Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help W/ Adware - Don't Know What To Do


  • Please log in to reply
13 replies to this topic

#1 CSIJen143

CSIJen143

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 26 December 2007 - 09:00 AM

My computer got a nasty Christmas gift. I'm not super tech savvy, so I don't know exacty what this is, but it is creating popups like mad and they are getting worse. They come up when no other programs are open. Here's my log - thank you in advance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:12 AM, on 12/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Documents and Settings\Jennifer Enlow\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\progra~1\yahoo!\YCentral\YahooCentral.exe
C:\PROGRA~1\KIDZMO~1\KidzSetup.exe
C:\WINDOWS\io43mvuiw4kj.exe
C:\WINDOWS\io43mvuiw4kj.exe
C:\progra~1\yahoo!\YCentral\YahooCentral .exe
C:\PROGRA~1\KIDZMO~1\KidzSetup .exe
C:\WINDOWS\io43mvuiw4kj .exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\io43mvuiw4kj .exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\hijackthis\HijackThis.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssqpp.exe
O2 - BHO: (no name) - {1D02500F-D885-42E1-B6CD-D5150A29F4FA} - C:\WINDOWS\system32\ssqpp.dll
O2 - BHO: (no name) - {494379ED-C480-49B1-BA22-8B4CEF39DCB4} - C:\WINDOWS\system32\ssqpp.dll
O2 - BHO: (no name) - {B478F8F4-D346-4D86-971E-91DBEE2F29D7} - C:\WINDOWS\system32\avifil3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [YCentral] c:\progra~1\yahoo!\YCentral\YahooCentral.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [KidzMouse] C:\PROGRA~1\KIDZMO~1\KidzSetup.exe
O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow .exe"
O4 - HKLM\..\Run: [io43mvuiw4kj] C:\WINDOWS\io43mvuiw4kj.exe
O4 - HKLM\..\Run: [io43mvuiw4kj ] C:\WINDOWS\io43mvuiw4kj .exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Policies\Explorer\Run: [odbgof] C:\WINDOWS\system32\odbgof.exe
O4 - HKUS\S-1-5-21-2904832547-4017602601-192093627-1007\..\Run: [Sonic RecordNow!] (User 'Michael Enlow')
O4 - HKUS\S-1-5-21-2904832547-4017602601-192093627-1007\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'Michael Enlow')
O4 - HKUS\S-1-5-21-2904832547-4017602601-192093627-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Michael Enlow')
O4 - HKUS\S-1-5-21-2904832547-4017602601-192093627-1007\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Michael Enlow')
O4 - HKUS\S-1-5-21-2904832547-4017602601-192093627-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Michael Enlow')
O4 - HKUS\S-1-5-21-2904832547-4017602601-192093627-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Michael Enlow')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsrngt .exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - https://password.bellsouth.net/sdccommon/do...oad/tgctlsr.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Christmasville/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.playfirst.com/play/game/dinerda...tg.1.0.0.32.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Burger%20Island/Images/armhelper.ocx
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O20 - AppInit_DLLs:  C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ddcdawv - ddcdawv.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Jennifer Enlow\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10077 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 27 December 2007 - 09:18 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum CSIJen143
My name is Richie and i'll be helping you to fix your problems.

It appears you've no virus protection installed,which is somewhat suicidal.
Please download/install Avira AntiVir Personal Edition Classic[Free]:
http://www.free-av.com/
Perform a full scan with Avira and allow it to delete everything it detects.
Restart your pc when you've done.
After restart,open Avira Antivirus and select "Reports".
Then double click the report from the full scan you have just completed.
Click the "Report File" button,then copy and paste the report into your next reply.


Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Post the contents of C:\vundofix.txt into your next reply.
Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.


If you have previously downloaded ComboFix,please delete that version now.
Warning
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert,not for private use.
Using this tool incorrectly could render your system/pc inoperable.

Now download Combofix and save to your desktop:
Note
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.

Edited by RichieUK, 27 December 2007 - 09:19 AM.

Posted Image
Posted Image

#3 CSIJen143

CSIJen143
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 28 December 2007 - 11:39 AM

OK here are my results - I should add that it seems like the popups are gone, but Internet Explorer will NOT run whatsoever. I've had to use MSN explorer to connect to the web.

1. Avira Antivirus Log



AntiVir PersonalEdition Classic
Report file date: Thursday, December 27, 2007 23:20

Scanning for 993853 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: D542M541

Version information:
BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 19:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 18:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 21:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 18:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 04:18:54
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 12/14/2007 04:18:54
ANTIVIR2.VDF : 7.0.1.157 286720 Bytes 12/26/2007 04:18:54
ANTIVIR3.VDF : 7.0.1.164 19456 Bytes 12/27/2007 04:18:54
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 12/28/2007 04:18:54
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 16:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 13:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 19:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 12/28/2007 04:18:54
AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 13:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 18:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 13:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 17:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 18:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 18:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 15:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Thursday, December 27, 2007 23:20

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'Ad-Watch2007.exe' - '1' Module(s) have been scanned
Scan process 'SiteAdv .exe' - '1' Module(s) have been scanned
Scan process 'SiteAdv.exe' - '1' Module(s) have been scanned
Scan process 'SiteAdv .exe' - '1' Module(s) have been scanned
Scan process 'SiteAdv.exe' - '1' Module(s) have been scanned
Scan process 'SAService.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'emproxy.exe' - '1' Module(s) have been scanned
Scan process 'YahooWidgetEngine.exe' - '1' Module(s) have been scanned
Scan process 'MSOFFICE.EXE' - '1' Module(s) have been scanned
Scan process 'SPUVolumeWatcher.exe' - '1' Module(s) have been scanned
Scan process 'DLG.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl .exe' - '1' Module(s) have been scanned
Scan process 'DSentry .exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Scan process 'hpztsb03 .exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'PCMService .exe' - '1' Module(s) have been scanned
Scan process 'DSentry.exe' - '1' Module(s) have been scanned
Scan process 'hpztsb03.exe' - '1' Module(s) have been scanned
Scan process 'KidzSetup .exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'YahooCentral .exe' - '1' Module(s) have been scanned
Scan process 'KidzSetup.exe' - '1' Module(s) have been scanned
Scan process 'YahooCentral.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'mcagent.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'YTBSDK.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'DLG.exe' - '1' Module(s) have been scanned
Scan process 'aoltray.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr .exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl .exe' - '1' Module(s) have been scanned
Scan process 'DSentry .exe' - '1' Module(s) have been scanned
Scan process 'hpztsb03 .exe' - '1' Module(s) have been scanned
Scan process 'PCMService .exe' - '1' Module(s) have been scanned
Scan process 'mcagent.exe' - '1' Module(s) have been scanned
Scan process 'KidzSetup .exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Scan process 'YahooCentral .exe' - '1' Module(s) have been scanned
Scan process 'DSentry.exe' - '1' Module(s) have been scanned
Scan process 'hpztsb03.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'KidzSetup.exe' - '1' Module(s) have been scanned
Scan process 'YahooCentral.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wanmpsvc.exe' - '1' Module(s) have been scanned
Scan process 'MpfSrv.exe' - '1' Module(s) have been scanned
Scan process 'mcsysmon.exe' - '1' Module(s) have been scanned
Scan process 'Mcshield.exe' - '1' Module(s) have been scanned
Scan process 'RedirSvc.exe' - '1' Module(s) have been scanned
Scan process 'mcpromgr.exe' - '1' Module(s) have been scanned
Scan process 'mcods.exe' - '1' Module(s) have been scanned
Scan process 'McNASvc.exe' - '1' Module(s) have been scanned
Scan process 'mcmscsvc.exe' - '1' Module(s) have been scanned
Scan process 'HWAPI.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'acsd.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
98 processes with 98 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
C:\WINDOWS\SYSTEM32\ufvmvqyd.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[WARNING] The file could not be deleted!
C:\WINDOWS\SYSTEM32\ufvmvqyd.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
C:\WINDOWS\SYSTEM32\ssqpp.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.1
[INFO] The file was deleted!
C:\WINDOWS\SYSTEM32\ssqpp.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.1

