Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: I Think I Have Smitfraud, Adbreak, Aconti, And Acespy, And Maybe More...help!


  • This topic is locked This topic is locked
4 replies to this topic

#1 TamaraLong

TamaraLong

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 04 March 2008 - 05:11 AM

I think I might have picked up these problems from myspace, I'm not entirely sure. Either way, i should probably let u know what i have already done. almost instantaneously i saw that my internet browser shut down when i clicked on a profile on myspace. immediately following that, i started getting pop-ups and my desktop image changed to this blue screen that has a link on it for spyware removal programs. And I keep getting these bubbles popping up on my control panel telling me that i have a spyware infection. In addition, there are red boxes that pop up on my computer telling me which viruses/malware/etc. are installed on my computer and telling me to update my security settings or something like that. I ran ad-aware, and it removed some things, but almost immediately, they came back bc i ran back to back scans and the same things kept popping back up. so seeing that i was getting nowhere with that at that point, i shut the computer down. a day later, i downloaded mcafee and tried that, with similar results. and i also went through the folders on windows and system32 and local settings and i manually removed some of the files, but when i emptied the recycle bin, it was like they just came back and had copies with them too. So, being baffled, i googled the names of the files that i kept getting come up on the scans and i came across a blog from pcguide that had mentioned trying combofix to try to fix the problems and also detailing very similar problems that were referred to as a smitfraud virus, so i tried it and i retained a copy of that log from that program for u at the end of this post. and after doing so, i did some more research and stumbled upon this site and downloaded the hijackthis program and i figured i would ask if someone could help. i'm not sure exactly what i am dealing with.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:37 AM, on 3/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKCU\..\Run: [Y!TunnelBasic] C:\Program Files\Digital Asphyxia\Y!TunnelBasic 2.0\YTBasic.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Eres] "C:\PROGRA~1\COMMON~1\STEM~1\ntvdm.exe" -vt yazb
O4 - HKCU\..\Run: [Pntij] "C:\Program Files\?racle\??anregw.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SnapDetect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZJ
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.java.com
O15 - Trusted Zone: http://game1.pogo.com
O15 - Trusted Zone: http://www.pogo.com
O15 - Trusted Zone: http://jdl.sun.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11075 bytes



Also, I downloaded a program called Combofix. I saw it mentioned in a blog and I found the program and downloaded it and ran it once. Here is the log from that if that is useful...



ComboFix 08-03-04.2 - Owner 2008-03-04 0:19:37.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.118 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GK06FB99\ComboFix[1].exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Owner\Application Data\WinTouch
C:\Documents and Settings\Owner\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\Owner\Application Data\WinTouch\WTUninstaller.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\Common Files\stem~1
C:\Program Files\Common Files\stem~1\??stem\
C:\Program Files\Common Files\stem~1\ntvdm.exe
C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\racle~1
C:\Program Files\racle~1\??anregw.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\Downloaded Program Files\sysnetsvc32.inf
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\T3duZXI\
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

----- BITS: Possible infected sites -----

hxxp://80.93.48.74
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\Network Monitor
-------\nm


((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.

