Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log For New User


  • This topic is locked This topic is locked
16 replies to this topic

#1 mcgeady47

mcgeady47

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 12 February 2008 - 09:36 AM

Sorry I am not familiar with a name for my problem, but it is reoccuring every couple of days. I did some searching around and found that most people with the same problem were posting these logs. Thank you in advance for your help.

No messages just yet, but what seems to be happening is, there will be a red X that appears in front of my C:drive in my computer. Then the internet gets extremely slow and loss of media follows that.

Sometimes I get an error saying I am extremely low on disk space but when I go to delete temp files and such, it's all showing zero.

Not quite sure what is going on but here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:04 AM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - (no file)
O2 - BHO: (no name) - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: XBTB05333 - {A93BD417-9574-430d-86BC-9EBABE4D48F1} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BE208D77-C845-4390-827B-5350119F9C5F} - C:\WINDOWS\system32\mlljg.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=2a1c0747-ffa7-415a-9883-062332d71614
O4 - HKUS\S-1-5-21-1990136542-3502183686-1938760125-1010\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SEAN')
O4 - HKUS\S-1-5-21-1990136542-3502183686-1938760125-1010\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SEAN')
O4 - HKUS\S-1-5-21-1990136542-3502183686-1938760125-1010\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SEAN')
O4 - HKUS\S-1-5-21-1990136542-3502183686-1938760125-1010\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'SEAN')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {196BDB00-D849-4EE7-12BE-1E9F448D3DD2} - http://66.117.42.151/1/gdnUS243.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6A485583-3D99-0291-435F-03BE54A19DA6} - http://66.117.42.151/1/gdnUS243.exe
O16 - DPF: {6E23B1A2-03B0-3B4F-C78D-29831B1540E2} - http://66.117.42.151/1/gdnUS243.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://www.intellicast.com/WeatherImg/Rada...d_None_anim.gif

--
End of file - 12308 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:28 AM

Posted 20 February 2008 - 11:20 PM

Hello mcgeady47,

Welcome to Bleeping Computer :thumbsup:

Sorry about the delay.:blink: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 mcgeady47

mcgeady47
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 21 February 2008 - 07:47 AM

Thank you for your help, the wait will be worth it! :thumbsup:

Here is my new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:31 AM, on 2/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=2a1c0747-ffa7-415a-9883-062332d71614
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {196BDB00-D849-4EE7-12BE-1E9F448D3DD2} - http://66.117.42.151/1/gdnUS243.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6A485583-3D99-0291-435F-03BE54A19DA6} - http://66.117.42.151/1/gdnUS243.exe
O16 - DPF: {6E23B1A2-03B0-3B4F-C78D-29831B1540E2} - http://66.117.42.151/1/gdnUS243.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

--
End of file - 9379 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:28 AM

Posted 21 February 2008 - 12:00 PM

Hello,

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O16 - DPF: {196BDB00-D849-4EE7-12BE-1E9F448D3DD2} - http://66.117.42.151/1/gdnUS243.exe
O16 - DPF: {6A485583-3D99-0291-435F-03BE54A19DA6} - http://66.117.42.151/1/gdnUS243.exe
O16 - DPF: {6E23B1A2-03B0-3B4F-C78D-29831B1540E2} - http://66.117.42.151/1/gdnUS243.exe


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer.

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please download and run Bit Defender 8 online scanner
  • Install the program and then follow the prompts to download all available updates.
  • Select Antivirus and then click the Settings button. Click Default. Click Ok.
  • Select Local Drives and click Scan.
  • When the scan is complete save the log and post it back here in your next reply.
Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 mcgeady47

mcgeady47
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 22 February 2008 - 03:27 PM

Here is the scan results.

BitDefender Online Scanner







Scan report generated at: Fri, Feb 22, 2008 - 15:19:49









Scan path: A:\;C:\;D:\;E:\;F:\;















Statistics

Time


01:59:59

Files


314356

Folders


7334

Boot Sectors


2

Archives


32772

Packed Files


13804







Results

Identified Viruses


22

Infected Files


38

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


0







Engines Info

Virus Definitions


983119

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins


16

Archive plugins


41

Unpack plugins


7

E-mail plugins


6

System plugins


5







Scan Settings

First Action


Report

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\AIM\Install_AIM.exe=>wise0038=>wise0008


Detected with: Adware.AWS.A

C:\AIM\Install_AIM.exe=>wise0038=>(Embedded EXE r)=>wise0008


Detected with: Adware.AWS.A

C:\AIM\Install_AIM.exe=>(Embedded EXE r)=>wise0038=>wise0008


Detected with: Adware.AWS.A

C:\AIM\Install_AIM.exe=>(Embedded EXE r)=>wise0038=>(Embedded EXE r)=>wise0008


Detected with: Adware.AWS.A

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\01.class.bac_a00260=>(Quarantine-4)


Infected with: Trojan.Downloader.AZT

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\02.class.bac_a00260=>(Quarantine-4)


Infected with: Trojan.Downloader.AZT

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\adm.exe.bac_a00260=>(Quarantine-4)


Detected with: Adware.Altnet.Q

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\adm25.dll.bac_a00260=>(Quarantine-4)


Detected with: Adware.Altnet.A

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\asm.exe.bac_a00260=>(Quarantine-4)


Detected with: Adware.Altnet.U

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\asmps.dll.bac_a00260=>(Quarantine-4)


Detected with: Application.Altnetbde.D

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\dmfiles.cab.bac_a00260=>(Quarantine-4)=>AltnetUninstall.exe


Detected with: Application.Altnetbde.C

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\dmfiles.cab.bac_a00260=>(Quarantine-4)=>asmend.exe


Detected with: Application.Altnetbde.A

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\dmfiles.cab.bac_a02292=>(Quarantine-4)=>AltnetUninstall.exe


Detected with: Application.Altnetbde.C

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\dmfiles.cab.bac_a02292=>(Quarantine-4)=>asmend.exe


Detected with: Application.Altnetbde.A

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\freeripmp3.exe.bac_a00260=>(Quarantine-4)=>(Instyler o)=>(Instyler Module 38)


Detected with: Adware.Myway.X

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\MARSHAL.DLL.bac_a00260=>(Quarantine-4)


Detected with: Application.P2p.Networking.G

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\mysearch.cab.bac_a00260=>(Quarantine-4)=>mySetp.exe


Detected with: Adware.Toolbar.Mywebsearch.O

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\mysearch.cab.bac_a02292=>(Quarantine-4)=>mySetp.exe


Detected with: Adware.Toolbar.Mywebsearch.O

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\ND2FNBAR.DL$.bac_a00260=>(Quarantine-4)


Detected with: Application.Need2find.A

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\ND2FNBAR.DLL.bac_a00260=>(Quarantine-4)


Detected with: Application.Need2find.A

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\P2P Networking v126.cpl.bac_a00260=>(Quarantine-4)


Detected with: Adware.P2pnet.A

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\P2P Networking.exe.bac_a00260=>(Quarantine-4)


Detected with: Application.P2p.Networking.D

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\pmexe.cab.bac_a00260=>(Quarantine-4)=>Points Manager.exe


Detected with: Adware.Altnet.D

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\pmexe.cab.bac_a02292=>(Quarantine-4)=>Points Manager.exe


Detected with: Adware.Altnet.D

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\pmnoooo.dll.bad.bac_a00260=>(Quarantine-4)


