08 79,360 --a------ C:\WINDOWS\efcdcc.dll
2007-08-31 20:07 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR56.dll
2007-08-28 20:54 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR100.dll
2007-08-28 07:28 79,360 --a------ C:\WINDOWS\opmmnn.dll
2007-08-27 20:54 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR35.dll
2007-08-25 17:46 79,360 --a------ C:\WINDOWS\efcyxu.dll
2007-08-25 17:46 70,144 --a------ C:\WINDOWS\SYSTEM32\TFR9.dll
2007-08-25 08:17 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft
2007-08-25 08:01 <DIR> d----c--- C:\Program Files\support.com
2007-08-25 08:00 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2007-08-21 19:41 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-20 22:00 <DIR> d----c--- C:\Deckard
2007-08-20 09:19 83,096 --a------ C:\WINDOWS\SYSTEM32\SSSensor.dll
2007-08-20 09:19 60,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Teefer.sys
2007-08-20 09:19 21,075 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wpsdrvnt.sys
2007-08-20 09:19 14,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg6n.sys
2007-08-20 09:19 14,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg5n.sys
2007-08-20 09:19 14,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg4n.sys
2007-08-20 09:19 14,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg3n.sys
2007-08-20 09:19 <DIR> d----c--- C:\Program Files\Sygate
2007-08-20 09:04 <DIR> d----c--- C:\Program Files\Trend Micro
2007-08-19 22:14 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-19 18:06 <DIR> d----c--- C:\Program Files\Lavasoft
2007-08-19 18:06 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-19 18:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-15 03:01 221,184 --a------ C:\WINDOWS\SYSTEM32\wmpns.dll
2007-08-05 20:54 <DIR> d----c--- C:\Program Files\CCleaner


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-01 07:49 --------- d----c--- C:\Program Files\XoftSpySE
2007-08-29 21:57 --------- d----c--- C:\Program Files\AutoCAD 2004
2007-08-25 08:16 --------- d-------- C:\Program Files\Comcast
2007-08-23 10:28 --------- d-------- C:\Program Files\Full Tilt Poker
2007-08-20 17:57 --------- d-------- C:\Program Files\iTunes
2007-08-19 22:42 --------- d-------- C:\Program Files\bearshare
2007-08-19 18:10 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-19 18:10 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-05 20:43 --------- d-------- C:\Program Files\McAfee
2007-08-01 05:53 --------- d-------- C:\Program Files\Common Files\McAfee
2007-07-29 09:42 --------- d-------- C:\Program Files\iPod
2007-07-29 09:39 --------- d----c--- C:\Program Files\QuickTime
2007-07-29 09:35 --------- d----c--- C:\Program Files\Apple Software Update
2007-07-29 09:33 --------- d-------- C:\Program Files\Common Files\Apple
2007-07-24 12:02 33800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-07-24 07:40 79304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-07-21 09:08 40488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-07-21 09:08 35240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-07-21 09:08 201288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-07-15 21:52 --------- d-------- C:\Program Files\ComcastToolbar
2007-07-13 09:20 113952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-07-07 12:44 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-07 08:06 --------- d-------- C:\Program Files\SolidWorks
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 06:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2003-08-27 15:19 36963 -ra--c--- C:\Program Files\Common Files\SM1updtr.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2002-08-22 20:28]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-26 13:01]
"nwiz"="nwiz.exe" [2004-10-26 13:01 C:\WINDOWS\SYSTEM32\nwiz.exe]
"PCTVOICE"="pctspk.exe" [2003-02-24 16:35 C:\WINDOWS\SYSTEM32\pctspk.exe]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-07-17 11:18]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 13:28]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 21:05]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 15:20]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 19:41]
"ZingSpooler"="C:\Program Files\Common Files\Zing\ZingSpooler.exe" [2002-08-02 16:39]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-16 20:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 02:33]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 14:21]
"MSOffice"="C:\WINDOWS\khigge.dll" [2007-09-05 10:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2003-12-02 19:00]
"i8kfangui"="C:\Program Files\I8kfanGUI\i8kfangui.exe" [2004-01-24 10:26]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