2008-03-04 00:32 . 2008-03-04 00:57 2,364 --a------ C:\WINDOWS\system32\wpa.dbl
2008-03-04 00:30 . 2008-03-04 00:59 <DIR> d-------- C:\Program Files\p2pnetworks
2008-03-04 00:30 . 2008-03-04 01:00 <DIR> d-------- C:\Program Files\akl
2008-03-04 00:30 . 2008-03-04 01:00 <DIR> d-------- C:\Program Files\3721
2008-03-04 00:29 . 2008-03-04 01:00 <DIR> d-------- C:\Program Files\e-zshopper
2008-03-04 00:29 . 2008-03-04 01:00 <DIR> d-------- C:\Program Files\amsys
2008-03-04 00:28 . 2008-03-04 00:59 <DIR> d-------- C:\WINDOWS\system32\acespy
2008-03-04 00:28 . 2008-03-04 01:00 <DIR> d-------- C:\Program Files\Accoona
2008-03-03 23:46 . 2008-03-04 00:31 3,062 --a------ C:\WINDOWS\system32\Config.MPF
2008-03-03 11:25 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-03-03 11:15 . 2008-02-06 09:51 171,400 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-03-03 11:15 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-03-03 11:15 . 2007-06-25 14:54 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-03-03 11:15 . 2007-06-25 10:57 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-03-03 11:15 . 2007-06-25 10:57 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-03-03 11:15 . 2007-06-25 10:57 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-03-03 11:14 . 2008-03-03 11:14 <DIR> d-------- C:\Program Files\McAfee.com
2008-03-03 11:13 . 2008-03-03 11:39 <DIR> d-------- C:\Program Files\McAfee
2008-03-03 11:13 . 2008-03-03 11:24 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-03-03 11:05 . 2008-03-03 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-02 04:27 . 2008-03-02 04:27 89,099 --a------ C:\WINDOWS\system32\mgmrwmrv.exe
2008-02-24 16:08 . 2008-02-24 16:08 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-22 23:00 . 2008-02-22 23:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Viewpoint
2008-02-22 02:36 . 2008-02-22 02:36 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-22 02:34 . 2008-02-22 03:01 1,295 --ah----- C:\IPH.PH
2008-02-20 05:40 . 2008-02-27 19:26 <DIR> d-------- C:\Program Files\DNA
2008-02-20 05:40 . 2008-02-20 05:51 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-02-07 12:04 . 2008-02-07 12:04 2 --a------ C:\WINDOWS\msoffice.ini
2008-02-05 04:56 . 2008-02-05 04:56 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-05 04:56 . 2008-02-05 04:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-05 04:52 . 2008-02-05 04:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-05 01:21 . 2008-02-10 19:06 <DIR> d-------- C:\Documents and Settings\Olah\Application Data\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 05:30 30,720 ----a-w C:\WINDOWS\daxtime.dll
2008-03-04 05:30 16,128 ----a-w C:\WINDOWS\eventlowg.dll
2008-03-04 05:30 13,568 ----a-w C:\WINDOWS\system32\msole32.exe
2008-03-04 05:28 9,728 ----a-w C:\WINDOWS\764.exe
2008-03-02 07:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-02-28 00:33 --------- d-----w C:\Program Files\The Weather Channel FW
2008-02-24 21:08 --------- d-----w C:\Program Files\Real
2008-02-24 21:07 --------- d-----w C:\Program Files\Common Files\Real
2008-02-24 21:06 499,712 ------w C:\WINDOWS\system32\msvcp71.dll
2008-02-23 14:31 --------- d-----w C:\Program Files\LimeWire
2008-02-22 08:01 --------- d-----w C:\Program Files\AIM6
2008-02-22 07:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-22 07:35 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-22 07:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-22 07:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-07 17:05 --------- d-----w C:\Documents and Settings\Owner\Application Data\AOL
2008-02-07 16:56 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-02-07 16:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-02-07 16:46 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-07 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-07 16:45 --------- d-----w C:\Program Files\Yahoo!
2008-02-05 08:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mail.com"="C:\Program Files\mail.com\mcalert.exe" [ ]
"Y!TunnelBasic"="C:\Program Files\Digital Asphyxia\Y!TunnelBasic 2.0\YTBasic.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 06:51 715888]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-10 17:57 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"Aim6"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05 204288]
"WinTouch"="C:\Documents and Settings\Owner\Application Data\WinTouch\WinTouch.exe" [ ]
"Eres"="C:\PROGRA~1\COMMON~1\STEM~1\ntvdm.exe" [ ]
"Pntij"="C:\Program Files\?racle\??anregw.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 01:49 155648]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-12 23:31 98304]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-05 13:34 188416]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-24 16:05 185896]
"combofix"="C:\WINDOWS\system32\CF8849.exe" [2004-08-04 02:56 388608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 20:47 8720384]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
SnapDetect.lnk - C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe [2005-09-01 20:03:27 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"disableregistrytools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 crtaud;Conexant Riptide WDM Audio Driver;C:\WINDOWS\system32\drivers\crtaud.sys [2001-08-17 07:19]
R3 rpfun;Conexant Riptide Dummy Driver;C:\WINDOWS\system32\drivers\rpfun.sys [2001-08-17 07:19]
R3 rthwcls;Conexant Riptide Bus / Firmware Downloader;C:\WINDOWS\system32\drivers\rthwcls.sys [2001-08-17 07:19]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-03 16:14:45 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-03-03 16:14:44 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 01:00:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\wml.exe
C:\WINDOWS\default.htm 1856 bytes
C:\WINDOWS\system32\ESHOPEE.exe 27904 bytes
C:\WINDOWS\system32\msole32.exe 19712 bytes