Infected with: Trojan.Vundo.Gen.2

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\sfcont.dll.bac_a00260=>(Quarantine-4)


Detected with: Adware.RXToolbar

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\WebP2PInstaller.dll.bac_a00260=>(Quarantine-4)


Detected with: Adware.P2pnet.B

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\MEGAFREEWEBSITE\BSINSTALL.exe=>wise0027


Detected with: Adware.180solutions.AO

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\MEGAFREEWEBSITE\BSINSTALL.exe=>wise0030


Detected with: Adware.Toolbar.Mywebsearch.I

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\MEGAFREEWEBSITE\BSINSTALL.exe=>(Embedded EXE r)=>wise0027


Detected with: Adware.180solutions.AO

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\MEGAFREEWEBSITE\BSINSTALL.exe=>(Embedded EXE r)=>wise0030


Detected with: Adware.Toolbar.Mywebsearch.I

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\Mel\Desktop\Install_AIM.exe=>wise0041=>wise0008


Detected with: Adware.AWS.A

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\Mel\Desktop\Install_AIM.exe=>wise0041=>(Embedded EXE r)=>wise0008


Detected with: Adware.AWS.A

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\Mel\Desktop\Install_AIM.exe=>(Embedded EXE r)=>wise0041=>wise0008


Detected with: Adware.AWS.A

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\Mel\Desktop\Install_AIM.exe=>(Embedded EXE r)=>wise0041=>(Embedded EXE r)=>wise0008


Detected with: Adware.AWS.A

C:\Documents and Settings\CHRISTOPHER\My Documents\BSINSTALL.exe=>wise0025


Detected with: Application.Adware.Savenow.G

C:\Documents and Settings\CHRISTOPHER\My Documents\BSINSTALL.exe=>(Embedded EXE r)=>wise0025


Detected with: Application.Adware.Savenow.G

C:\Documents and Settings\CHRISTOPHER\My Documents\ComcastToolbar.exe=>(NSIS o)=>lzma_nsis0053


Detected with: Adware.BHO

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:28 AM

Posted 25 February 2008 - 05:53 PM

Hello,

Hope you had a nice wekend. :thumbsup:

Is that the whole report? It looks cut off. :blink: How is it running now?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 mcgeady47

mcgeady47
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 25 February 2008 - 06:43 PM

It has actually been running ok. Still have the red x in front of my c drive on my computer. and that log had some infections including a vundo something.

I am running another log, sorry :thumbsup: Ill post here tonight when its complete

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:28 AM

Posted 25 February 2008 - 07:03 PM

No need to be sorry.....stuff happens. :thumbsup:

Thanks for the new log. :blink:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 mcgeady47

mcgeady47
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 26 February 2008 - 10:32 AM

BitDefender Online Scanner







Scan report generated at: Tue, Feb 26, 2008 - 10:26:29









Scan path: C:\;















Statistics

Time


02:24:56

Files


369799

Folders


7708

Boot Sectors


3

Archives


34314

Packed Files


18212







Results

Identified Viruses


10

Infected Files


24

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


24







Engines Info

Virus Definitions


983760

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins


16

Archive plugins


41

Unpack plugins


7

E-mail plugins


6

System plugins


5







Scan Settings

First Action


Delete

Second Action


None

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\AIM\Install_AIM.exe=>wise0038=>wise0008


Detected with: Adware.AWS.A

C:\AIM\Install_AIM.exe=>wise0038=>wise0008


Deleted

C:\AIM\Install_AIM.exe=>wise0038


Update failed

C:\AIM\Install_AIM.exe=>wise0038=>(Embedded EXE r)=>wise0008


Detected with: Adware.AWS.A

C:\AIM\Install_AIM.exe=>wise0038=>(Embedded EXE r)=>wise0008


Deleted

C:\AIM\Install_AIM.exe=>wise0038=>(Embedded EXE r)


Update failed

C:\AIM\Install_AIM.exe=>(Embedded EXE r)=>wise0038=>wise0008


Detected with: Adware.AWS.A

C:\AIM\Install_AIM.exe=>(Embedded EXE r)=>wise0038=>wise0008


Deleted

C:\AIM\Install_AIM.exe=>(Embedded EXE r)=>wise0038


Update failed

C:\AIM\Install_AIM.exe=>(Embedded EXE r)=>wise0038=>(Embedded EXE r)=>wise0008


Detected with: Adware.AWS.A

C:\AIM\Install_AIM.exe=>(Embedded EXE r)=>wise0038=>(Embedded EXE r)=>wise0008


Deleted

C:\AIM\Install_AIM.exe=>(Embedded EXE r)=>wise0038=>(Embedded EXE r)


Update failed

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\dmfiles.cab.bac_a00260=>(Quarantine-4)=>AltnetUninstall.exe


Detected with: Application.Altnetbde.C

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\dmfiles.cab.bac_a00260=>(Quarantine-4)=>AltnetUninstall.exe


Deleted

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\dmfiles.cab.bac_a00260=>(Quarantine-4)


Update failed

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\dmfiles.cab.bac_a00260=>(Quarantine-4)=>asmend.exe


Detected with: Application.Altnetbde.A

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\dmfiles.cab.bac_a00260=>(Quarantine-4)=>asmend.exe


Deleted

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\dmfiles.cab.bac_a00260=>(Quarantine-4)


Update failed

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\dmfiles.cab.bac_a02292=>(Quarantine-4)=>AltnetUninstall.exe


Detected with: Application.Altnetbde.C

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\dmfiles.cab.bac_a02292=>(Quarantine-4)=>AltnetUninstall.exe


Deleted

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\dmfiles.cab.bac_a02292=>(Quarantine-4)


Update failed

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\dmfiles.cab.bac_a02292=>(Quarantine-4)=>asmend.exe


Detected with: Application.Altnetbde.A

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\dmfiles.cab.bac_a02292=>(Quarantine-4)=>asmend.exe


Deleted

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\dmfiles.cab.bac_a02292=>(Quarantine-4)


Update failed

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\freeripmp3.exe.bac_a00260=>(Quarantine-4)=>(Instyler o)=>(Instyler Module 38)


Detected with: Adware.Myway.X

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\freeripmp3.exe.bac_a00260=>(Quarantine-4)=>(Instyler o)=>(Instyler Module 38)


Deleted

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\freeripmp3.exe.bac_a00260=>(Quarantine-4)=>(Instyler o)


Update failed

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\mysearch.cab.bac_a00260=>(Quarantine-4)=>mySetp.exe


Detected with: Adware.Toolbar.Mywebsearch.O

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\mysearch.cab.bac_a00260=>(Quarantine-4)=>mySetp.exe


Deleted

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\mysearch.cab.bac_a00260=>(Quarantine-4)


Update failed

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\mysearch.cab.bac_a02292=>(Quarantine-4)=>mySetp.exe


Detected with: Adware.Toolbar.Mywebsearch.O

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\mysearch.cab.bac_a02292=>(Quarantine-4)=>mySetp.exe


Deleted

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\mysearch.cab.bac_a02292=>(Quarantine-4)


Update failed

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\pmexe.cab.bac_a00260=>(Quarantine-4)=>Points Manager.exe


Detected with: Adware.Altnet.D

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\pmexe.cab.bac_a00260=>(Quarantine-4)=>Points Manager.exe


Deleted

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\pmexe.cab.bac_a00260=>(Quarantine-4)