C:\Documents and Settings\Justin\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 10:00:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-02-17 22:54:38]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Billminder.lnk - C:\Program Files\QUICKENW\BILLMIND.EXE [2006-07-15 12:07:28]
DESKTOP.INI [2002-09-03 10:00:00]
Quicken Startup.lnk - C:\Program Files\QUICKENW\QWDLLS.EXE [2006-07-15 12:07:54]
Wireless-B Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe [2005-08-24 20:07:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cefiiabd]
C:\WINDOWS\system32\cefiiabd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 fanio;FanIO driver;\??\C:\WINDOWS\System32\drivers\fanio.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2);"C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe" /service /P ddoctorv2
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
S3 BWNDIS5;BWNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\BWNDIS5.SYS
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 gpibclsb;GPIB Board Class Driver;C:\WINDOWS\system32\Drivers\gpibclsb.sys
S3 gpibclsd;GPIB Device Class Driver;C:\WINDOWS\system32\Drivers\gpibclsd.sys
S3 LSWPCv4;Wireless-B Notebook Adapter Driver;C:\WINDOWS\system32\DRIVERS\rtl8180.sys


Contents of the 'Scheduled Tasks' folder
2007-08-31 23:22:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-15 05:40:08 C:\WINDOWS\Tasks\McDefragTask.job - C:\WINDOWS\system32\defrag.exe
2007-09-01 05:01:23 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-09-06 02:26:59 C:\WINDOWS\Tasks\XoftSpySE 2.job
2007-09-01 11:49:02 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-05 22:27:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-09-05 22:31:49 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-05 22:31
C:\ComboFix2.txt ... 2007-08-21 19:55

--- E O F ---
i hope this helps


thank you again
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:11 PM, on 9/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\I8kfanGUI\i8kfangui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/explore.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.comcast.net/explore.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\khigge.dll",sitypnow
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\i8kfangui.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {3759252A-7748-4DBE-AD87-AE8CE8D244D6} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {B79A9CFB-D5BB-4268-817A-592369A3E917} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {B9C1644D-47B6-405D-9EB2-9DED17903595} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.mbakercorp.com/CFIDE/classes/CFJava.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O20 - Winlogon Notify: cefiiabd - C:\WINDOWS\system32\cefiiabd.dll (file missing)
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 10754 bytes
this is the hijack this log


thank you
thank you

Edited by tigerthunder, 05 September 2007 - 09:45 PM.


#8 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:11:37 AM

Posted 06 September 2007 - 02:27 PM

Hello tigerthunder :thumbsup:

Please follow the steps below exactly in the order they are written:

Step #1

First, remove the version of combofix that you have, because it is outdated version, then re-download the latest version from one of these links:

Link1
Link2

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\khigge.dll
C:\WINDOWS\SYSTEM32\TFR52.dll
C:\WINDOWS\tuvuur.dll
C:\WINDOWS\SYSTEM32\TFRC2.dll
C:\WINDOWS\SYSTEM32\TFR14.dll
C:\WINDOWS\SYSTEM32\TFRC4.dll
C:\WINDOWS\rqonmj.dll
C:\WINDOWS\SYSTEM32\TFR47.dll
C:\WINDOWS\ljiiji.dll
C:\WINDOWS\SYSTEM32\TFR165.dll
C:\WINDOWS\efcdcc.dll
C:\WINDOWS\SYSTEM32\TFR56.dll
C:\WINDOWS\SYSTEM32\TFR100.dll
C:\WINDOWS\opmmnn.dll
C:\WINDOWS\SYSTEM32\TFR35.dll
C:\WINDOWS\efcyxu.dll
C:\WINDOWS\SYSTEM32\TFR9.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cefiiabd]


Save this as "CFScript"


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Step #2

- Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • - Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
    http://www.ewido.net/en/download/
    • Install AVG Anti-Spyware by double clicking the installer.
    • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
    • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

If you are unable to run scan with AVG Anti-Spyware in Safe Mode, Click the next link http://fileserver.ewido.net/public.cgi?id=20990 and download AVG_Anti-Spyware_7.5.1.36_Safe_Mode_Registry_Patch.reg to your desktop. It should look like this -> Posted Image double click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

- Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

- Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.


Step #3

Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

In your next post please include the following reports:
  • ComboFix report
  • AVG Anti-Spyware report
  • GMER report
  • New HijackThis log
Let me know how the things went.