scan completed successfully
hidden files: 4

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\mgmrwmrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2008-03-04 1:05:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-04 06:04:50
.
2008-02-13 02:39:46 --- E O F ---

BC AdBot (Login to Remove)

 


m

#2 TamaraLong

TamaraLong
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 04 March 2008 - 07:32 AM

I also have the red pop up box that says i have trojandownloader.xs. I was reading through previous messages and there was also something mentioned about Deckard's System Scanner. Well, I downloaded it and ran it and the results are below. Also, I am locked out of task manager. And the current list of problems i have on this computer are as follows: adbreak, acespy, aconti, access media, adblaster, win32, and mgmrwmrv.exe. I can delete most of these files manually, but they just seem to reinstall themselves immediately afterward with the exception of the last one. it won't let me delete it bc it says it is either in use or read/write protected. Would really like for someone to please help. Computer is kind of a necessity for my fiance to get paid from where he works at. And he has used the computer for access to his bank account before as well. Until I hear back, I am going to keep going through these blogs and try to fix it or atleast get as much information as possible for someone to be able to help me.



Deckard's System Scanner v20071014.68
Run by Owner on 2008-03-04 07:03:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
58: 2008-03-04 12:03:46 UTC - RP387 - Deckard's System Scanner Restore Point
57: 2008-03-04 05:18:36 UTC - RP386 - ComboFix created restore point
56: 2008-03-03 20:38:22 UTC - RP385 - System Checkpoint
55: 2008-03-02 14:02:11 UTC - RP384 - System Checkpoint
54: 2008-03-01 13:53:17 UTC - RP383 - System Checkpoint


-- First Restore Point --
1: 2007-12-20 21:18:04 UTC - RP330 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 383 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:54 AM, on 3/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I6OAI4G9\dss[1].exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKCU\..\Run: [Y!TunnelBasic] C:\Program Files\Digital Asphyxia\Y!TunnelBasic 2.0\YTBasic.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Eres] "C:\PROGRA~1\COMMON~1\STEM~1\ntvdm.exe" -vt yazb
O4 - HKCU\..\Run: [Pntij] "C:\Program Files\?racle\??anregw.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SnapDetect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZJ
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.java.com
O15 - Trusted Zone: http://game1.pogo.com
O15 - Trusted Zone: http://www.pogo.com
O15 - Trusted Zone: http://jdl.sun.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11181 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-03 11:14:45 340 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-03-03 11:14:44 332 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-02-04 and 2008-03-04 -----------------------------