The registry was scanned ( '34' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47ee7b75.qua'!
C:\Documents and Settings\Jennifer Enlow\Local Settings\Temp\TMP1B6.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\WINDOWS\17PHolmes572.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\WINDOWS\SYSTEM32\avifil3.dll
[DETECTION] Is the Trojan horse TR/BHO.agz.12
[WARNING] The file could not be deleted!
C:\WINDOWS\SYSTEM32\ojkscxjn.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] The file could not be deleted!
C:\WINDOWS\SYSTEM32\RCX18.tmp
[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.1
[INFO] The file was deleted!
C:\WINDOWS\SYSTEM32\ufvmvqyd.dll
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\DRIVERS\core.sys
[WARNING] The file could not be opened!


End of the scan: Friday, December 28, 2007 08:12
Used time: 8:52:23 min

The scan has been done completely.

10139 Scanning directories
230434 Files were scanned
7 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
4 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
230427 Files not concerned
3659 Archives were scanned
7 Warnings
0 Notes

2. VundoFix - there was NO log for this as it didn't find any infected files

3. Combofix Log

ComboFix 07-12-28.1 - Jennifer Enlow 2007-12-28 10:40:11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.387 [GMT -5:00]
Running from: C:\Documents and Settings\Jennifer Enlow\Local Settings\Temporary Internet Files\Content.IE5\PZIGTVU1\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jennifer Enlow\My Documents\SSEMBL~1
C:\Documents and Settings\Jennifer Enlow\My Documents\SSEMBL~1\?ssembly\
C:\Documents and Settings\Jennifer Enlow\Start Menu\Programs\Startup\TA_Start.lnk
C:\PROGRA~1\KIDZMO~1\KidzSetup.exe
c:\progra~1\yahoo!\YCentral\YahooCentral.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Spruce
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\rdfx4.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\system32\avifil3.dll
C:\WINDOWS\system32\b1
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\drivers\qdgrwfyb.dat
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\info.txt
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\SYSTEM32\ppqss.ini
C:\WINDOWS\SYSTEM32\ppqss.ini2
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\ulwwmkdu.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_IQZEZVSA
-------\core
-------\DomainService
-------\iqzezvsa


((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))
.

2007-12-28 09:39 . 2007-12-28 09:43 <DIR> d-------- C:\Documents and Settings\Michael Enlow\Application Data\MSN6
2007-12-28 09:02 . 2007-12-28 09:02 <DIR> d-------- C:\VundoFix Backups
2007-12-28 08:26 . 2007-12-28 08:26 3,584 --a------ C:\WINDOWS\SYSTEM32\ssqpp.exe
2007-12-27 23:11 . 2007-12-27 23:11 <DIR> d-------- C:\Program Files\Avira
2007-12-27 23:11 . 2007-12-27 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-27 09:03 . 2007-12-27 09:03 1,031,139 --ahs---- C:\WINDOWS\SYSTEM32\dyqvmvfu.ini
2007-12-27 03:06 . 2007-12-27 03:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-27 03:06 . 2007-12-27 03:06 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-26 19:32 . 2007-12-28 08:26 28,672 --a------ C:\WINDOWS\SYSTEM32\DSentry .exe
2007-12-26 18:19 . 2007-12-26 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-26 13:12 . 2007-12-26 13:12 <DIR> d-------- C:\Documents and Settings\Michael Enlow\Application Data\SiteAdvisor
2007-12-26 10:09 . 2007-12-28 11:10 5,372 --a------ C:\WINDOWS\SYSTEM32\Config.MPF
2007-12-26 10:04 . 2007-12-26 10:04 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-12-26 10:03 . 2007-12-28 08:27 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-12-26 10:03 . 2007-12-26 10:03 <DIR> d-------- C:\Documents and Settings\Jennifer Enlow\Application Data\SiteAdvisor
2007-12-26 10:03 . 2007-12-26 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-26 09:58 . 2007-06-25 10:57 171,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-12-26 09:58 . 2007-06-25 14:54 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-12-26 09:58 . 2007-06-25 10:57 37,480 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-12-26 09:58 . 2007-06-25 10:57 34,184 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-12-26 09:58 . 2007-06-25 10:57 32,008 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-12-26 09:57 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-12-26 09:55 . 2007-12-26 09:55 <DIR> d-------- C:\Program Files\McAfee.com
2007-12-26 09:54 . 2007-12-26 09:58 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-12-26 09:53 . 2007-12-26 10:51 <DIR> d-------- C:\Program Files\McAfee
2007-12-26 09:38 . 2007-12-26 10:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-26 08:56 . 2007-12-26 08:56 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-25 23:05 . 2007-12-26 10:42 <DIR> d-------- C:\WINDOWS\SYSTEM32\ardCo01
2007-12-25 21:21 . 2007-12-25 21:21 0 --a------ C:\WINDOWS\SYSTEM32\CMMGR32.EXE
2007-12-25 21:21 . 2007-12-25 21:21 0 --a------ C:\WINDOWS\ORUN32.EXE
2007-12-25 21:12 . 2007-12-28 10:55 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-25 21:12 . 2007-12-25 21:12 <DIR> d-------- C:\Documents and Settings\Jennifer Enlow\Application Data\SUPERAntiSpyware.com
2007-12-25 21:12 . 2007-12-25 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-25 21:11 . 2007-12-26 18:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-25 12:30 . 2007-12-26 13:12 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon .exe
2007-12-25 11:02 . 2007-12-25 11:02 <DIR> d-------- C:\Documents and Settings\Christopher\Application Data\Webfoot
2007-12-25 11:00 . 2007-12-25 11:00 <DIR> d-------- C:\Program Files\THQ
2007-12-25 10:57 . 2007-12-25 10:57 <DIR> d-------- C:\Documents and Settings\Christopher\Application Data\InstallShield
2007-12-24 18:03 . 2007-12-24 18:03 159 --a------ C:\WINDOWS\wininit.ini
2007-12-24 09:12 . 2007-12-24 09:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 08:48 . 2007-12-24 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-24 08:14 . 2007-12-24 08:41 367,616 --a------ C:\WINDOWS\mrofinu77.exe.tmp
2007-12-24 08:11 . 2007-12-24 13:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\to9
2007-12-24 08:11 . 2007-12-24 13:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\dj2
2007-12-24 08:11 . 2007-12-24 11:18 <DIR> d-------- C:\WINDOWS\SYSTEM32\bbc9
2007-12-24 08:11 . 2007-12-26 10:42 <DIR> d-------- C:\WINDOWS\SYSTEM32\ardCo02
2007-12-24 08:11 . 2007-12-24 08:11 <DIR> d-------- C:\temp\cEeer12
2007-12-17 23:09 . 2007-12-17 23:09 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-17 23:09 . 2007-12-17 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-15 10:40 . 2007-12-15 10:40 <DIR> d-------- C:\Program Files\Diner Dash Hometown Hero
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts
2007-12-07 23:45 . 2007-12-08 07:59 <DIR> d-------- C:\Pictures_Xmas_Card_2007
2007-12-01 08:44 . 2007-12-01 08:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Christmasville