Regards,
SNOWHITE
Posted Image

#9 tigerthunder

tigerthunder
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 09 September 2007 - 09:56 PM

:thumbsup:

ok, had some issues.
after i applyd all actions on the avg anti spyware the save report button became un clickable.
their did not seem to be any report from GMER.

combo fix report
ComboFix 07-09-10.2 - "Justin" 2007-09-09 19:43:39.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.295 [GMT -4:00]
* Created a new restore point

FILE::
C:\WINDOWS\khigge.dll
C:\WINDOWS\SYSTEM32\TFR52.dll
C:\WINDOWS\tuvuur.dll
C:\WINDOWS\SYSTEM32\TFRC2.dll
C:\WINDOWS\SYSTEM32\TFR14.dll
C:\WINDOWS\SYSTEM32\TFRC4.dll
C:\WINDOWS\rqonmj.dll
C:\WINDOWS\SYSTEM32\TFR47.dll
C:\WINDOWS\ljiiji.dll
C:\WINDOWS\SYSTEM32\TFR165.dll
C:\WINDOWS\efcdcc.dll
C:\WINDOWS\SYSTEM32\TFR56.dll
C:\WINDOWS\SYSTEM32\TFR100.dll
C:\WINDOWS\opmmnn.dll
C:\WINDOWS\SYSTEM32\TFR35.dll
C:\WINDOWS\efcyxu.dll
C:\WINDOWS\SYSTEM32\TFR9.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\efcdcc.dll
C:\WINDOWS\efcyxu.dll
C:\WINDOWS\khigge.dll
C:\WINDOWS\ljiiji.dll
C:\WINDOWS\opmmnn.dll
C:\WINDOWS\rqonmj.dll
C:\WINDOWS\SYSTEM32\TFR100.dll
C:\WINDOWS\SYSTEM32\TFR14.dll
C:\WINDOWS\SYSTEM32\TFR165.dll
C:\WINDOWS\SYSTEM32\TFR35.dll
C:\WINDOWS\SYSTEM32\TFR47.dll
C:\WINDOWS\SYSTEM32\TFR52.dll
C:\WINDOWS\SYSTEM32\TFR56.dll
C:\WINDOWS\SYSTEM32\TFR9.dll
C:\WINDOWS\SYSTEM32\TFRC2.dll
C:\WINDOWS\SYSTEM32\TFRC4.dll
C:\WINDOWS\tuvuur.dll


((((((((((((((((((((((((( Files Created from 2007-08-10 to 2007-09-10 )))))))))))))))))))))))))))))))
.