Update failed

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\pmexe.cab.bac_a02292=>(Quarantine-4)=>Points Manager.exe


Detected with: Adware.Altnet.D

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\pmexe.cab.bac_a02292=>(Quarantine-4)=>Points Manager.exe


Deleted

C:\Documents and Settings\CHRISTOPHER\.housecall6.6\Quarantine\pmexe.cab.bac_a02292=>(Quarantine-4)


Update failed

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\MEGAFREEWEBSITE\BSINSTALL.exe=>wise0027


Detected with: Adware.180solutions.AO

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\MEGAFREEWEBSITE\BSINSTALL.exe=>wise0027


Deleted

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\MEGAFREEWEBSITE\BSINSTALL.exe


Update failed

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\MEGAFREEWEBSITE\BSINSTALL.exe=>wise0030


Detected with: Adware.Toolbar.Mywebsearch.I

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\MEGAFREEWEBSITE\BSINSTALL.exe=>wise0030


Deleted

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\MEGAFREEWEBSITE\BSINSTALL.exe


Update failed

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\MEGAFREEWEBSITE\BSINSTALL.exe=>(Embedded EXE r)=>wise0027


Detected with: Adware.180solutions.AO

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\MEGAFREEWEBSITE\BSINSTALL.exe=>(Embedded EXE r)=>wise0027


Deleted

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\MEGAFREEWEBSITE\BSINSTALL.exe=>(Embedded EXE r)


Update failed

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\MEGAFREEWEBSITE\BSINSTALL.exe=>(Embedded EXE r)=>wise0030


Detected with: Adware.Toolbar.Mywebsearch.I

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\MEGAFREEWEBSITE\BSINSTALL.exe=>(Embedded EXE r)=>wise0030


Deleted

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\MEGAFREEWEBSITE\BSINSTALL.exe=>(Embedded EXE r)


Update failed

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\Mel\Desktop\Install_AIM.exe=>wise0041=>wise0008


Detected with: Adware.AWS.A

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\Mel\Desktop\Install_AIM.exe=>wise0041=>wise0008


Deleted

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\Mel\Desktop\Install_AIM.exe=>wise0041


Update failed

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\Mel\Desktop\Install_AIM.exe=>wise0041=>(Embedded EXE r)=>wise0008


Detected with: Adware.AWS.A

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\Mel\Desktop\Install_AIM.exe=>wise0041=>(Embedded EXE r)=>wise0008


Deleted

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\Mel\Desktop\Install_AIM.exe=>wise0041=>(Embedded EXE r)


Update failed

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\Mel\Desktop\Install_AIM.exe=>(Embedded EXE r)=>wise0041=>wise0008


Detected with: Adware.AWS.A

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\Mel\Desktop\Install_AIM.exe=>(Embedded EXE r)=>wise0041=>wise0008


Deleted

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\Mel\Desktop\Install_AIM.exe=>(Embedded EXE r)=>wise0041


Update failed

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\Mel\Desktop\Install_AIM.exe=>(Embedded EXE r)=>wise0041=>(Embedded EXE r)=>wise0008


Detected with: Adware.AWS.A

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\Mel\Desktop\Install_AIM.exe=>(Embedded EXE r)=>wise0041=>(Embedded EXE r)=>wise0008


Deleted

C:\Documents and Settings\CHRISTOPHER\Desktop\CHRIS\just for today\Unused Desktop Shortcuts\Mel\Desktop\Install_AIM.exe=>(Embedded EXE r)=>wise0041=>(Embedded EXE r)


Update failed

C:\Documents and Settings\CHRISTOPHER\My Documents\BSINSTALL.exe=>wise0025


Detected with: Application.Adware.Savenow.G

C:\Documents and Settings\CHRISTOPHER\My Documents\BSINSTALL.exe=>wise0025


Deleted

C:\Documents and Settings\CHRISTOPHER\My Documents\BSINSTALL.exe


Update failed

C:\Documents and Settings\CHRISTOPHER\My Documents\BSINSTALL.exe=>(Embedded EXE r)=>wise0025


Detected with: Application.Adware.Savenow.G

C:\Documents and Settings\CHRISTOPHER\My Documents\BSINSTALL.exe=>(Embedded EXE r)=>wise0025


Deleted

C:\Documents and Settings\CHRISTOPHER\My Documents\BSINSTALL.exe=>(Embedded EXE r)


Update failed

C:\Documents and Settings\CHRISTOPHER\My Documents\ComcastToolbar.exe=>(NSIS o)=>lzma_nsis0053


Detected with: Adware.BHO

C:\Documents and Settings\CHRISTOPHER\My Documents\ComcastToolbar.exe=>(NSIS o)=>lzma_nsis0053


Deleted

C:\Documents and Settings\CHRISTOPHER\My Documents\ComcastToolbar.exe=>(NSIS o)


Update failed

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:28 AM

Posted 26 February 2008 - 11:12 AM

Thank you. :thumbsup: It still looks cut off though. Let's try something else.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with the fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts

You can reenable TeaTimer once your system is clean.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 mcgeady47

mcgeady47
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 26 February 2008 - 01:22 PM

COMBOFIX LOG:

ComboFix 08-02-25.3 - CHRISTOPHER 2008-02-26 13:03:45.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.140 [GMT -5:00]
Running from: C:\Documents and Settings\CHRISTOPHER\My Documents\Downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\smdat32m.sys

.
((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.