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-28 15:55 --------- d-----w C:\Program Files\KidzMouse
2007-12-28 15:55 --------- d-----w C:\Program Files\AIM6
2007-12-28 13:25 --------- d-----w C:\Program Files\QuickTime
2007-12-27 15:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-27 00:32 --------- d-----w C:\Program Files\MSN Messenger
2007-12-27 00:27 --------- d-----w C:\Program Files\Google
2007-12-26 23:20 --------- d-----w C:\Program Files\Lavasoft
2007-12-26 23:20 --------- d-----w C:\Documents and Settings\Jennifer Enlow\Application Data\Lavasoft
2007-12-26 03:53 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-26 03:53 --------- d-----w C:\Program Files\PopCap Games
2007-12-26 02:21 --------- d-----w C:\Program Files\NetWaiting
2007-12-25 16:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 14:52 --------- d-----w C:\Program Files\GameHouse
2007-12-24 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-24 13:23 246 ----a-w C:\Program Files\Common Files\qugat
2007-12-12 11:15 --------- d-----w C:\Program Files\sz8001
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-25 17:46 142 ----a-w C:\Program Files\Common Files\rteprej.html
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 159,832 2005-08-02 19:33:02 C:\Program Files\Common Files\AOL\1124310512\ee\bak\AOLHostManager.exe

----a-w 151,597 2004-01-20 16:42:48 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

----a-w 306,688 2004-07-19 12:51:24 C:\Program Files\Dell Support\bak\DSAgnt.exe

----a-w 278,528 2005-10-31 16:05:44 C:\Program Files\DIGStream\bak\digstream.exe

----a-w 256,576 2006-10-30 14:36:36 C:\Program Files\iTunes\bak\iTunesHelper.exe

----a-w 118,784 2003-12-03 10:40:28 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe

----a-w 282,624 2006-10-25 23:58:18 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 640,512 2007-12-24 13:41:07 C:\Program Files\QuickTime\qttask.exe

----a-w 777,424 2006-04-03 22:12:24 C:\Program Files\Windows Defender\bak\MSASCui.exe

----a-w 126,976 2005-10-19 12:59:12 C:\WINDOWS\SYSTEM32\bak\hkcmd.exe

----a-w 155,648 2005-10-19 12:59:14 C:\WINDOWS\SYSTEM32\bak\igfxtray.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0AF7F769-7FD2-492E-B29D-D57089FC682F}]
2007-12-28 11:14 323072 --a------ C:\WINDOWS\system32\ssqpp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68237B9D-8FD7-4B7B-8D04-15534E5770C5}]
2007-12-28 11:14 323072 --a------ C:\WINDOWS\system32\ssqpp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" []
"Sonic RecordNow!"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
"Desktop Weather 3"="C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE" []
"adsldp"="C:\WINDOWS\System32\adsldp.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YCentral"="c:\progra~1\yahoo!\YCentral\YahooCentral.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" []
"KidzMouse"="C:\PROGRA~1\KIDZMO~1\KidzSetup.exe" []
"winshow"="C:\WINDOWS\winshow .exe" []
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" []
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" []
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" []
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" []
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" []
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" []
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe" []
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" []
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" []
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" []
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" []
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 02:56]

C:\Documents and Settings\Jennifer Enlow\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-11-14 16:24:39]
Greetings Workshop Reminders.lnk - C:\Program Files\Greetings Workshop\GWREMIND.EXE [1996-06-25]
PowerReg Scheduler .exe [2007-12-28 11:15:13]
PowerReg Scheduler .exe [2007-12-28 11:15:56]
PowerReg Scheduler .exe [2007-12-28 11:16:05]
PowerReg Scheduler .exe [2007-12-28 11:16:37]
PowerReg Scheduler .exe [2007-12-28 11:18:47]
PowerReg Scheduler .exe [2007-12-28 11:18:52]
PowerReg Scheduler .exe [2007-12-28 11:18:58]
PowerReg Scheduler .exe [2007-12-28 11:19:03]
PowerReg Scheduler.exe [2007-12-28 11:19:07]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 12:57:16]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-01-25 19:10:26]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-01-20 11:41:11]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-01-20 11:38:31]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"odbgof"= C:\WINDOWS\system32\odbgof.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"SFCDisable"=dword:00000004

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcdawv]
ddcdawv.dll

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\ssqpp.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ssqpp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R3 KDZfiltr;KidzMouse filter driver;C:\WINDOWS\system32\DRIVERS\KDZfiltr.sys [2002-09-26 16:59]
S0 iqzezvsa;iqzezvsa;C:\WINDOWS\system32\drivers\qdgrwfyb.da_ []

.
Contents of the 'Scheduled Tasks' folder
"2007-12-26 12:56:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-26 14:56:24 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2007-12-26 14:56:22 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2006-12-20 23:37:35 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 11:12:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\ssqpp.dll 323072 bytes executable
C:\WINDOWS\system32\ppqss.ini 6516 bytes
C:\WINDOWS\system32\ppqss.ini2 6516 bytes

scan completed successfully
hidden files: 3

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\ssqpp.dll
.
Completion time: 2007-12-28 11:22:58 - machine was rebooted
.
2007-12-25 08:01:08 --- E O F ---

4. Newest Hijack Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:37 AM, on 12/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Documents and Settings\Jennifer Enlow\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\WINDOWS\notepad.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\PROGRA~1\MSNMES~1\msnmsgr .exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssqpp.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
O4 - HKCU\..\Run: [adsldp] C:\WINDOWS\System32\adsldp.exe
O4 - HKCU\..\Policies\Explorer\Run: [odbgof] C:\WINDOWS\system32\odbgof.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - https://password.bellsouth.net/sdccommon/do...oad/tgctlsr.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Christmasville/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.playfirst.com/play/game/dinerda...tg.1.0.0.32.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Burger%20Island/Images/armhelper.ocx
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Jennifer Enlow\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11037 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 28 December 2007 - 12:57 PM

Click Start/Control Panel/Add or Remove Programs and remove Microsoft AntiSpyware,then restart your pc.
Microsoft AntiSpyware is no longer supported by Microsoft,its now obsolete.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\ppqss.ini2
C:\WINDOWS\SYSTEM32\ssqpp.exe
C:\WINDOWS\SYSTEM32\dyqvmvfu.ini
C:\WINDOWS\mrofinu77.exe.tmp
C:\Program Files\Common Files\rteprej.html
Folder::
C:\VundoFix Backups
C:\WINDOWS\SYSTEM32\ardCo01
C:\WINDOWS\SYSTEM32\to9
C:\WINDOWS\SYSTEM32\dj2
C:\WINDOWS\SYSTEM32\bbc9
C:\WINDOWS\SYSTEM32\ardCo02
C:\temp\cEeer12
C:\Program Files\Common Files\qugat
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0AF7F769-7FD2-492E-B29D-D57089FC682F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68237B9D-8FD7-4B7B-8D04-15534E5770C5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Weather 3"=-
"adsldp"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winshow"=-
"gcasServ"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcdawv]
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=""
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0
Driver::
iqzezvsa

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.