2008-03-04 05:52:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\acccore
2008-03-04 05:49:24 8448 --a------ C:\WINDOWS\eventlowg.dll
2008-03-04 05:49:24 25088 --a------ C:\WINDOWS\daxtime.dll
2008-03-04 05:49:23 13824 --a------ C:\WINDOWS\liqui-Uninstaller.exe
2008-03-04 05:49:23 12800 --a------ C:\WINDOWS\liqui.exe
2008-03-04 05:49:23 16128 --a------ C:\WINDOWS\liqui.dll
2008-03-04 05:49:22 27136 --a------ C:\WINDOWS\fhfmm.exe
2008-03-04 05:49:21 23040 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe
2008-03-04 05:49:20 21248 --a------ C:\WINDOWS\xadbrk.exe
2008-03-04 05:49:20 10752 --a------ C:\WINDOWS\xadbrk.dll
2008-03-04 05:49:19 13056 --a------ C:\WINDOWS\xadbrk_.exe
2008-03-04 05:49:19 22528 --a------ C:\WINDOWS\kkcomp.dll
2008-03-04 05:49:18 28928 --a------ C:\WINDOWS\kkcomp.exe
2008-03-04 05:49:17 18688 --a------ C:\WINDOWS\kkcomp$.exe
2008-03-04 05:49:16 25344 --a------ C:\WINDOWS\liqad.dll
2008-03-04 05:49:15 18432 --a------ C:\WINDOWS\liqad.exe
2008-03-04 05:49:15 10752 --a------ C:\WINDOWS\liqad$.exe
2008-03-04 05:49:15 11776 --a------ C:\WINDOWS\kvnab.dll
2008-03-04 05:49:14 26880 --a------ C:\WINDOWS\kvnab.exe
2008-03-04 05:49:13 15104 --a------ C:\WINDOWS\kvnab$.exe
2008-03-04 05:49:12 9472 --a------ C:\WINDOWS\settn.dll
2008-03-04 05:49:12 26624 --a------ C:\WINDOWS\hcwprn.exe
2008-03-04 05:49:11 24576 --a------ C:\WINDOWS\cbinst$.exe
2008-03-04 05:49:10 27392 --a------ C:\WINDOWS\pbsysie.dll
2008-03-04 05:49:09 30208 --a------ C:\WINDOWS\wbeCheck.exe
2008-03-04 05:49:08 16640 --a------ C:\WINDOWS\wbeInst$.exe
2008-03-04 05:49:07 22528 --a------ C:\WINDOWS\iexplorr23.dll
2008-03-04 05:49:06 9472 --a------ C:\WINDOWS\jd2002.dll
2008-03-04 05:49:06 22272 --a------ C:\WINDOWS\adbar.dll
2008-03-04 05:49:05 25088 --a------ C:\WINDOWS\spredirect.dll
2008-03-04 05:49:02 15872 --a------ C:\WINDOWS\aconti.exe
2008-03-04 05:49:01 31744 --a------ C:\WINDOWS\ie_32.exe
2008-03-04 05:48:59 27136 --a------ C:\WINDOWS\xxxvideo.exe
2008-03-04 05:48:58 16896 --a------ C:\WINDOWS\ngd.dll
2008-03-04 05:48:57 15872 --a------ C:\WINDOWS\hotporn.exe
2008-03-04 05:48:57 24064 --a------ C:\WINDOWS\dp0.dll
2008-03-04 05:48:56 29440 --a------ C:\WINDOWS\vxddsk.exe
2008-03-04 05:48:54 23296 --a------ C:\WINDOWS\wml.exe
2008-03-04 05:48:53 28928 --a------ C:\WINDOWS\7search.dll
2008-03-04 05:48:52 26112 --a------ C:\WINDOWS\flt.dll
2008-03-04 05:48:51 13824 --a------ C:\WINDOWS\764.exe
2008-03-04 05:48:50 16384 --a------ C:\WINDOWS\pbar.dll
2008-03-04 05:44:52 14336 --a------ C:\WINDOWS\system32\msole32.exe
2008-03-04 05:44:52 16640 --a------ C:\WINDOWS\system32\ESHOPEE.exe
2008-03-04 05:44:50 0 d-------- C:\WINDOWS\system32\acespy
2008-03-04 05:44:49 29440 --a------ C:\WINDOWS\system32\vxddsk.exe
2008-03-04 05:44:49 16384 --a------ C:\WINDOWS\system32\ace16win.dll
2008-03-04 05:44:48 20224 --a------ C:\WINDOWS\system32\wml.exe
2008-03-04 05:43:02 0 d-------- C:\Program Files\e-zshopper
2008-03-04 05:42:56 0 d-------- C:\Program Files\p2pnetworks
2008-03-04 05:42:56 0 d-------- C:\Program Files\amsys
2008-03-04 05:42:56 0 d-------- C:\Program Files\Accoona
2008-03-04 05:42:48 0 d-------- C:\Program Files\akl
2008-03-04 05:42:46 0 d-------- C:\Program Files\3721
2008-03-04 05:38:38 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-03-04 05:38:38 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-03-04 05:38:38 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-03-04 05:38:38 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-03-04 05:38:38 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-03-04 05:38:38 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-04 05:38:38 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-03-04 05:38:38 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-03-04 05:38:38 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-03-04 05:38:38 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-03-04 05:38:38 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-03-04 05:38:38 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-03-04 05:38:38 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-03-04 05:38:38 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-04 04:40:37 0 d-------- C:\Program Files\Trend Micro
2008-03-04 00:15:06 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-04 00:15:06 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-04 00:15:06 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-04 00:15:06 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-03 11:25:33 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-03-03 11:14:02 0 d-------- C:\Program Files\McAfee.com
2008-03-03 11:13:33 0 d-------- C:\Program Files\Common Files\McAfee
2008-03-03 11:13:07 0 d-------- C:\Program Files\McAfee
2008-03-03 11:05:19 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-02 04:27:39 89099 --a------ C:\WINDOWS\system32\mgmrwmrv.exe <Not Verified; Microsoft; runbll>
2008-02-24 16:08:32 0 d-------- C:\Program Files\Common Files\xing shared
2008-02-22 23:00:24 0 d-------- C:\Documents and Settings\Owner\Application Data\Viewpoint
2008-02-22 02:36:00 0 d-------- C:\Program Files\Viewpoint
2008-02-20 05:40:54 0 d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-02-20 05:40:42 0 d-------- C:\Program Files\DNA
2008-02-05 04:56:35 0 d-------- C:\Program Files\Lavasoft
2008-02-05 04:56:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-05 04:52:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-05 01:21:12 0 d-------- C:\Documents and Settings\Olah\Application Data\Yahoo!