2008-02-22 16:39 . 2008-02-22 16:39 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-02-22 16:37 . 2008-02-22 16:38 <DIR> d-------- C:\WINDOWS\ShellNew
2008-02-22 11:10 . 2008-02-22 11:09 85,520 --a------ C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-02-21 15:52 . 2008-02-26 08:01 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-02-21 15:09 . 2008-02-21 15:09 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-02-21 14:45 . 2008-02-21 15:30 121 --a------ C:\WINDOWS\bdagent.INI
2008-02-21 14:31 . 2008-02-22 13:00 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-02-21 13:42 . 2001-02-28 13:14 476,576 -r------- C:\Program Files\SETUP.EXE
2008-02-21 13:15 . 2008-02-25 11:29 <DIR> d-------- C:\Documents and Settings\CHRISTOPHER\Application Data\CoreFTP
2008-02-21 13:14 . 2008-02-21 13:26 <DIR> d-------- C:\Program Files\CoreFTP
2008-02-21 12:55 . 2008-02-21 13:11 <DIR> d-------- C:\Documents and Settings\CHRISTOPHER\Application Data\FileZilla
2008-02-19 21:59 . 2008-02-21 11:47 <DIR> d-------- C:\Program Files\Panda Security
2008-02-19 18:35 . 2008-02-19 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-14 19:22 . 2008-02-14 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-12 18:43 . 2008-02-12 18:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-12 18:31 . 2008-02-22 10:51 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-12 18:31 . 2008-02-22 10:51 <DIR> d-------- C:\Documents and Settings\CHRISTOPHER\Application Data\SUPERAntiSpyware.com
2008-02-12 15:00 . 2008-02-12 15:00 <DIR> d-------- C:\Program Files\Yahoo!
2008-02-12 09:25 . 2008-02-12 09:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-11 15:02 . 2008-01-29 11:00 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-11 09:25 . 2008-02-22 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-03 17:30 . 2007-06-28 15:19 157,024 --a------ C:\WINDOWS\system32\drivers\ma730c.sys
2008-02-03 17:30 . 2007-03-05 10:42 103,680 --a------ C:\WINDOWS\system32\drivers\ma730Pt.sys
2008-02-03 17:30 . 2007-01-26 18:48 50,522 --a------ C:\WINDOWS\system32\drivers\Ma730Vad.sys
2008-02-03 17:30 . 2005-11-21 13:55 32,847 -ra------ C:\WINDOWS\system32\drivers\Ma730Hid.sys
2008-02-03 17:30 . 2006-04-13 16:08 23,160 --a------ C:\WINDOWS\system32\MA730PT.VXD
2008-02-03 17:30 . 2007-01-26 17:32 21,851 --a------ C:\WINDOWS\system32\drivers\Ma730VaA.sys
2008-02-03 17:29 . 2008-02-03 17:29 <DIR> d-------- C:\WINDOWS\Application Data
2008-01-29 16:49 . 2008-02-10 17:18 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-29 16:47 . 2008-01-29 16:47 <DIR> d-------- C:\Documents and Settings\CHRISTOPHER\Application Data\Simply Super Software
2008-01-29 11:00 . 2008-02-12 13:50 <DIR> d-------- C:\Documents and Settings\CHRISTOPHER\.housecall6.6
2008-01-29 08:56 . 2008-02-21 16:47 <DIR> d-------- C:\VundoFix Backups
2008-01-26 18:54 . 2008-01-26 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-01-26 18:47 . 2008-01-26 18:48 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-01-26 18:46 . 2008-01-26 18:48 <DIR> d-------- C:\Program Files\AVS4YOU
2008-01-26 18:46 . 2007-10-15 09:35 638,976 --a------ C:\WINDOWS\system32\divx.dll
2008-01-26 18:46 . 2007-10-15 09:35 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-01-26 18:46 . 2007-10-15 09:35 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2008-01-26 18:46 . 2007-10-15 09:35 221,215 --a------ C:\WINDOWS\system32\divxdec.ax
2008-01-26 18:46 . 2007-10-15 09:35 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-01-26 18:46 . 2007-10-15 09:35 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2008-01-26 18:46 . 2007-10-15 09:35 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2008-01-26 18:46 . 2007-10-15 09:35 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2008-01-26 18:46 . 2007-10-15 09:35 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2008-01-26 18:31 . 2008-01-26 18:31 <DIR> d-------- C:\Program Files\WinXMedia
2008-01-26 18:30 . 2008-01-26 18:30 <DIR> d-------- C:\Program Files\Common Files\Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 17:56 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-26 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-26 16:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-26 12:54 --------- d-----w C:\Program Files\McAfee
2008-02-22 15:47 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-02-22 15:40 --------- d-----w C:\Program Files\Create-Ringtone
2008-02-21 16:47 --------- d-----w C:\Program Files\DivX
2008-02-14 00:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-12 17:45 --------- d-----w C:\Documents and Settings\CHRISTOPHER\Application Data\BitTorrent
2008-02-11 20:50 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-02-11 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-02-10 22:32 --------- d-----w C:\Program Files\Bug Doctor
2008-02-10 21:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-10 21:47 --------- d-----w C:\Program Files\e-texaspoker client
2008-02-09 13:59 --------- d-----w C:\Program Files\LimeWire
2008-02-07 17:24 --------- d-----w C:\Program Files\Kazaa
2008-02-06 14:51 171,400 ----a-w C:\WINDOWS\system32\drivers\mfehidk.sys
2008-01-26 23:07 --------- d-----w C:\Documents and Settings\CHRISTOPHER\Application Data\Roxio
2008-01-26 00:02 256 ----a-w C:\Documents and Settings\CHRISTOPHER\pool.bin
2008-01-20 13:19 --------- d-----w C:\Program Files\Google
2008-01-19 02:04 --------- d-----w C:\Documents and Settings\SEAN\Application Data\Roxio
2008-01-17 18:34 --------- d-----w C:\Program Files\QuickTime
2008-01-15 20:14 --------- d-----w C:\Documents and Settings\CHRISTOPHER\Application Data\Creative
2008-01-15 19:12 --------- d-----w C:\Program Files\FLAC
2008-01-15 19:08 33,540 ----a-w C:\WINDOWS\system32\CoreFLACDecoder-uninstall.exe
2008-01-14 21:17 --------- d-----w C:\Program Files\The Print Shop 21
2008-01-14 21:17 --------- d-----w C:\Program Files\support.com
2008-01-14 21:17 --------- d-----w C:\Program Files\MP3 CD Converter Professional
2008-01-14 21:17 --------- d-----w C:\Program Files\Misspellsearch Toolbar
2008-01-14 21:16 --------- d-----w C:\Program Files\CompuServe 7.0
2008-01-14 21:16 --------- d-----w C:\Program Files\Common Files\csshare
2008-01-14 21:16 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-14 21:16 --------- d-----w C:\Program Files\Aurora MPEG To DVD Burner
2008-01-14 21:16 --------- d-----w C:\Program Files\Audible
2008-01-14 21:16 --------- d-----w C:\Program Files\Apple Software Update
2008-01-14 21:16 --------- d-----w C:\Program Files\AIM Toolbar
2008-01-13 18:01 --------- d-----w C:\Documents and Settings\SEAN\Application Data\Talkback
2008-01-10 15:10 --------- d-----w C:\Documents and Settings\SEAN\Application Data\Research In Motion
2008-01-10 14:35 --------- d-----w C:\Documents and Settings\SEAN\Application Data\McAfee
2008-01-09 20:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-09 10:11 --------- d-----w C:\Documents and Settings\CHRISTOPHER\Application Data\BitTorrent DNA
2008-01-08 01:43 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio
2008-01-08 01:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-01-08 01:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-08 01:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-01 19:32 --------- d-----w C:\Documents and Settings\CHRISTOPHER\Application Data\ArcSoft
2008-01-01 17:44 --------- d-----w C:\Program Files\Sanyo
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2005-03-22 00:08 1,055,678 -c--a-w C:\Program Files\Funny_Dog_Screensaver.zip
2004-12-27 12:32 1,776 -c-ha-w C:\Documents and Settings\All Users\Application Data\mssaru.dat
2004-10-07 00:41 1,955,528 -c--a-w C:\WINDOWS\Media\ppviewer.exe
2004-10-07 00:37 2,855,552 -c--a-w C:\WINDOWS\Media\PPView97.exe
2004-09-12 18:01 2,084,803 -c--a-w C:\WINDOWS\Media\ssisetup.exe
2004-09-09 23:52 364,476 -c--a-w C:\WINDOWS\Media\XviD_Install.exe
2004-09-09 23:44 215,404 -c--a-w C:\WINDOWS\Media\VIDCI263.zip
2004-06-17 03:33 770,048 -c--a-w C:\Program Files\winmx331.exe
2006-12-06 03:18 152 --sh--r C:\WINDOWS\system32\45EB52E093.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"CheckNetworkConnection"="C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" [2006-01-09 16:45 1286144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\70w1aDdXy]
C:\documents and settings\christopher\local settings\temp\70w1aDdXy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Active Desktop Calendar]
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BestPopUpKiller]
C:\Program Files\BestPopUpKiller\BestPopupKiller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2007-10-09 08:00 286016 C:\Program Files\BitTorrent_DNA\dna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]
--------- 2006-11-17 04:42 53341 C:\Program Files\Creative\Shared Files\CTSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cy1X]
C:\documents and settings\christopher\local settings\temp\Cy1X.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
--------- 2007-03-16 06:51 715888 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gw]
C:\documents and settings\christopher\local settings\temp\gw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 19:24 50760 C:\Program Files\Common Files\AOL\1145760158\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2005-01-12 13:54 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2003-12-04 07:44 176128 C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a------ 2004-02-02 03:41 495616 C:\WINDOWS\System32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instafinder]
C:\Program Files\Instafinder\instafinder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JfFOvm]
C:\documents and settings\christopher\local settings\temp\JfFOvm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jS]
C:\documents and settings\christopher\local settings\temp\jS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\Kazaa\Kazaa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBkLogOnHook]
--a------ 2007-01-08 11:22 20480 C:\Program Files\McAfee\MBK\LogOnHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2000-07-13 15:00 28739 c:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pO]
C:\documents and settings\christopher\local settings\temp\pO.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pSiGRU]
C:\windows\pSiGRU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\r34T33i]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\slide.exe]
c:\program files\slide\slide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-01-09 04:54 65536 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STOPzilla]
C:\Program Files\STOPzilla!\Stopzilla.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
--a------ 2007-03-07 09:58 1773568 C:\Program Files\Support.com\bin\tgcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-10-23 13:22 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uq]
C:\windows\Uq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\Program Files\AWS\WeatherBug\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winad Client]
C:\Program Files\Winad Client\Winad.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R3 Ma730Pt;MA730 Bluetooth VCOM Driver;C:\WINDOWS\system32\DRIVERS\Ma730Pt.sys [2007-03-05 10:42]
R3 Ma730VaA;MA730 Bluetooth Advanced Audio;C:\WINDOWS\system32\DRIVERS\Ma730VaA.sys [2007-01-26 17:32]
R3 Ma730Vad;MA730 Bluetooth Audio;C:\WINDOWS\system32\DRIVERS\Ma730Vad.sys [2007-01-26 18:48]
S3 PciTest;WinMTA PCI Service;C:\WINDOWS\SYSTEM32\DRIVERS\pcitest.sys [2003-11-26 00:58]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-23 00:22:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-25 19:58:01 C:\WINDOWS\Tasks\BugDoctorCHRISTOPHER.job"
- C:\Program Files\Bug Doctor\BugDoctor.exe
"2008-02-26 12:54:03 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-02-26 17:37:20 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe
"2008-02-15 06:04:38 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-01 06:00:16 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 13:07:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-26 13:08:53
ComboFix-quarantined-files.txt 2008-02-26 18:08:24
ComboFix2.txt 2008-02-13 15:46:15
.
2008-02-23 08:03:12 --- E O F ---