2007-08-25 08:17 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft
2007-08-25 08:01 <DIR> d----c--- C:\Program Files\support.com
2007-08-25 08:00 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2007-08-21 19:41 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-20 22:00 <DIR> d----c--- C:\Deckard
2007-08-20 09:19 83,096 --a------ C:\WINDOWS\SYSTEM32\SSSensor.dll
2007-08-20 09:19 60,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Teefer.sys
2007-08-20 09:19 21,075 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wpsdrvnt.sys
2007-08-20 09:19 14,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg6n.sys
2007-08-20 09:19 14,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg5n.sys
2007-08-20 09:19 14,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg4n.sys
2007-08-20 09:19 14,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg3n.sys
2007-08-20 09:19 <DIR> d----c--- C:\Program Files\Sygate
2007-08-20 09:04 <DIR> d----c--- C:\Program Files\Trend Micro
2007-08-19 22:14 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-19 18:06 <DIR> d----c--- C:\Program Files\Lavasoft
2007-08-19 18:06 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-19 18:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-15 03:01 221,184 --a------ C:\WINDOWS\SYSTEM32\wmpns.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-08 14:47 --------- d----c--- C:\Program Files\XoftSpySE
2007-08-29 21:58 --------- d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
2007-08-29 21:57 --------- d----c--- C:\Program Files\AutoCAD 2004
2007-08-25 08:16 --------- d-------- C:\Program Files\Comcast
2007-08-23 10:28 --------- d-------- C:\Program Files\Full Tilt Poker
2007-08-20 17:57 --------- d-------- C:\Program Files\iTunes
2007-08-19 22:42 --------- d-------- C:\Program Files\bearshare
2007-08-19 18:10 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-19 18:10 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-05 20:54 --------- d----c--- C:\Program Files\CCleaner
2007-08-05 20:43 --------- d-------- C:\Program Files\McAfee
2007-08-01 05:53 --------- d-------- C:\Program Files\Common Files\McAfee
2007-07-29 09:42 --------- d-------- C:\Program Files\iPod
2007-07-29 09:39 --------- d----c--- C:\Program Files\QuickTime
2007-07-29 09:35 --------- d----c--- C:\Program Files\Apple Software Update
2007-07-29 09:33 --------- d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-29 09:33 --------- d-------- C:\Program Files\Common Files\Apple
2007-07-24 12:02 33800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-07-24 07:40 79304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-07-21 09:08 40488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-07-21 09:08 35240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-07-21 09:08 201288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-07-15 21:52 --------- d-------- C:\Program Files\ComcastToolbar
2007-07-13 09:20 113952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2003-08-27 15:19 36963 -ra--c--- C:\Program Files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2002-08-22 20:28]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-26 13:01]
"nwiz"="nwiz.exe" [2004-10-26 13:01 C:\WINDOWS\SYSTEM32\nwiz.exe]
"PCTVOICE"="pctspk.exe" [2003-02-24 16:35 C:\WINDOWS\SYSTEM32\pctspk.exe]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-07-17 11:18]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 13:28]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 21:05]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 15:20]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 19:41]
"ZingSpooler"="C:\Program Files\Common Files\Zing\ZingSpooler.exe" [2002-08-02 16:39]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-16 20:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 02:33]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 14:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2003-12-02 19:00]
"i8kfangui"="C:\Program Files\I8kfanGUI\i8kfangui.exe" [2004-01-24 10:26]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-02-17 22:54:38]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Billminder.lnk - C:\Program Files\QUICKENW\BILLMIND.EXE [2006-07-15 12:07:28]
DESKTOP.INI [2002-09-03 10:00:00]
Quicken Startup.lnk - C:\Program Files\QUICKENW\QWDLLS.EXE [2006-07-15 12:07:54]
Wireless-B Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe [2005-08-24 20:07:19]

C:\DOCUME~1\Justin\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 10:00:00]

C:\DOCUME~1\Tammy\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 10:00:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 fanio;FanIO driver;\??\C:\WINDOWS\System32\drivers\fanio.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2);"C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe" /service /P ddoctorv2
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
S3 BWNDIS5;BWNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\BWNDIS5.SYS
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 gpibclsb;GPIB Board Class Driver;C:\WINDOWS\system32\Drivers\gpibclsb.sys
S3 gpibclsd;GPIB Device Class Driver;C:\WINDOWS\system32\Drivers\gpibclsd.sys
S3 LSWPCv4;Wireless-B Notebook Adapter Driver;C:\WINDOWS\system32\DRIVERS\rtl8180.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-08-31 23:22:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-08-15 05:40:08 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2007-09-01 05:01:23 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-09-10 23:52:28 C:\WINDOWS\Tasks\XoftSpySE 2.job"
"2007-09-08 18:47:09 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-10 19:53:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-10 19:57:58 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-10 19:57
C:\ComboFix2.txt ... 2007-09-05 22:31
C:\ComboFix3.txt ... 2007-08-21 19:55
.
--- E O F ---


new hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:53 PM, on 9/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\I8kfanGUI\i8kfangui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/explore.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.comcast.net/explore.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/explore.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\i8kfangui.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {3759252A-7748-4DBE-AD87-AE8CE8D244D6} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {B79A9CFB-D5BB-4268-817A-592369A3E917} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {B9C1644D-47B6-405D-9EB2-9DED17903595} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.mbakercorp.com/CFIDE/classes/CFJava.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 10791 bytes


so their you go

thank you as allways and i look forward to hereing back from you

thank you

#10 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:11:37 AM

Posted 10 September 2007 - 11:09 PM

Hello tigerthunder :thumbsup:

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Post back with F-Secure report, also run new scan with dss and post the contents of main.txt, let me know how is the computer running :flowers:

Regards,
SNOWHITE
Posted Image

#11 tigerthunder

tigerthunder
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 14 September 2007 - 04:35 PM

wow that did take a long time, and i thought i copy pasted the report but it was gone !!! it had found some viruis ect. do you want me to eun it again and post a report??
the computer is running good right now no extra windows opening and cpu load is at a steady 8% not 100. when this is all said and done will i be able to remove the programs i have put on for cleaning?

thank you thank you thank you :thumbsup:

heres the post dss report.