-- Find3M Report ---------------------------------------------------------------

2008-03-04 00:27:46 0 d-------- C:\Program Files\Common Files
2008-03-02 02:57:34 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-02-27 19:33:30 0 d-------- C:\Program Files\The Weather Channel FW
2008-02-24 16:08:24 0 d-------- C:\Program Files\Real
2008-02-24 16:07:44 0 d-------- C:\Program Files\Common Files\Real
2008-02-24 13:23:02 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-02-23 09:31:19 0 d-------- C:\Program Files\LimeWire
2008-02-22 03:01:17 0 d-------- C:\Program Files\AIM6
2008-02-22 02:35:04 0 d-------- C:\Program Files\Common Files\AOL
2008-02-07 12:05:11 0 d-------- C:\Documents and Settings\Owner\Application Data\AOL
2008-02-07 11:56:09 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-02-07 11:45:28 0 d-------- C:\Program Files\Yahoo!
2008-02-05 03:36:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-01-30 01:42:52 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/13/2003 01:49 AM]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [08/12/2005 11:31 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [11/05/2002 01:34 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/24/2008 04:05 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mail.com"="C:\Program Files\mail.com\mcalert.exe" []
"Y!TunnelBasic"="C:\Program Files\Digital Asphyxia\Y!TunnelBasic 2.0\YTBasic.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [03/16/2007 06:51 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/10/2007 05:57 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 03:45 PM]
"Aim6"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 07:05 PM]
"Eres"="C:\PROGRA~1\COMMON~1\STEM~1\ntvdm.exe" []
"Pntij"="C:\Program Files\?racle\??anregw.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
SnapDetect.lnk - C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe [9/1/2005 8:03:27 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-03-04 07:09:24 ------------





Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 382.48 MiB / 142.25 MiB
Pagefile Memory (total/avail): 633.4 MiB / 363.76 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.94 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 27.95 GiB total, 4.68 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - QUANTUM FIREBALLlct10 30 - 27.95 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 27.95 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OWNER-YT651666X
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\OWNER-YT651666X
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
RNLOG_BASEKEY=Software\RealNetworks\RealPlayer\6.0\Preferences\BrowserRecordPluginLog
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=OWNER-YT651666X
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Olah
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Ahead Nero Burning ROM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Aim Plugin for QQ Games --> C:\Program Files\Tencent\QQ Games\Plugin\Uninstall.EXE
AIMTunes --> C:\Program Files\AIMTunes\Uninstall.exe
AOL Coach Version 2.0(Build:20041026.5 en) --> C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Ezonics Greeting Cam Deluxe --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ezonics\Ezonics Greeting Cam Deluxe\Uninst.isu"
EZShowtime MMS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FB2EF0E-0254-4B7E-98C9-7F83E0C5E6C2}\Setup.exe" -l0x9
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp deskjet 3820 series --> rundll32 hpzcon07.dll,VendorJettison hp deskjet 3820 series
hp deskjet 3820 series (Remove only) --> C:\Program Files\hp deskjet 3820 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=3820 -huninstall
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.2) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
QQ Games --> C:\Program Files\Tencent\QQ Games\Uninstall.EXE
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
The Weather Channel Desktop --> C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
USB PC Camera --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9698A67-7E71-11D8-B9BF-00E018FAA1E4}\setup.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Weather Services --> C:\WINDOWS\system32\control.exe C:\PROGRA~1\THEWEA~1\FRAMEW~1\wxfw.cpl,4
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinTouch --> C:\Documents and Settings\Owner\Application Data\WinTouch\WTUninstaller.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type2094 / Error
Event Submitted/Written: 03/04/2008 07:06:24 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application mcshell.exe, version 7.2.142.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2093 / Error
Event Submitted/Written: 03/04/2008 07:06:18 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application mcshell.exe, version 7.2.142.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2092 / Error
Event Submitted/Written: 03/04/2008 07:06:18 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application mcshell.exe, version 7.2.142.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2091 / Error
Event Submitted/Written: 03/04/2008 07:06:18 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application mcshell.exe, version 7.2.142.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2085 / Warning
Event Submitted/Written: 03/04/2008 05:55:10 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7314 / Error
Event Submitted/Written: 03/04/2008 07:05:39 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {820E0B47-27D0-4E64-BE80-7610FAC9BBC7} did not register with DCOM within the required timeout.

Event Record #/Type7310 / Error
Event Submitted/Written: 03/04/2008 07:04:08 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {7EB483B0-414C-4B45-A46C-CF4620531F8F} did not register with DCOM within the required timeout.

Event Record #/Type7306 / Error
Event Submitted/Written: 03/04/2008 06:41:34 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {820E0B47-27D0-4E64-BE80-7610FAC9BBC7} did not register with DCOM within the required timeout.

Event Record #/Type7302 / Error
Event Submitted/Written: 03/04/2008 06:41:04 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {7EB483B0-414C-4B45-A46C-CF4620531F8F} did not register with DCOM within the required timeout.

Event Record #/Type7298 / Error
Event Submitted/Written: 03/04/2008 06:40:31 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {820E0B47-27D0-4E64-BE80-7610FAC9BBC7} did not register with DCOM within the required timeout.



-- End of Deckard's System Scanner: finished at 2008-03-04 07:09:24 ------------

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:49 PM

Posted 04 March 2008 - 05:22 PM

Hello Tamra,

Also, I downloaded a program called Combofix. I saw it mentioned in a blog and I found the program and downloaded it and ran it once. Here is the log from that if that is useful...


You made a big mistake! :blink: You ran ComboFix incorrectly by not installing Recovery Console and run it from the Temp folder. :wacko: Now if there is a problem there is no backup. :)

Running from: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GK06FB99\ComboFix[1].exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!




You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



I hear back, I am going to keep going through these blogs


Stop going to blogs! That is where you got the bad information about running ComboxFix. :thumbsup: It is NOT FOR PRIVATE USE, and can bork your computer used incorrectly.
Dont blame me or ComboFix if you have to reformat the computer.



NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again! Also delete C:\rapport.txt

Please download SmitfraudFix

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of the SmitfraudFix report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Edited by SifuMike, 04 March 2008 - 05:24 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 TamaraLong

TamaraLong
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 10 March 2008 - 07:14 AM

My computer got completely eaten. It had to be wiped and windows and all re-installed. Most of my files got lost bc the virus blocked me out of them, even in dos. i got it narrowed down to one virus, something called mgmrwmrv.exe.

Anyway, its back up and running again. I didn't realize it, but a friend of mine has a brother that works on computers for the government fixing hacked and infected computers all day long. he helped me with the hijackthislog, but it was apparently too late for it.

Thanks anyway for trying to help. Going to re-install the hijackthis program anyway just in case, but i should be in the clear now. If I have anymore problems and can't get ahold of my friend's brother, i'll be back.

#5 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:49 PM

Posted 10 March 2008 - 12:26 PM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users