Download FindAWF.exe and save it to your desktop:
http://noahdfear.geekstogo.com/FindAWF.exe
Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
Press any key and the FindAWF tool will begin scanning your computer for the infected AWF files and the backups the trojan created.
It may take a few minutes to complete so be patient.
When it is complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop or whatever location you ran the file from.
Copy and paste the contents of the AWF.txt file in your next reply.

Edited by RichieUK, 28 December 2007 - 12:58 PM.

Posted Image
Posted Image

#5 CSIJen143

CSIJen143
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 28 December 2007 - 02:55 PM

OK - here's what I have -

1. AWF.txt

Find AWF report by noahdfear 2006
Version 1.40

The current date is: Fri 12/28/2007
The current time is: 14:44:42.31


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\DELLSU~1\BAK

07/19/2004 07:51 AM 306,688 DSAgnt.exe
1 File(s) 306,688 bytes

Directory of C:\PROGRA~1\DIGSTR~1\BAK

10/31/2005 11:05 AM 278,528 digstream.exe
1 File(s) 278,528 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

10/30/2006 09:36 AM 256,576 iTunesHelper.exe
1 File(s) 256,576 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

10/25/2006 06:58 PM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\WINDOW~4\BAK

04/03/2006 05:12 PM 777,424 MSASCui.exe
1 File(s) 777,424 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

10/19/2005 07:59 AM 126,976 hkcmd.exe
10/19/2005 07:59 AM 155,648 igfxtray.exe
2 File(s) 282,624 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~2\BAK

12/03/2003 05:40 AM 118,784 mm_tray.exe
1 File(s) 118,784 bytes

Directory of C:\PROGRA~1\YAHOO!\YCENTRAL\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

01/20/2004 11:42 AM 151,597 realsched.exe
1 File(s) 151,597 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\112431~1\EE\BAK

08/02/2005 02:33 PM 159,832 AOLHostManager.exe
1 File(s) 159,832 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

306688 Jul 19 2004 "C:\Program Files\Dell Support\bak\DSAgnt.exe"
278528 Oct 31 2005 "C:\Program Files\DIGStream\bak\digstream.exe"
256576 Oct 30 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
640512 Dec 24 2007 "C:\Program Files\QuickTime\qttask.exe"
282624 Oct 25 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
777424 Apr 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
114688 Apr 7 2003 "C:\DRIVERS\VIDEO\HKCMD.EXE"
126976 Oct 19 2005 "C:\WINDOWS\SYSTEM32\bak\hkcmd.exe"
114688 Apr 7 2003 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\hkcmd.exe"
155648 Apr 7 2003 "C:\DRIVERS\VIDEO\IGFXTRAY.EXE"
155648 Oct 19 2005 "C:\WINDOWS\SYSTEM32\bak\igfxtray.exe"
155648 Apr 7 2003 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\igfxtray.exe"
135168 Jul 18 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mm_tray.exe"
118784 Dec 3 2003 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe"
151597 Jan 20 2004 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
14384 Sep 25 2006 "C:\Program Files\AIM6\AOLHostManager.exe"
159832 Aug 2 2005 "C:\Program Files\Common Files\AOL\1124310512\ee\bak\AOLHostManager.exe"


end of report

2. ComboFix log

ComboFix 07-12-28.1 - Jennifer Enlow 2007-12-28 14:09:07.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.445 [GMT -5:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jennifer Enlow\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Program Files\Common Files\rteprej.html
C:\WINDOWS\mrofinu77.exe.tmp
C:\WINDOWS\SYSTEM32\dyqvmvfu.ini
C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\ppqss.ini2
C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\SYSTEM32\ssqpp.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\qugat\
C:\Program Files\Common Files\rteprej.html
C:\temp\cEeer12
C:\temp\cEeer12\skAt.log
C:\VundoFix Backups
C:\WINDOWS\mrofinu77.exe.tmp
C:\WINDOWS\SYSTEM32\ardCo01
C:\WINDOWS\SYSTEM32\ardCo02
C:\WINDOWS\SYSTEM32\bbc9
C:\WINDOWS\SYSTEM32\dj2
C:\WINDOWS\SYSTEM32\dyqvmvfu.ini
C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\ppqss.ini2
C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\SYSTEM32\to9

.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))
.

2007-12-28 14:01 . 2007-12-28 14:01 1,483,820 --a------ C:\ComboFix.exe
2007-12-28 09:39 . 2007-12-28 09:43 <DIR> d-------- C:\Documents and Settings\Michael Enlow\Application Data\MSN6
2007-12-27 23:11 . 2007-12-27 23:11 <DIR> d-------- C:\Program Files\Avira
2007-12-27 23:11 . 2007-12-27 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-27 03:06 . 2007-12-27 03:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-27 03:06 . 2007-12-27 03:06 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-26 19:32 . 2007-12-28 08:26 28,672 --a------ C:\WINDOWS\SYSTEM32\DSentry .exe
2007-12-26 18:19 . 2007-12-26 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-26 13:12 . 2007-12-26 13:12 <DIR> d-------- C:\Documents and Settings\Michael Enlow\Application Data\SiteAdvisor
2007-12-26 10:09 . 2007-12-28 14:29 5,636 --a------ C:\WINDOWS\SYSTEM32\Config.MPF
2007-12-26 10:04 . 2007-12-26 10:04 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-12-26 10:03 . 2007-12-28 08:27 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-12-26 10:03 . 2007-12-26 10:03 <DIR> d-------- C:\Documents and Settings\Jennifer Enlow\Application Data\SiteAdvisor
2007-12-26 10:03 . 2007-12-26 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-26 09:58 . 2007-06-25 10:57 171,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-12-26 09:58 . 2007-06-25 14:54 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-12-26 09:58 . 2007-06-25 10:57 37,480 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-12-26 09:58 . 2007-06-25 10:57 34,184 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-12-26 09:58 . 2007-06-25 10:57 32,008 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-12-26 09:57 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-12-26 09:55 . 2007-12-26 09:55 <DIR> d-------- C:\Program Files\McAfee.com
2007-12-26 09:54 . 2007-12-26 09:58 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-12-26 09:53 . 2007-12-26 10:51 <DIR> d-------- C:\Program Files\McAfee
2007-12-26 09:38 . 2007-12-26 10:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-26 08:56 . 2007-12-26 08:56 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-25 21:21 . 2007-12-25 21:21 0 --a------ C:\WINDOWS\SYSTEM32\CMMGR32.EXE
2007-12-25 21:21 . 2007-12-25 21:21 0 --a------ C:\WINDOWS\ORUN32.EXE
2007-12-25 21:12 . 2007-12-28 10:55 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-25 21:12 . 2007-12-25 21:12 <DIR> d-------- C:\Documents and Settings\Jennifer Enlow\Application Data\SUPERAntiSpyware.com
2007-12-25 21:12 . 2007-12-25 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-25 21:11 . 2007-12-26 18:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-25 12:30 . 2007-12-26 13:12 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon .exe
2007-12-25 11:02 . 2007-12-25 11:02 <DIR> d-------- C:\Documents and Settings\Christopher\Application Data\Webfoot
2007-12-25 11:00 . 2007-12-25 11:00 <DIR> d-------- C:\Program Files\THQ
2007-12-25 10:57 . 2007-12-25 10:57 <DIR> d-------- C:\Documents and Settings\Christopher\Application Data\InstallShield
2007-12-24 18:03 . 2007-12-24 18:03 159 --a------ C:\WINDOWS\wininit.ini
2007-12-24 09:12 . 2007-12-24 09:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 08:48 . 2007-12-24 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-17 23:09 . 2007-12-17 23:09 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-17 23:09 . 2007-12-17 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-15 10:40 . 2007-12-15 10:40 <DIR> d-------- C:\Program Files\Diner Dash Hometown Hero
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts
2007-12-07 23:45 . 2007-12-08 07:59 <DIR> d-------- C:\Pictures_Xmas_Card_2007
2007-12-01 08:44 . 2007-12-01 08:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Christmasville