Deckard's System Scanner v20070819.64
Run by Justin on 2007-09-15 17:28:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Justin.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:53 PM, on 9/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\I8kfanGUI\i8kfangui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/explore.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.comcast.net/explore.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/explore.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\i8kfangui.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {3759252A-7748-4DBE-AD87-AE8CE8D244D6} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {B79A9CFB-D5BB-4268-817A-592369A3E917} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {B9C1644D-47B6-405D-9EB2-9DED17903595} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.mbakercorp.com/CFIDE/classes/CFJava.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 10791 bytes

-- Files created between 2007-08-15 and 2007-09-15 -----------------------------

2007-09-14 07:09:02 0 d-------- C:\WINDOWS\LastGood
2007-09-10 20:04:43 0 d------c- C:\Documents and Settings\Justin\Application Data\Grisoft
2007-09-10 20:04:16 0 d------c- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-25 08:17:13 0 d------c- C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-08-25 08:01:02 0 d------c- C:\Program Files\support.com
2007-08-25 08:00:42 0 d-------- C:\Program Files\Common Files\SupportSoft
2007-08-20 09:25:24 0 dr-----c- C:\Documents and Settings\NetworkService\Favorites
2007-08-20 09:19:31 60496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
2007-08-20 09:19:30 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
2007-08-20 09:19:19 0 d------c- C:\Program Files\Sygate
2007-08-20 09:04:16 0 d------c- C:\Program Files\Trend Micro
2007-08-19 22:14:40 0 d------c- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-19 18:06:31 0 d------c- C:\Program Files\Lavasoft
2007-08-19 18:06:31 0 d------c- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-19 18:05:48 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-15 03:01:26 221184 --a------ C:\WINDOWS\system32\wmpns.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Player>


-- Find3M Report ---------------------------------------------------------------

2007-09-15 12:23:35 0 d-------- C:\Program Files\Full Tilt Poker
2007-09-14 05:53:20 0 d-------- C:\Program Files\McAfee
2007-09-10 22:23:33 17192 --a------ C:\WINDOWS\system32\nvModes.dat
2007-09-08 14:47:11 0 d------c- C:\Program Files\XoftSpySE
2007-08-29 21:58:00 0 d-------- C:\Program Files\Common Files
2007-08-29 21:57:59 0 d------c- C:\Program Files\AutoCAD 2004
2007-08-25 08:16:24 0 d-------- C:\Program Files\Comcast
2007-08-20 17:57:06 0 d-------- C:\Program Files\iTunes
2007-08-19 22:42:27 0 d-------- C:\Program Files\bearshare
2007-08-05 20:54:21 0 d------c- C:\Program Files\CCleaner
2007-08-01 05:53:50 0 d-------- C:\Program Files\Common Files\McAfee
2007-07-29 09:42:58 0 d-------- C:\Program Files\iPod
2007-07-29 09:39:23 0 d------c- C:\Program Files\QuickTime
2007-07-29 09:35:05 0 d------c- C:\Program Files\Apple Software Update
2007-07-29 09:33:40 0 d-------- C:\Program Files\Common Files\Apple
2007-07-28 19:35:32 0 d------c- C:\Documents and Settings\Justin\Application Data\Adobe
2007-07-23 20:43:26 0 d-------- C:\Program Files\Java
2007-07-15 21:52:23 0 d-------- C:\Program Files\ComcastToolbar


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [08/22/2002 08:28 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/26/2004 01:01 PM]
"nwiz"="nwiz.exe" [10/26/2004 01:01 PM C:\WINDOWS\SYSTEM32\nwiz.exe]
"PCTVOICE"="pctspk.exe" [02/24/2003 04:35 PM C:\WINDOWS\SYSTEM32\pctspk.exe]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [07/17/2002 11:18 AM]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [12/17/2002 01:28 PM]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [05/27/2004 09:05 PM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 10:32 PM]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [08/27/2003 03:20 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [05/15/2003 07:41 PM]
"ZingSpooler"="C:\Program Files\Common Files\Zing\ZingSpooler.exe" [08/02/2002 04:39 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/16/2006 08:33 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2007 09:18 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 02:33 AM]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [10/15/2004 07:40 PM]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [04/19/2007 02:21 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [12/02/2003 07:00 PM]
"i8kfangui"="C:\Program Files\I8kfanGUI\i8kfangui.exe" [01/24/2004 10:26 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]