HIJACK THIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:30 PM, on 2/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=2a1c0747-ffa7-415a-9883-062332d71614
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

--
End of file - 8820 bytes

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:28 AM

Posted 26 February 2008 - 06:47 PM

Hello,

Now that showed some things. :blink:

Uninstall Bug Doctor via Add/Remove Programs, then reboot. That is a rogue remover. They take your money and then want more and offer very little in the way of support. Bad! :thumbsup:

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

Folder::
C:\Program Files\Bug Doctor

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\70w1aDdXy]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cy1X]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gw]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JfFOvm]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jS]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pO]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\r34T33i]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uq]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winad Client]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. How is it running now please?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 mcgeady47

mcgeady47
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 26 February 2008 - 08:15 PM

Seems to be running ok, although still the red x in front of the cdrive.




ComboFix 08-02-25.3 - CHRISTOPHER 2008-02-26 19:35:56.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.193 [GMT -5:00]
Running from: C:\Documents and Settings\CHRISTOPHER\My Documents\Downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\CHRISTOPHER\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Bug Doctor
C:\Program Files\Bug Doctor\FixedOnFridayJanuary052007055518.xml
C:\Program Files\Bug Doctor\FixedOnFridayMarch242006074538.xml
C:\Program Files\Bug Doctor\FixedOnFridaySeptember212007133410.xml
C:\Program Files\Bug Doctor\FixedOnFridaySeptember222006112352.xml
C:\Program Files\Bug Doctor\FixedOnMondayApril242006172941.xml
C:\Program Files\Bug Doctor\FixedOnMondayJanuary282008170727.xml
C:\Program Files\Bug Doctor\FixedOnMondayJanuary302006110747.xml
C:\Program Files\Bug Doctor\FixedOnSaturdayJuly282007082002.xml
C:\Program Files\Bug Doctor\FixedOnSundayApril162006113747.xml
C:\Program Files\Bug Doctor\FixedOnSundayFebruary102008173235.xml
C:\Program Files\Bug Doctor\FixedOnSundayFebruary262006120420.xml
C:\Program Files\Bug Doctor\FixedOnSundayJuly022006140944.xml
C:\Program Files\Bug Doctor\FixedOnSundaySeptember242006144807.xml
C:\Program Files\Bug Doctor\FixedOnThursdayAugust232007150412.xml
C:\Program Files\Bug Doctor\FixedOnThursdayJuly272006114139.xml
C:\Program Files\Bug Doctor\FixedOnThursdaySeptember062007090338.xml
C:\Program Files\Bug Doctor\FixedOnThursdaySeptember272007070747.xml
C:\Program Files\Bug Doctor\FixedOnTuesdayFebruary072006093554.xml
C:\Program Files\Bug Doctor\FixedOnTuesdayJanuary162007204105.xml
C:\Program Files\Bug Doctor\FixedOnTuesdayJanuary292008085222.xml
C:\Program Files\Bug Doctor\FixedOnTuesdayNovember072006105050.xml
C:\Program Files\Bug Doctor\FixedOnWednesdayAugust012007112652.xml
C:\Program Files\Bug Doctor\FixedOnWednesdayDecember192007142230.xml
C:\Program Files\Bug Doctor\FixedOnWednesdayJanuary252006144313.xml
C:\Program Files\Bug Doctor\FixedOnWednesdayMay172006041847.xml

.
((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.