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-28 18:41 --------- d-----w C:\Program Files\Greetings Workshop
2007-12-28 17:10 --------- d-----w C:\Documents and Settings\Jennifer Enlow\Application Data\MSN6
2007-12-28 15:55 --------- d-----w C:\Program Files\KidzMouse
2007-12-28 15:55 --------- d-----w C:\Program Files\AIM6
2007-12-28 13:25 --------- d-----w C:\Program Files\QuickTime
2007-12-27 15:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-27 00:32 --------- d-----w C:\Program Files\MSN Messenger
2007-12-27 00:27 --------- d-----w C:\Program Files\Google
2007-12-26 23:20 --------- d-----w C:\Program Files\Lavasoft
2007-12-26 23:20 --------- d-----w C:\Documents and Settings\Jennifer Enlow\Application Data\Lavasoft
2007-12-26 03:53 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-26 03:53 --------- d-----w C:\Program Files\PopCap Games
2007-12-26 02:21 --------- d-----w C:\Program Files\NetWaiting
2007-12-25 16:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 14:52 --------- d-----w C:\Program Files\GameHouse
2007-12-24 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-24 13:23 246 ----a-w C:\Program Files\Common Files\qugat
2007-12-12 11:15 --------- d-----w C:\Program Files\sz8001
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.

((((((((((((((((((((((((((((( snapshot@2007-12-28_11.15.02.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-10 23:55:51 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
+ 2007-08-20 10:04:34 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
- 2007-10-10 23:55:51 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
+ 2007-08-20 10:04:34 124,928 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
+ 2004-08-04 07:56:48 388,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cmd.exe
- 2007-10-10 23:55:51 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2007-08-20 10:04:34 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
- 2007-10-10 23:55:51 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
+ 2007-08-20 10:04:34 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
- 2007-10-10 23:55:51 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
+ 2007-08-20 10:04:34 63,488 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
- 2007-10-10 10:59:40 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2007-08-17 10:20:54 63,488 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
- 2007-10-10 23:55:51 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2007-08-20 10:04:34 153,088 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
- 2007-10-10 23:55:51 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2007-08-20 10:04:35 230,400 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
- 2007-10-10 05:46:55 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
+ 2007-08-17 07:34:25 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
- 2007-10-10 23:55:52 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
+ 2007-08-20 10:04:35 383,488 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2007-10-10 23:55:52 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2007-08-20 10:04:35 384,512 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2007-10-10 23:55:54 6,065,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
+ 2007-08-20 10:04:37 6,058,496 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
- 2007-10-10 23:55:55 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
+ 2007-08-20 10:04:38 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
- 2007-10-10 23:55:55 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
+ 2007-08-20 10:04:38 267,776 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
- 2007-10-10 10:59:40 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
+ 2007-08-17 10:20:54 13,824 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
- 2007-10-10 10:59:52 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
+ 2007-08-17 10:21:21 625,152 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
- 2007-10-10 23:55:56 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2007-08-20 10:04:39 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
- 2007-10-10 23:55:56 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2007-08-20 10:04:39 459,264 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
- 2007-10-10 23:55:56 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2007-08-20 10:04:39 52,224 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2007-10-30 23:42:28 3,590,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
+ 2007-08-20 10:04:41 3,584,512 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
- 2007-10-10 23:55:58 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2007-08-20 10:04:41 477,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
- 2007-10-10 23:55:58 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
+ 2007-08-20 10:04:41 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
- 2007-10-10 23:55:59 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
+ 2007-08-20 10:04:42 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
- 2007-10-10 23:55:59 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
+ 2007-08-20 10:04:42 102,400 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
- 2007-10-10 23:55:59 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
+ 2007-08-20 10:04:42 105,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
- 2007-10-10 23:56:00 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
+ 2007-08-20 10:04:42 1,152,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
- 2007-10-10 23:56:00 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
+ 2007-08-20 10:04:42 232,960 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
- 2007-10-10 23:56:00 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
+ 2007-08-20 10:04:43 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
- 2007-10-10 23:55:51 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
+ 2007-08-20 10:04:34 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
- 2007-10-10 23:55:51 132,608 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
+ 2007-08-20 10:04:34 132,608 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
- 2007-10-10 23:55:51 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
+ 2007-08-20 10:04:34 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
- 2007-10-10 10:59:40 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
+ 2007-08-17 10:20:54 63,488 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
- 2007-10-10 23:55:51 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
+ 2007-08-20 10:04:34 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
- 2007-10-10 23:55:51 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
+ 2007-08-20 10:04:35 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
- 2007-10-10 05:46:55 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
+ 2007-08-17 07:34:25 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
- 2007-10-10 23:55:52 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
+ 2007-08-20 10:04:35 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
- 2007-10-10 23:55:52 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
+ 2007-08-20 10:04:35 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
- 2007-10-10 23:55:54 6,065,664 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
+ 2007-08-20 10:04:37 6,058,496 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
- 2007-10-10 23:55:55 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
+ 2007-08-20 10:04:38 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
- 2007-10-10 23:55:55 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
+ 2007-08-20 10:04:38 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
- 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
+ 2007-08-17 10:20:54 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
- 2007-10-10 23:55:56 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2007-08-20 10:04:39 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
- 2007-02-15 23:01:04 1,476,992 ----a-w C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
+ 2007-10-11 19:12:48 1,468,968 ----a-w C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
- 2007-10-10 23:55:56 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
+ 2007-08-20 10:04:39 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
- 2007-10-10 23:55:56 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
+ 2007-08-20 10:04:39 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
- 2007-10-30 23:42:28 3,590,656 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
+ 2007-08-20 10:04:41 3,584,512 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
- 2007-10-10 23:55:58 478,208 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
+ 2007-08-20 10:04:41 477,696 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
- 2007-10-10 23:55:58 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
+ 2007-08-20 10:04:41 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
- 2007-10-10 23:55:59 671,232 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
+ 2007-08-20 10:04:42 671,232 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
- 2007-10-10 23:55:59 102,400 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
+ 2007-08-20 10:04:42 102,400 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
- 2006-09-25 21:58:48 14,640 ----a-w C:\WINDOWS\SYSTEM32\spmsg.dll
+ 2007-10-08 19:46:18 14,640 ----a-w C:\WINDOWS\SYSTEM32\spmsg.dll
- 2007-10-10 23:55:59 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
+ 2007-08-20 10:04:42 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
- 2007-10-10 23:56:00 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
+ 2007-08-20 10:04:42 1,152,000 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
- 2007-10-10 23:56:00 232,960 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
+ 2007-08-20 10:04:42 232,960 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
- 2007-10-10 23:56:00 824,832 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2007-08-20 10:04:43 824,832 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2007-12-28 19:33:26 16,384 --sha-w C:\WINDOWS\Temp\Cookies\index.dat
+ 2007-12-28 19:33:26 16,384 --sha-w C:\WINDOWS\Temp\History\History.IE5\index.dat
+ 2007-12-28 19:33:26 32,768 --sha-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 159,832 2005-08-02 19:33:02 C:\Program Files\Common Files\AOL\1124310512\ee\bak\AOLHostManager.exe