C:\Documents and Settings\Justin\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 10:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2/17/2005 10:54:38 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
Billminder.lnk - C:\Program Files\QUICKENW\BILLMIND.EXE [7/15/2006 12:07:28 PM]
DESKTOP.INI [9/3/2002 10:00:00 AM]
Quicken Startup.lnk - C:\Program Files\QUICKENW\QWDLLS.EXE [7/15/2006 12:07:54 PM]
Wireless-B Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe [8/24/2005 8:07:19 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - 0007021189754289MCINSTCLEANUP
*Newly Created Service* - F-SECURE_STANDALONE_MINIFILTER



-- End of Deckard's System Scanner: finished at 2007-09-15 17:29:22 ------------

#12 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:11:37 AM

Posted 17 September 2007 - 08:59 PM

Hello tigerthunder :thumbsup:

Step #1

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

iMeshBar

Older Java versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them.

J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 3
Javaâ„¢ SE Runtime Environment 6 Update 1


* Optional

The next program is very likely the reason your system is infested with malware. Even when a program like this is not infected itself, it will still bring malware into your system because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. I recommend that you remove this programs from your system.

LimeWire 4.12.11


Please note any other programs that you don't recognize in that list in your next response

Step #2

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\PROGRA~1\iMeshBar
C:\Program Files\LimeWire <-- Delete this folder if you have previously uninstalled LimeWire 4.12.11

Close Windows Explorer.

Step #3

Please do an online scan with Kaspersky WebScanner

NOTE: This Scanner will work with Internet Explorer Only!


Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report As... button:
  • Under Save as type select Text file write name for the file and save it to your Desktop.
  • Locate the file at the Desktop, open it, then copy and paste that information in your next post.
Please post back with Kaspersky scan report and new HijackThis.

Regards,

Edited by SNOWHITE, 17 September 2007 - 09:00 PM.

SNOWHITE
Posted Image

#13 tigerthunder

tigerthunder
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 19 September 2007 - 08:59 PM

heres the reports you requested

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, September 19, 2007 9:48:53 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 20/09/2007
Kaspersky Anti-Virus database records: 420980
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 72923
Number of viruses found: 8
Number of infected objects: 24
Number of suspicious objects: 0
Duration of the scan process: 01:47:15

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{4E529E5B-F6B5-46F3-8A73-77B4E6AF2982}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1B.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Justin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Justin\Desktop\tigerthunder.cab/C:/WINDOWS/system32/cefiiabd.dll Infected: Trojan.Win32.Agent.avj skipped
C:\Documents and Settings\Justin\Desktop\tigerthunder.cab CAB: infected - 1 skipped
C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Justin\Local Settings\Application Data\SupportSoft\ddoctorv2\Justin\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Justin\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Justin\Local Settings\Temp\~DFE5DE.tmp Object is locked skipped
C:\Documents and Settings\Justin\Local Settings\Temp\~DFE5EC.tmp Object is locked skipped
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\AntiPhishing\2997C193-A464-4307-88C9-F9C00083CD16.dat Object is locked skipped
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Justin\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Justin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Sygate\SPF\debug.log Object is locked skipped
C:\Program Files\Sygate\SPF\rawlog.log Object is locked skipped
C:\Program Files\Sygate\SPF\seclog.log Object is locked skipped
C:\Program Files\Sygate\SPF\syslog.log Object is locked skipped
C:\Program Files\Sygate\SPF\tralog.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\ddbbcd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.td skipped
C:\QooBox\Quarantine\C\WINDOWS\ljgfeb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.td skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cefiiabd.dll.vir Infected: Trojan.Win32.Agent.avj skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000005.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lg skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0003959.0LL Infected: Trojan.Win32.Agent.avj skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000026.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.td skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000032.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.td skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP27\A0007624.exe/WISE0022.BIN/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP27\A0007624.exe/WISE0022.BIN/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP27\A0007624.exe/WISE0022.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP27\A0007624.exe/WISE0022.BIN/data0002.cab/Weather.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ay skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP27\A0007624.exe/WISE0022.BIN/data0002.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.f skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP27\A0007624.exe/WISE0022.BIN/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.f skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP27\A0007624.exe/WISE0022.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.f skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP27\A0007624.exe WiseSFX: infected - 7 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP27\A0007624.exe WiseSFX Dropper: infected - 7 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP27\A0007625.exe/WISE0024.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP27\A0007625.exe/WISE0024.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP27\A0007625.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP27\A0007625.exe WiseSFX: infected - 3 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP27\A0007625.exe WiseSFX Dropper: infected - 3 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP27\change.log Object is locked skipped
C:\VundoFix Backups\TFRF2.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.lg skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_0CuoXhUpJIRkzzG Object is locked skipped
C:\WINDOWS\Temp\mcmsc_i0lVyji8qZo3N6j Object is locked skipped
C:\WINDOWS\Temp\mcmsc_O1BgAbRHPvEviCa Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:10 PM, on 9/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\I8kfanGUI\i8kfangui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/explore.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.comcast.net/explore.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/explore.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\i8kfangui.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {3759252A-7748-4DBE-AD87-AE8CE8D244D6} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {B79A9CFB-D5BB-4268-817A-592369A3E917} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {B9C1644D-47B6-405D-9EB2-9DED17903595} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.mbakercorp.com/CFIDE/classes/CFJava.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 11224 bytes