2008-02-22 16:39 . 2008-02-22 16:39 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-02-22 16:37 . 2008-02-22 16:38 <DIR> d-------- C:\WINDOWS\ShellNew
2008-02-22 11:10 . 2008-02-22 11:09 85,520 --a------ C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-02-21 15:52 . 2008-02-26 08:01 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-02-21 15:09 . 2008-02-21 15:09 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-02-21 14:45 . 2008-02-21 15:30 121 --a------ C:\WINDOWS\bdagent.INI
2008-02-21 14:31 . 2008-02-22 13:00 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-02-21 13:42 . 2001-02-28 13:14 476,576 -r------- C:\Program Files\SETUP.EXE
2008-02-21 13:15 . 2008-02-25 11:29 <DIR> d-------- C:\Documents and Settings\CHRISTOPHER\Application Data\CoreFTP
2008-02-21 13:14 . 2008-02-21 13:26 <DIR> d-------- C:\Program Files\CoreFTP
2008-02-21 12:55 . 2008-02-21 13:11 <DIR> d-------- C:\Documents and Settings\CHRISTOPHER\Application Data\FileZilla
2008-02-19 21:59 . 2008-02-21 11:47 <DIR> d-------- C:\Program Files\Panda Security
2008-02-19 18:35 . 2008-02-19 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-14 19:22 . 2008-02-14 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-12 18:43 . 2008-02-12 18:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-12 18:31 . 2008-02-22 10:51 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-12 18:31 . 2008-02-22 10:51 <DIR> d-------- C:\Documents and Settings\CHRISTOPHER\Application Data\SUPERAntiSpyware.com
2008-02-12 15:00 . 2008-02-12 15:00 <DIR> d-------- C:\Program Files\Yahoo!
2008-02-12 09:25 . 2008-02-12 09:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-11 15:02 . 2008-01-29 11:00 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-11 09:25 . 2008-02-22 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-03 17:30 . 2007-06-28 15:19 157,024 --a------ C:\WINDOWS\system32\drivers\ma730c.sys
2008-02-03 17:30 . 2007-03-05 10:42 103,680 --a------ C:\WINDOWS\system32\drivers\ma730Pt.sys
2008-02-03 17:30 . 2007-01-26 18:48 50,522 --a------ C:\WINDOWS\system32\drivers\Ma730Vad.sys
2008-02-03 17:30 . 2005-11-21 13:55 32,847 -ra------ C:\WINDOWS\system32\drivers\Ma730Hid.sys
2008-02-03 17:30 . 2006-04-13 16:08 23,160 --a------ C:\WINDOWS\system32\MA730PT.VXD
2008-02-03 17:30 . 2007-01-26 17:32 21,851 --a------ C:\WINDOWS\system32\drivers\Ma730VaA.sys
2008-02-03 17:29 . 2008-02-03 17:29 <DIR> d-------- C:\WINDOWS\Application Data
2008-01-29 16:49 . 2008-02-10 17:18 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-29 16:47 . 2008-01-29 16:47 <DIR> d-------- C:\Documents and Settings\CHRISTOPHER\Application Data\Simply Super Software
2008-01-29 11:00 . 2008-02-12 13:50 <DIR> d-------- C:\Documents and Settings\CHRISTOPHER\.housecall6.6
2008-01-29 08:56 . 2008-02-21 16:47 <DIR> d-------- C:\VundoFix Backups

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 18:22 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-26 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-26 16:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-26 12:54 --------- d-----w C:\Program Files\McAfee
2008-02-22 15:47 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-02-22 15:40 --------- d-----w C:\Program Files\Create-Ringtone
2008-02-21 16:47 --------- d-----w C:\Program Files\DivX
2008-02-14 00:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-12 17:45 --------- d-----w C:\Documents and Settings\CHRISTOPHER\Application Data\BitTorrent
2008-02-11 20:50 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-02-11 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-02-10 21:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-10 21:47 --------- d-----w C:\Program Files\e-texaspoker client
2008-02-09 13:59 --------- d-----w C:\Program Files\LimeWire
2008-02-07 17:24 --------- d-----w C:\Program Files\Kazaa
2008-02-06 14:51 171,400 ----a-w C:\WINDOWS\system32\drivers\mfehidk.sys
2008-01-26 23:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-01-26 23:48 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-01-26 23:48 --------- d-----w C:\Program Files\AVS4YOU
2008-01-26 23:31 --------- d-----w C:\Program Files\WinXMedia
2008-01-26 23:30 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-01-26 23:07 --------- d-----w C:\Documents and Settings\CHRISTOPHER\Application Data\Roxio
2008-01-26 00:02 256 ----a-w C:\Documents and Settings\CHRISTOPHER\pool.bin
2008-01-20 13:19 --------- d-----w C:\Program Files\Google
2008-01-19 02:04 --------- d-----w C:\Documents and Settings\SEAN\Application Data\Roxio
2008-01-17 18:34 --------- d-----w C:\Program Files\QuickTime
2008-01-15 20:14 --------- d-----w C:\Documents and Settings\CHRISTOPHER\Application Data\Creative
2008-01-15 19:12 --------- d-----w C:\Program Files\FLAC
2008-01-15 19:08 33,540 ----a-w C:\WINDOWS\system32\CoreFLACDecoder-uninstall.exe
2008-01-14 21:17 --------- d-----w C:\Program Files\The Print Shop 21
2008-01-14 21:17 --------- d-----w C:\Program Files\support.com
2008-01-14 21:17 --------- d-----w C:\Program Files\MP3 CD Converter Professional
2008-01-14 21:17 --------- d-----w C:\Program Files\Misspellsearch Toolbar
2008-01-14 21:16 --------- d-----w C:\Program Files\CompuServe 7.0
2008-01-14 21:16 --------- d-----w C:\Program Files\Common Files\csshare
2008-01-14 21:16 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-14 21:16 --------- d-----w C:\Program Files\Aurora MPEG To DVD Burner
2008-01-14 21:16 --------- d-----w C:\Program Files\Audible
2008-01-14 21:16 --------- d-----w C:\Program Files\Apple Software Update
2008-01-14 21:16 --------- d-----w C:\Program Files\AIM Toolbar
2008-01-13 18:01 --------- d-----w C:\Documents and Settings\SEAN\Application Data\Talkback
2008-01-10 15:10 --------- d-----w C:\Documents and Settings\SEAN\Application Data\Research In Motion
2008-01-10 14:35 --------- d-----w C:\Documents and Settings\SEAN\Application Data\McAfee
2008-01-09 20:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-09 10:11 --------- d-----w C:\Documents and Settings\CHRISTOPHER\Application Data\BitTorrent DNA
2008-01-08 01:43 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio
2008-01-08 01:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-01-08 01:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-08 01:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-01 19:32 --------- d-----w C:\Documents and Settings\CHRISTOPHER\Application Data\ArcSoft
2008-01-01 17:44 --------- d-----w C:\Program Files\Sanyo
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2005-03-22 00:08 1,055,678 -c--a-w C:\Program Files\Funny_Dog_Screensaver.zip
2004-12-27 12:32 1,776 -c-ha-w C:\Documents and Settings\All Users\Application Data\mssaru.dat
2004-10-07 00:41 1,955,528 -c--a-w C:\WINDOWS\Media\ppviewer.exe
2004-10-07 00:37 2,855,552 -c--a-w C:\WINDOWS\Media\PPView97.exe
2004-09-12 18:01 2,084,803 -c--a-w C:\WINDOWS\Media\ssisetup.exe
2004-09-09 23:52 364,476 -c--a-w C:\WINDOWS\Media\XviD_Install.exe
2004-09-09 23:44 215,404 -c--a-w C:\WINDOWS\Media\VIDCI263.zip
2004-06-17 03:33 770,048 -c--a-w C:\Program Files\winmx331.exe
2006-12-06 03:18 152 --sh--r C:\WINDOWS\system32\45EB52E093.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"CheckNetworkConnection"="C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" [2006-01-09 16:45 1286144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\70w1aDdXy]
C:\documents and settings\christopher\local settings\temp\70w1aDdXy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Active Desktop Calendar]
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BestPopUpKiller]
C:\Program Files\BestPopUpKiller\BestPopupKiller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2007-10-09 08:00 286016 C:\Program Files\BitTorrent_DNA\dna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]
--------- 2006-11-17 04:42 53341 C:\Program Files\Creative\Shared Files\CTSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cy1X]
C:\documents and settings\christopher\local settings\temp\Cy1X.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
--------- 2007-03-16 06:51 715888 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gw]
C:\documents and settings\christopher\local settings\temp\gw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 19:24 50760 C:\Program Files\Common Files\AOL\1145760158\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2005-01-12 13:54 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2003-12-04 07:44 176128 C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a------ 2004-02-02 03:41 495616 C:\WINDOWS\System32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instafinder]
C:\Program Files\Instafinder\instafinder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JfFOvm]
C:\documents and settings\christopher\local settings\temp\JfFOvm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jS]
C:\documents and settings\christopher\local settings\temp\jS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\Kazaa\Kazaa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBkLogOnHook]
--a------ 2007-01-08 11:22 20480 C:\Program Files\McAfee\MBK\LogOnHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2000-07-13 15:00 28739 c:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pO]
C:\documents and settings\christopher\local settings\temp\pO.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pSiGRU]
C:\windows\pSiGRU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\r34T33i]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\slide.exe]
c:\program files\slide\slide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-01-09 04:54 65536 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STOPzilla]
C:\Program Files\STOPzilla!\Stopzilla.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
--a------ 2007-03-07 09:58 1773568 C:\Program Files\Support.com\bin\tgcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-10-23 13:22 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uq]
C:\windows\Uq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\Program Files\AWS\WeatherBug\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winad Client]
C:\Program Files\Winad Client\Winad.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R3 Ma730Pt;MA730 Bluetooth VCOM Driver;C:\WINDOWS\system32\DRIVERS\Ma730Pt.sys [2007-03-05 10:42]
R3 Ma730VaA;MA730 Bluetooth Advanced Audio;C:\WINDOWS\system32\DRIVERS\Ma730VaA.sys [2007-01-26 17:32]
R3 Ma730Vad;MA730 Bluetooth Audio;C:\WINDOWS\system32\DRIVERS\Ma730Vad.sys [2007-01-26 18:48]
S3 PciTest;WinMTA PCI Service;C:\WINDOWS\SYSTEM32\DRIVERS\pcitest.sys [2003-11-26 00:58]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-23 00:22:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-26 19:58:02 C:\WINDOWS\Tasks\BugDoctorCHRISTOPHER.job"
- C:\Program Files\Bug Doctor\BugDoctor.exe
"2008-02-27 00:40:02 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-02-27 00:27:30 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe
"2008-02-15 06:04:38 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-01 06:00:16 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 19:39:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-26 19:40:55
ComboFix-quarantined-files.txt 2008-02-27 00:40:33
ComboFix2.txt 2008-02-26 18:08:55
ComboFix3.txt 2008-02-13 15:46:15
.
2008-02-23 08:03:12 --- E O F ---