----a-w 151,597 2004-01-20 16:42:48 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

----a-w 306,688 2004-07-19 12:51:24 C:\Program Files\Dell Support\bak\DSAgnt.exe

----a-w 278,528 2005-10-31 16:05:44 C:\Program Files\DIGStream\bak\digstream.exe

----a-w 256,576 2006-10-30 14:36:36 C:\Program Files\iTunes\bak\iTunesHelper.exe

----a-w 118,784 2003-12-03 10:40:28 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe

----a-w 282,624 2006-10-25 23:58:18 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 640,512 2007-12-24 13:41:07 C:\Program Files\QuickTime\qttask.exe

----a-w 777,424 2006-04-03 22:12:24 C:\Program Files\Windows Defender\bak\MSASCui.exe

----a-w 126,976 2005-10-19 12:59:12 C:\WINDOWS\SYSTEM32\bak\hkcmd.exe

----a-w 155,648 2005-10-19 12:59:14 C:\WINDOWS\SYSTEM32\bak\igfxtray.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25D72A0E-8FA6-4B6E-A26E-0E021C4439EA}]
2007-12-28 14:32 323072 --a------ C:\WINDOWS\system32\ssqpp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"Sonic RecordNow!"="" []
"Desktop Weather 3"="C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE" []
"adsldp"="C:\WINDOWS\System32\adsldp.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" []
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" []
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" []
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" []
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" []
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" []
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" []
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 02:56]

C:\Documents and Settings\Jennifer Enlow\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-11-14 16:24:39]
Greetings Workshop Reminders.lnk - C:\Program Files\Greetings Workshop\GWREMIND.EXE [1996-06-25]
PowerReg Scheduler .exe [2007-12-28 14:34:08]
PowerReg Scheduler .exe [2007-12-28 14:34:13]
PowerReg Scheduler .exe [2007-12-28 14:33:53]
PowerReg Scheduler .exe [2007-12-28 14:34:17]
PowerReg Scheduler .exe [2007-12-28 14:34:23]
PowerReg Scheduler .exe [2007-12-28 14:34:30]
PowerReg Scheduler.exe [2007-12-28 14:34:36]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 12:57:16]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-01-25 19:10:26]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-01-20 11:41:11]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-01-20 11:38:31]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"odbgof"= C:\WINDOWS\system32\odbgof.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcdawv]
ddcdawv.dll

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\ssqpp.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ssqpp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R3 KDZfiltr;KidzMouse filter driver;C:\WINDOWS\system32\DRIVERS\KDZfiltr.sys [2002-09-26 16:59]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-26 12:56:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-26 14:56:24 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2007-12-26 14:56:22 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2006-12-20 23:37:35 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 14:31:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\ssqpp.exe 3584 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\ssqpp.dll
.
Completion time: 2007-12-28 14:40:24 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-28 11:22
.
2007-12-25 08:01:08 --- E O F ---

3. HiJack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:51:07 PM, on 12/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Documents and Settings\Jennifer Enlow\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\PROGRA~1\MSNMES~1\msnmsgr .exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssqpp.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [odbgof] C:\WINDOWS\system32\odbgof.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - https://password.bellsouth.net/sdccommon/do...oad/tgctlsr.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Christmasville/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.playfirst.com/play/game/dinerda...tg.1.0.0.32.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Burger%20Island/Images/armhelper.ocx
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Jennifer Enlow\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10699 bytes

Still can't get I.E. to work. Same situation - opens up, then freezes as a white, blank page. Won't connect whatsoever.

Edited by CSIJen143, 28 December 2007 - 02:59 PM.


#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 28 December 2007 - 04:15 PM

Double-click FindAWF.exe to start the tool.
Select option #2 - Restore files from bak folders by typing 2 and press 'Enter'
A text file will open up.
Please copy and paste the following bold text inside the quote box below into the text file:

"C:\Program Files\Dell Support\bak\DSAgnt.exe"
"C:\Program Files\DIGStream\bak\digstream.exe"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\Program Files\Windows Defender\bak\MSASCui.exe"
"C:\WINDOWS\SYSTEM32\bak\hkcmd.exe"
"C:\WINDOWS\SYSTEM32\bak\igfxtray.exe"
"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Common Files\AOL\1124310512\ee\bak\AOLHostManager.exe"


Close the files.txt and click Yes to save the changes.
FindAWF will now terminate the bad processes if running, delete the bad files and restore/replace them with the good files.
Then it will open a log.
Copy and paste the contents of that log in your next reply along with a new HijackThis log.
Posted Image
Posted Image

#7 CSIJen143

CSIJen143
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 29 December 2007 - 10:42 AM

Well, I decided to give Mozilla Firefox a try instead of I.E. and I LOVE it. My brother-in-law imported all my favorites to it, so I'm good to go. But here is my Hijack Log (w/out the last changes since I'm not going to use I.E. anymore).

Thank you for your help!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:37 AM, on 12/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Documents and Settings\Jennifer Enlow\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\WINDOWS\system32\rdcwwrol.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssqpp.exe, C:\WINDOWS\system32\ssqpp.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [odbgof] C:\WINDOWS\system32\odbgof.exe
O4 - HKUS\S-1-5-21-2904832547-4017602601-192093627-1007\..\Run: [Sonic RecordNow!] (User 'Michael Enlow')
O4 - HKUS\S-1-5-21-2904832547-4017602601-192093627-1007\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'Michael Enlow')
O4 - HKUS\S-1-5-21-2904832547-4017602601-192093627-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Michael Enlow')
O4 - HKUS\S-1-5-21-2904832547-4017602601-192093627-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Michael Enlow')
O4 - HKUS\S-1-5-21-2904832547-4017602601-192093627-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Michael Enlow')
O4 - HKUS\S-1-5-21-2904832547-4017602601-192093627-1007\..\Run: [Free Registry Fix] "C:\Program Files\Promosoft Corporation\Free Registry Fix\regfix.exe" /reminder (User 'Michael Enlow')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - https://password.bellsouth.net/sdccommon/do...oad/tgctlsr.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Christmasville/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.playfirst.com/play/game/dinerda...tg.1.0.0.32.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Burger%20Island/Images/armhelper.ocx
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Jennifer Enlow\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\rdcwwrol.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11299 bytes

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 29 December 2007 - 10:49 AM

Please follow the FindAWF instructions above,thanks.
Posted Image
Posted Image

#9 CSIJen143

CSIJen143
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 30 December 2007 - 12:38 PM

1. AWF log

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

01/20/2004 11:42 AM 151,597 realsched.exe
1 File(s) 151,597 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\112431~1\EE\BAK

08/02/2005 02:33 PM 159,832 AOLHostManager.exe
1 File(s) 159,832 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