i followed your advice and deleted limewire :flowers: , but i guess its for the best. do you know of another way to download stuff?
the i mesh bar will not remove from add/remove programs but when i search for it in explorer nothing shows up
in add remove programs here are the other things i did not reconize

divx;-)audio thats what it says
divx total pack
dvd sentry
intercasino (this is another one that just wont go away, when i try to delete it in explorer it says it is allready deleted?)


but i dont know if those are important or not. so as allways thank you thank you thank you thank you.
sorry it allways takes me so long to post back but i do it when i have time at home

:thumbsup:

#14 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:11:37 AM

Posted 24 September 2007 - 10:37 PM

Hello tigerthunder :flowers:

Step #1

Delete an Entry from the Uninstall List
  • Open HiJackThis
  • Click on the "Config..." button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on the Box that says "Uninstall Manager"
  • On the left side in the box scroll to InterCasino
  • Click on the entry to highlight it
  • Click on Delete this entry
  • Click "Yes"
  • Repeat the same for the following:
    • iMeshBar
  • Close HijackThis
These are legit:
DivX ;-) Audio see this link - http://www.divxmovies.com/faq/#5.2

divx total pack see this link for more info - http://www.divxtotalpack.org/

dvd sentry seems to be an Anti-spyware program from Dell


C:\Documents and Settings\Justin\Desktop\tigerthunder.cab < Please delete this file


Step #2

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
Next, double click OTMoveIt and you should see a CleanUp! button, press that button, you may get prompt by your firewall that OTMoveIt tries to contact internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes.

NOTE: This will remove some of the tools we used so far, including OTMoveIt.

Step #3

* Click start then run, type prefetch then press enter, click edit then select all, (all files will highlight), right click any file, click delete, confirm.


* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.

do you know of another way to download stuff?


No i don't know, sorry but using P2P programs can lead to infections. So it is just better not to use them, and stay with legit ways and legit contents.

Please post back and let me know how is the computer running :thumbsup:
SNOWHITE
Posted Image

#15 tigerthunder

tigerthunder
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 30 September 2007 - 05:45 PM

:thumbsup:
well everythings running very well now. thank you your help has been priceless.

shold i keep these programs that i have downloaded while doing this with you
vundofix.exe
adaware2007
adwatch2007
spybot
atf cleaner
ccleaner
hijackthis
stinger.exe
sfp.zip
avgantispyware
gmer.zip
tigerthunder.zip
avgas-setup-7
xsoftspyse
comcastdesktopdoctor

i may have had one or two of these prior to this what should i keep

i also have two diffrent kind of icons on my desktop now they are kind of ghost icons for
desktop.ini
thumbs.db

thank you again




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users