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:38 PM, on 2/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=2a1c0747-ffa7-415a-9883-062332d71614
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

--
End of file - 8787 bytes

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:28 AM

Posted 26 February 2008 - 09:00 PM

Hello,

Let's try this again:

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

File::
C:\documents and settings\christopher\local settings\temp\70w1aDdXy.exe
C:\documents and settings\christopher\local settings\temp\Cy1X.exe
C:\documents and settings\christopher\local settings\temp\gw.exe
C:\documents and settings\christopher\local settings\temp\JfFOvm.exe
C:\documents and settings\christopher\local settings\temp\pO.exe
C:\windows\pSiGRU.exe
C:\windows\Uq.exe

Folder::
C:\Program Files\Winad Client
C:\WINDOWS\system32\P2P Networking

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\70w1aDdXy]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cy1X]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gw]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JfFOvm]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jS]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pO]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\r34T33i]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uq]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winad Client]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 mcgeady47

mcgeady47
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 26 February 2008 - 09:58 PM

ComboFix 08-02-25.3 - CHRISTOPHER 2008-02-26 21:48:53.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.184 [GMT -5:00]
Running from: C:\Documents and Settings\CHRISTOPHER\My Documents\Downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\CHRISTOPHER\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\documents and settings\christopher\local settings\temp\70w1aDdXy.exe
C:\documents and settings\christopher\local settings\temp\Cy1X.exe
C:\documents and settings\christopher\local settings\temp\gw.exe
C:\documents and settings\christopher\local settings\temp\JfFOvm.exe
C:\documents and settings\christopher\local settings\temp\pO.exe
C:\windows\pSiGRU.exe
C:\windows\Uq.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.

2008-02-22 16:39 . 2008-02-22 16:39 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-02-22 16:37 . 2008-02-22 16:38 <DIR> d-------- C:\WINDOWS\ShellNew
2008-02-22 11:10 . 2008-02-22 11:09 85,520 --a------ C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-02-21 15:52 . 2008-02-26 08:01 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-02-21 15:09 . 2008-02-21 15:09 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-02-21 14:45 . 2008-02-21 15:30 121 --a------ C:\WINDOWS\bdagent.INI
2008-02-21 14:31 . 2008-02-22 13:00 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-02-21 13:42 . 2001-02-28 13:14 476,576 -r------- C:\Program Files\SETUP.EXE
2008-02-21 13:15 . 2008-02-25 11:29 <DIR> d-------- C:\Documents and Settings\CHRISTOPHER\Application Data\CoreFTP
2008-02-21 13:14 . 2008-02-21 13:26 <DIR> d-------- C:\Program Files\CoreFTP
2008-02-21 12:55 . 2008-02-21 13:11 <DIR> d-------- C:\Documents and Settings\CHRISTOPHER\Application Data\FileZilla
2008-02-19 21:59 . 2008-02-21 11:47 <DIR> d-------- C:\Program Files\Panda Security
2008-02-19 18:35 . 2008-02-19 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-14 19:22 . 2008-02-14 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-12 18:43 . 2008-02-12 18:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-12 18:31 . 2008-02-22 10:51 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-12 18:31 . 2008-02-22 10:51 <DIR> d-------- C:\Documents and Settings\CHRISTOPHER\Application Data\SUPERAntiSpyware.com
2008-02-12 15:00 . 2008-02-12 15:00 <DIR> d-------- C:\Program Files\Yahoo!
2008-02-12 09:25 . 2008-02-12 09:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-11 15:02 . 2008-01-29 11:00 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-11 09:25 . 2008-02-22 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-03 17:30 . 2007-06-28 15:19 157,024 --a------ C:\WINDOWS\system32\drivers\ma730c.sys
2008-02-03 17:30 . 2007-03-05 10:42 103,680 --a------ C:\WINDOWS\system32\drivers\ma730Pt.sys
2008-02-03 17:30 . 2007-01-26 18:48 50,522 --a------ C:\WINDOWS\system32\drivers\Ma730Vad.sys
2008-02-03 17:30 . 2005-11-21 13:55 32,847 -ra------ C:\WINDOWS\system32\drivers\Ma730Hid.sys
2008-02-03 17:30 . 2006-04-13 16:08 23,160 --a------ C:\WINDOWS\system32\MA730PT.VXD
2008-02-03 17:30 . 2007-01-26 17:32 21,851 --a------ C:\WINDOWS\system32\drivers\Ma730VaA.sys
2008-02-03 17:29 . 2008-02-03 17:29 <DIR> d-------- C:\WINDOWS\Application Data
2008-01-29 16:49 . 2008-02-10 17:18 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-29 16:47 . 2008-01-29 16:47 <DIR> d-------- C:\Documents and Settings\CHRISTOPHER\Application Data\Simply Super Software
2008-01-29 11:00 . 2008-02-12 13:50 <DIR> d-------- C:\Documents and Settings\CHRISTOPHER\.housecall6.6
2008-01-29 08:56 . 2008-02-21 16:47 <DIR> d-------- C:\VundoFix Backups