306688 Jul 19 2004 "C:\Program Files\Dell Support\DSAgnt.exe"
306688 Jul 19 2004 "C:\Program Files\Dell Support\bak\DSAgnt.exe"
278528 Oct 31 2005 "C:\Program Files\DIGStream\digstream.exe"
278528 Oct 31 2005 "C:\Program Files\DIGStream\bak\digstream.exe"
256576 Oct 30 2006 "C:\Program Files\iTunes\iTunesHelper.exe"
256576 Oct 30 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
282624 Oct 25 2006 "C:\Program Files\QuickTime\qttask.exe"
282624 Oct 25 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
777424 Apr 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
777424 Apr 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
114688 Apr 7 2003 "C:\DRIVERS\VIDEO\HKCMD.EXE"
126976 Oct 19 2005 "C:\WINDOWS\SYSTEM32\hkcmd.exe"
126976 Oct 19 2005 "C:\WINDOWS\SYSTEM32\bak\hkcmd.exe"
114688 Apr 7 2003 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\hkcmd.exe"
155648 Apr 7 2003 "C:\DRIVERS\VIDEO\IGFXTRAY.EXE"
155648 Oct 19 2005 "C:\WINDOWS\SYSTEM32\igfxtray.exe"
155648 Oct 19 2005 "C:\WINDOWS\SYSTEM32\bak\igfxtray.exe"
155648 Apr 7 2003 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\igfxtray.exe"
118784 Dec 3 2003 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
135168 Jul 18 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mm_tray.exe"
118784 Dec 3 2003 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe"
151597 Jan 20 2004 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
151597 Jan 20 2004 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
14384 Sep 25 2006 "C:\Program Files\AIM6\AOLHostManager.exe"
159832 Aug 2 2005 "C:\Program Files\Common Files\AOL\1124310512\ee\AOLHostManager.exe"
159832 Aug 2 2005 "C:\Program Files\Common Files\AOL\1124310512\ee\bak\AOLHostManager.exe"


end of report


2. Hijack This log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:10 PM, on 12/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Documents and Settings\Jennifer Enlow\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssqpp.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [odbgof] C:\WINDOWS\system32\odbgof.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler .exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - https://password.bellsouth.net/sdccommon/do...oad/tgctlsr.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Christmasville/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.playfirst.com/play/game/dinerda...tg.1.0.0.32.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Burger%20Island/Images/armhelper.ocx
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Jennifer Enlow\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\rdcwwrol.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10264 bytes

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 30 December 2007 - 04:42 PM

Please download OTMoveIt by OldTimer,save it to your desktop:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):

C:\Program Files\Dell Support\bak
C:\Program Files\DIGStream\bak
C:\Program Files\iTunes\bak
C:\Program Files\QuickTime\bak
C:\Program Files\Windows Defender\bak
C:\WINDOWS\SYSTEM32\bak
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Common Files\AOL\1124310512\ee\bak


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button Posted Image
Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.
Close OTMoveIt.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.


Download RenV.exe to your desktop,double click to run it:
http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe
When its finished it will produce a Log.
Please post the contents of that Log into your next reply.
Posted Image
Posted Image

#11 CSIJen143

CSIJen143
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 30 December 2007 - 09:29 PM

Here's the log from RenV:

Ran on Sun 12/30/2007 - 21:27:30.87

----a-w		   584,704 2007-12-30 17:23:31  C:\Documents and Settings\Jennifer Enlow\Start Menu\Programs\Startup\PowerReg Scheduler		 .exe
----a-w		   584,704 2007-12-30 17:23:34  C:\Documents and Settings\Jennifer Enlow\Start Menu\Programs\Startup\PowerReg Scheduler		.exe
----a-w		   584,704 2007-12-30 17:24:12  C:\Documents and Settings\Jennifer Enlow\Start Menu\Programs\Startup\PowerReg Scheduler	.exe
----a-w		   584,704 2007-12-30 17:24:21  C:\Documents and Settings\Jennifer Enlow\Start Menu\Programs\Startup\PowerReg Scheduler   .exe
----a-w		   584,704 2007-12-30 17:24:29  C:\Documents and Settings\Jennifer Enlow\Start Menu\Programs\Startup\PowerReg Scheduler  .exe
----a-w		   584,704 2007-12-30 17:24:36  C:\Documents and Settings\Jennifer Enlow\Start Menu\Programs\Startup\PowerReg Scheduler .exe
----a-w		   225,280 2007-12-26 13:02:50  C:\hijackthis\backups\backup-20071226-083535-664-PowerReg Scheduler V3		  .exe
----a-w		   553,984 2007-12-26 12:58:40  C:\hijackthis\backups\backup-20071226-083536-224-PowerReg Scheduler V3	   .exe
----a-w		   553,984 2007-12-26 12:58:40  C:\hijackthis\backups\backup-20071226-083536-577-PowerReg Scheduler V3		.exe
----a-w		   553,984 2007-12-26 12:58:39  C:\hijackthis\backups\backup-20071226-083536-681-PowerReg Scheduler V3		 .exe
----a-w		   553,984 2007-12-26 12:58:40  C:\hijackthis\backups\backup-20071226-083537-317-PowerReg Scheduler V3	  .exe
----a-w		   553,984 2007-12-26 12:58:41  C:\hijackthis\backups\backup-20071226-083537-760-PowerReg Scheduler V3	 .exe
----a-w		   553,984 2007-12-26 12:58:41  C:\hijackthis\backups\backup-20071226-083538-169-PowerReg Scheduler V3	.exe
----a-w		   553,984 2007-12-26 12:58:42  C:\hijackthis\backups\backup-20071226-083539-267-PowerReg Scheduler V3   .exe
----a-w		   553,984 2007-12-26 12:58:42  C:\hijackthis\backups\backup-20071226-083540-288-PowerReg Scheduler V3  .exe
----a-w		   553,984 2007-12-26 12:58:43  C:\hijackthis\backups\backup-20071226-083540-397-PowerReg Scheduler V3 .exe
----a-w			50,736 2007-12-28 13:26:20  C:\Program Files\AIM6\aim6 .exe
----a-w		   155,648 2007-12-28 13:39:50  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w		   204,800 2007-12-28 13:39:51  C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w			68,856 2007-12-26 22:00:08  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w		   204,800 2007-12-28 13:25:25  C:\Program Files\KidzMouse\KidzSetup .exe
----a-w		 1,694,208 2007-12-28 13:40:47  C:\Program Files\Messenger\msmsgs .exe
----a-w		 7,094,272 2007-12-28 22:57:35  C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w		   640,512 2007-12-26 03:40:51  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   640,512 2007-12-26 03:09:06  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   640,512 2007-12-26 01:54:43  C:\Program Files\QuickTime\qttask			.exe
----a-w		   640,512 2007-12-25 17:30:38  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   640,512 2007-12-25 17:17:29  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   640,512 2007-12-25 16:36:36  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   640,512 2007-12-25 15:04:46  C:\Program Files\QuickTime\qttask		.exe
----a-w		   640,512 2007-12-25 14:44:35  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   640,512 2007-12-25 04:03:25  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   640,512 2007-12-24 23:08:43  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   286,720 2007-12-26 15:53:21  C:\Program Files\QuickTime\qttask	.exe
----a-w		   640,512 2007-12-26 15:52:29  C:\Program Files\QuickTime\qttask   .exe
----a-w		   640,512 2007-12-27 02:40:33  C:\Program Files\QuickTime\qttask  .exe
----a-w			36,640 2007-12-28 13:25:35  C:\Program Files\SiteAdvisor\6253\SiteAdv .exe
----a-w		 1,310,720 2007-12-28 13:26:31  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
----a-w		   409,112 2007-12-28 13:25:25  C:\Program Files\Yahoo!\YCentral\YahooCentral .exe
----a-w			15,360 2007-12-26 18:12:35  C:\WINDOWS\SYSTEM32\ctfmon .exe
----a-w			28,672 2007-12-28 13:26:07  C:\WINDOWS\SYSTEM32\DSentry .exe
----a-w		   114,741 2007-12-28 13:26:14  C:\WINDOWS\SYSTEM32\dla\tfswctrl .exe
----a-w		   200,704 2007-12-28 13:25:59  C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb03 .exe

 Entries:			   43  (43)
 Directories:			0  Files:			43
 Bytes:		 28,281,493  Blocks:	   55,241


..........and the log from OTMoveIt

C:\Program Files\Dell Support\bak moved successfully.
C:\Program Files\DIGStream\bak moved successfully.
C:\Program Files\iTunes\bak moved successfully.
C:\Program Files\QuickTime\bak moved successfully.
C:\Program Files\Windows Defender\bak moved successfully.
C:\WINDOWS\SYSTEM32\bak moved successfully.
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak moved successfully.
C:\Program Files\Common Files\Real\Update_OB\bak moved successfully.
C:\Program Files\Common Files\AOL\1124310512\ee\bak moved successfully.

Created on 12302007_212510

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 31 December 2007 - 05:42 AM

Posted Image
Refering to the picture above, drag Log.txt into RenV.exe
When finished, it shall produce a new log for you.
Post that log in your next reply.
Posted Image
Posted Image

#13 CSIJen143

CSIJen143
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 31 December 2007 - 09:32 AM

Ran on Mon 12/31/2007 -  9:30:46.28



----a-w		   584,704 2007-12-30 17:23:31  C:\Documents and Settings\Jennifer Enlow\Start Menu\Programs\Startup\PowerReg Scheduler		 .exe

----a-w		   584,704 2007-12-30 17:23:34  C:\Documents and Settings\Jennifer Enlow\Start Menu\Programs\Startup\PowerReg Scheduler		.exe

----a-w		   584,704 2007-12-30 17:24:12  C:\Documents and Settings\Jennifer Enlow\Start Menu\Programs\Startup\PowerReg Scheduler	.exe

----a-w		   584,704 2007-12-30 17:24:21  C:\Documents and Settings\Jennifer Enlow\Start Menu\Programs\Startup\PowerReg Scheduler   .exe

----a-w		   584,704 2007-12-30 17:24:29  C:\Documents and Settings\Jennifer Enlow\Start Menu\Programs\Startup\PowerReg Scheduler  .exe

----a-w		   584,704 2007-12-30 17:24:36  C:\Documents and Settings\Jennifer Enlow\Start Menu\Programs\Startup\PowerReg Scheduler .exe

----a-w		   225,280 2007-12-26 13:02:50  C:\hijackthis\backups\backup-20071226-083535-664-PowerReg Scheduler V3		  .exe

----a-w		   553,984 2007-12-26 12:58:40  C:\hijackthis\backups\backup-20071226-083536-224-PowerReg Scheduler V3	   .exe

----a-w		   553,984 2007-12-26 12:58:40  C:\hijackthis\backups\backup-20071226-083536-577-PowerReg Scheduler V3		.exe

----a-w		   553,984 2007-12-26 12:58:39  C:\hijackthis\backups\backup-20071226-083536-681-PowerReg Scheduler V3		 .exe

----a-w		   553,984 2007-12-26 12:58:40  C:\hijackthis\backups\backup-20071226-083537-317-PowerReg Scheduler V3	  .exe

----a-w		   553,984 2007-12-26 12:58:41  C:\hijackthis\backups\backup-20071226-083537-760-PowerReg Scheduler V3	 .exe

----a-w		   553,984 2007-12-26 12:58:41  C:\hijackthis\backups\backup-20071226-083538-169-PowerReg Scheduler V3	.exe

----a-w		   553,984 2007-12-26 12:58:42  C:\hijackthis\backups\backup-20071226-083539-267-PowerReg Scheduler V3   .exe

----a-w		   553,984 2007-12-26 12:58:42  C:\hijackthis\backups\backup-20071226-083540-288-PowerReg Scheduler V3  .exe

----a-w		   553,984 2007-12-26 12:58:43  C:\hijackthis\backups\backup-20071226-083540-397-PowerReg Scheduler V3 .exe

----a-w			50,736 2007-12-28 13:26:20  C:\Program Files\AIM6\aim6 .exe

----a-w		   155,648 2007-12-28 13:39:50  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe

----a-w		   204,800 2007-12-28 13:39:51  C:\Program Files\Dell\Media Experience\PCMService .exe

----a-w			68,856 2007-12-26 22:00:08  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe

----a-w		   204,800 2007-12-28 13:25:25  C:\Program Files\KidzMouse\KidzSetup .exe

----a-w		 1,694,208 2007-12-28 13:40:47  C:\Program Files\Messenger\msmsgs .exe

----a-w		 7,094,272 2007-12-28 22:57:35  C:\Program Files\MSN Messenger\msnmsgr .exe

----a-w		   640,512 2007-12-26 03:40:51  C:\Program Files\QuickTime\qttask			  .exe

----a-w		   640,512 2007-12-26 03:09:06  C:\Program Files\QuickTime\qttask			 .exe

----a-w		   640,512 2007-12-26 01:54:43  C:\Program Files\QuickTime\qttask			.exe

----a-w		   640,512 2007-12-25 17:30:38  C:\Program Files\QuickTime\qttask		   .exe

----a-w		   640,512 2007-12-25 17:17:29  C:\Program Files\QuickTime\qttask		  .exe

----a-w		   640,512 2007-12-25 16:36:36  C:\Program Files\QuickTime\qttask		 .exe

----a-w		   640,512 2007-12-25 15:04:46  C:\Program Files\QuickTime\qttask		.exe

----a-w		   640,512 2007-12-25 14:44:35  C:\Program Files\QuickTime\qttask	   .exe

----a-w		   640,512 2007-12-25 04:03:25  C:\Program Files\QuickTime\qttask	  .exe

----a-w		   640,512 2007-12-24 23:08:43  C:\Program Files\QuickTime\qttask	 .exe

----a-w		   286,720 2007-12-26 15:53:21  C:\Program Files\QuickTime\qttask	.exe

----a-w		   640,512 2007-12-26 15:52:29  C:\Program Files\QuickTime\qttask   .exe

----a-w		   640,512 2007-12-27 02:40:33  C:\Program Files\QuickTime\qttask  .exe

----a-w			36,640 2007-12-28 13:25:35  C:\Program Files\SiteAdvisor\6253\SiteAdv .exe

----a-w		 1,310,720 2007-12-28 13:26:31  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe

----a-w		   409,112 2007-12-28 13:25:25  C:\Program Files\Yahoo!\YCentral\YahooCentral .exe

----a-w			15,360 2007-12-26 18:12:35  C:\WINDOWS\SYSTEM32\ctfmon .exe

----a-w			28,672 2007-12-28 13:26:07  C:\WINDOWS\SYSTEM32\DSentry .exe

----a-w		   114,741 2007-12-28 13:26:14  C:\WINDOWS\SYSTEM32\dla\tfswctrl .exe

----a-w		   200,704 2007-12-28 13:25:59  C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb03 .exe



 Entries:			   43  (43)

 Directories:			0  Files:			43

 Bytes:		 28,281,493  Blocks:	   55,241


#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 31 December 2007 - 09:52 AM

:thumbsup:
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

:blink:
Lets try this again:
Double click RenV.exe to run it:
When its finished it will produce a Log.
Please post the contents of that log into your next reply.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users