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 01:14 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-26 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-26 16:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-26 12:54 --------- d-----w C:\Program Files\McAfee
2008-02-22 15:47 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-02-22 15:40 --------- d-----w C:\Program Files\Create-Ringtone
2008-02-21 16:47 --------- d-----w C:\Program Files\DivX
2008-02-14 00:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-12 17:45 --------- d-----w C:\Documents and Settings\CHRISTOPHER\Application Data\BitTorrent
2008-02-11 20:50 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-02-11 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-02-10 21:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-10 21:47 --------- d-----w C:\Program Files\e-texaspoker client
2008-02-09 13:59 --------- d-----w C:\Program Files\LimeWire
2008-02-07 17:24 --------- d-----w C:\Program Files\Kazaa
2008-02-06 14:51 171,400 ----a-w C:\WINDOWS\system32\drivers\mfehidk.sys
2008-01-26 23:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-01-26 23:48 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-01-26 23:48 --------- d-----w C:\Program Files\AVS4YOU
2008-01-26 23:31 --------- d-----w C:\Program Files\WinXMedia
2008-01-26 23:30 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-01-26 23:07 --------- d-----w C:\Documents and Settings\CHRISTOPHER\Application Data\Roxio
2008-01-26 00:02 256 ----a-w C:\Documents and Settings\CHRISTOPHER\pool.bin
2008-01-20 13:19 --------- d-----w C:\Program Files\Google
2008-01-19 02:04 --------- d-----w C:\Documents and Settings\SEAN\Application Data\Roxio
2008-01-17 18:34 --------- d-----w C:\Program Files\QuickTime
2008-01-15 20:14 --------- d-----w C:\Documents and Settings\CHRISTOPHER\Application Data\Creative
2008-01-15 19:12 --------- d-----w C:\Program Files\FLAC
2008-01-15 19:08 33,540 ----a-w C:\WINDOWS\system32\CoreFLACDecoder-uninstall.exe
2008-01-14 21:17 --------- d-----w C:\Program Files\The Print Shop 21
2008-01-14 21:17 --------- d-----w C:\Program Files\support.com
2008-01-14 21:17 --------- d-----w C:\Program Files\MP3 CD Converter Professional
2008-01-14 21:17 --------- d-----w C:\Program Files\Misspellsearch Toolbar
2008-01-14 21:16 --------- d-----w C:\Program Files\CompuServe 7.0
2008-01-14 21:16 --------- d-----w C:\Program Files\Common Files\csshare
2008-01-14 21:16 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-14 21:16 --------- d-----w C:\Program Files\Aurora MPEG To DVD Burner
2008-01-14 21:16 --------- d-----w C:\Program Files\Audible
2008-01-14 21:16 --------- d-----w C:\Program Files\Apple Software Update
2008-01-14 21:16 --------- d-----w C:\Program Files\AIM Toolbar
2008-01-13 18:01 --------- d-----w C:\Documents and Settings\SEAN\Application Data\Talkback
2008-01-10 15:10 --------- d-----w C:\Documents and Settings\SEAN\Application Data\Research In Motion
2008-01-10 14:35 --------- d-----w C:\Documents and Settings\SEAN\Application Data\McAfee
2008-01-09 20:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-09 10:11 --------- d-----w C:\Documents and Settings\CHRISTOPHER\Application Data\BitTorrent DNA
2008-01-08 01:43 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio
2008-01-08 01:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-01-08 01:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-08 01:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-01 19:32 --------- d-----w C:\Documents and Settings\CHRISTOPHER\Application Data\ArcSoft
2008-01-01 17:44 --------- d-----w C:\Program Files\Sanyo
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2005-03-22 00:08 1,055,678 -c--a-w C:\Program Files\Funny_Dog_Screensaver.zip
2004-12-27 12:32 1,776 -c-ha-w C:\Documents and Settings\All Users\Application Data\mssaru.dat
2004-10-07 00:41 1,955,528 -c--a-w C:\WINDOWS\Media\ppviewer.exe
2004-10-07 00:37 2,855,552 -c--a-w C:\WINDOWS\Media\PPView97.exe
2004-09-12 18:01 2,084,803 -c--a-w C:\WINDOWS\Media\ssisetup.exe
2004-09-09 23:52 364,476 -c--a-w C:\WINDOWS\Media\XviD_Install.exe
2004-09-09 23:44 215,404 -c--a-w C:\WINDOWS\Media\VIDCI263.zip
2004-06-17 03:33 770,048 -c--a-w C:\Program Files\winmx331.exe
2006-12-06 03:18 152 --sh--r C:\WINDOWS\system32\45EB52E093.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"CheckNetworkConnection"="C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" [2006-01-09 16:45 1286144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Active Desktop Calendar]
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BestPopUpKiller]
C:\Program Files\BestPopUpKiller\BestPopupKiller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2007-10-09 08:00 286016 C:\Program Files\BitTorrent_DNA\dna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]
--------- 2006-11-17 04:42 53341 C:\Program Files\Creative\Shared Files\CTSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
--------- 2007-03-16 06:51 715888 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 19:24 50760 C:\Program Files\Common Files\AOL\1145760158\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2005-01-12 13:54 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2003-12-04 07:44 176128 C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a------ 2004-02-02 03:41 495616 C:\WINDOWS\System32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instafinder]
C:\Program Files\Instafinder\instafinder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\Kazaa\Kazaa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBkLogOnHook]
--a------ 2007-01-08 11:22 20480 C:\Program Files\McAfee\MBK\LogOnHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2000-07-13 15:00 28739 c:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pSiGRU]
C:\windows\pSiGRU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\slide.exe]
c:\program files\slide\slide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-01-09 04:54 65536 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STOPzilla]
C:\Program Files\STOPzilla!\Stopzilla.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
--a------ 2007-03-07 09:58 1773568 C:\Program Files\Support.com\bin\tgcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-10-23 13:22 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\Program Files\AWS\WeatherBug\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R3 Ma730Pt;MA730 Bluetooth VCOM Driver;C:\WINDOWS\system32\DRIVERS\Ma730Pt.sys [2007-03-05 10:42]
R3 Ma730VaA;MA730 Bluetooth Advanced Audio;C:\WINDOWS\system32\DRIVERS\Ma730VaA.sys [2007-01-26 17:32]
R3 Ma730Vad;MA730 Bluetooth Audio;C:\WINDOWS\system32\DRIVERS\Ma730Vad.sys [2007-01-26 18:48]
S3 PciTest;WinMTA PCI Service;C:\WINDOWS\SYSTEM32\DRIVERS\pcitest.sys [2003-11-26 00:58]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-23 00:22:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-26 19:58:02 C:\WINDOWS\Tasks\BugDoctorCHRISTOPHER.job"
- C:\Program Files\Bug Doctor\BugDoctor.exe
"2008-02-27 00:46:55 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-02-27 00:58:47 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe
"2008-02-15 06:04:38 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-01 06:00:16 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 21:52:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-26 21:53:54
ComboFix-quarantined-files.txt 2008-02-27 02:53:37
ComboFix2.txt 2008-02-27 00:40:56
ComboFix3.txt 2008-02-26 18:08:55
ComboFix4.txt 2008-02-13 15:46:15
.
2008-02-23 08:03:12 --- E O F ---




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:24 PM, on 2/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=2a1c0747-ffa7-415a-9883-062332d71614
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

--
End of file - 8869 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users