Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Hjt Log


  • This topic is locked This topic is locked
5 replies to this topic

#1 cassiexoxo

cassiexoxo

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 24 March 2008 - 07:58 PM

Here is my HJT log regarding my previous post in the "Am I Infected?" section.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:32 PM, on 3/23/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\RunDll32.exe
G:\Program Files\BearShare\BearShare.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\CASSANDRA\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\OPLIMIT\ocrawr32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {24B966FE-3658-47DA-923F-6BC612D9DA12} - c:\windows\system32\kkpekkp.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BearShare] "G:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Policies\Explorer\Run: [7H28X9M91L] C:\WINDOWS\winlogon32.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\CASSANDRA\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...244/mcfscan.cab
O20 - Winlogon Notify: vfapauum - C:\WINDOWS\SYSTEM32\kkpekkp.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 6929 bytes


What can I do to remove my virus?

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:18 PM

Posted 25 March 2008 - 02:51 PM

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 cassiexoxo

cassiexoxo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 04 April 2008 - 04:54 PM

Hello miekiemoes,
I have created the new logs with ComboFix and HijackThis. I made two logs with ComboFix.

The first ComboFix log was created while I had my Anti-Virus software still running. Here is the log file from the first ComboFix Log:

ComboFix 08-04-03.5 - DAD 2008-04-04 15:14:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.751 [GMT -5:00]
Running from: C:\Documents and Settings\CASSANDRA\My Documents\download\ComboFix.exe
* Resident AV is active

.
TimedOut: progfile.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\uppim.dll
C:\WINDOWS\Tasks.\At1.job
C:\WINDOWS\system32\kkpekkp.dll . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XSWVNDJY
-------\Service_xswvndjy


((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-04-04 12:59 . 2008-04-04 12:59 2,669 --a------ C:\WINDOWS\system32\hijackthis-B4-Combo
2008-04-03 13:09 . 2008-04-03 13:09 <DIR> d-------- C:\Program Files\Common Files\Mozilla Shared
2008-04-03 13:08 . 2008-04-04 13:20 6,491,392 --a------ C:\WINDOWS\system32\ejkosrdj.dat
2008-04-03 13:05 . 2008-04-03 13:05 <DIR> d-------- C:\VundoFix Backups
2008-04-02 14:01 . 2008-04-02 15:43 <DIR> d-------- C:\Documents and Settings\DAD\.housecall6.6
2008-04-01 04:41 . 2008-04-01 04:41 <DIR> d-------- C:\Documents and Settings\CASSANDRA\Application Data\Participatory Culture Foundation
2008-04-01 04:40 . 2008-04-01 04:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Participatory Culture Foundation
2008-04-01 04:39 . 2008-04-01 04:39 <DIR> d-------- C:\Program Files\Participatory Culture Foundation
2008-03-31 21:05 . 2007-03-04 07:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2008-03-31 21:05 . 2007-03-04 07:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2008-03-31 21:04 . 2008-03-31 21:03 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-03-31 21:03 . 2008-03-31 21:14 <DIR> d-------- C:\Program Files\Replay Converter
2008-03-31 21:02 . 2008-03-31 21:02 411,248 --a------ C:\Program Files\FLV PlayerRCSetup.exe
2008-03-31 21:01 . 2008-03-31 21:01 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-03-31 21:01 . 2008-03-31 21:01 <DIR> d-------- C:\Program Files\FLV Player
2008-03-30 00:55 . 2008-03-30 22:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-30 00:55 . 2008-03-30 00:55 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-29 18:43 . 2008-03-29 18:43 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-03-22 00:15 . 2008-03-22 00:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2008-03-19 20:14 . 2008-03-30 22:00 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-19 00:59 . 2008-03-19 00:59 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-03-18 22:30 . 2008-03-18 22:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2008-03-18 00:23 . 2008-03-20 00:59 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-03-17 23:30 . 2008-04-03 11:07 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
2008-03-17 18:51 . 2008-03-17 18:51 61,480 --a------ C:\Documents and Settings\Administrator\GoToAssistDownloadHelper.exe
2008-03-17 18:33 . 2008-03-17 18:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\McAfee
2008-03-14 18:53 . 2008-03-15 12:06 <DIR> d-------- C:\SDAT
2008-03-14 18:46 . 2008-03-14 18:46 41,275,022 --a------ C:\sdat5252.exe
2008-03-14 18:18 . 2008-03-14 18:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SiteAdvisor
2008-03-14 18:13 . 2008-04-03 13:30 <DIR> d-------- C:\Documents and Settings\DAD\Application Data\SiteAdvisor
2008-03-14 00:13 . 2008-03-14 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2008-03-14 00:06 . 2008-03-14 00:06 61,480 --a------ C:\Documents and Settings\CASSANDRA\GoToAssistDownloadHelper.exe
2008-03-12 00:07 . 2008-03-19 22:36 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
2008-03-11 01:38 . 2008-03-13 00:35 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-03-11 01:38 . 2008-03-11 01:38 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-03-11 01:38 . 2008-04-03 02:24 <DIR> d-------- C:\Documents and Settings\CASSANDRA\Application Data\SiteAdvisor
2008-03-11 01:38 . 2008-03-11 01:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-03-11 01:36 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-03-11 01:36 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-03-11 01:36 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-03-11 01:36 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-03-11 01:36 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-03-11 01:36 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-03-11 01:35 . 2008-04-04 12:51 <DIR> d-------- C:\Program Files\McAfee
2008-03-11 01:35 . 2008-03-11 01:36 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-03-10 23:48 . 2008-03-10 23:48 <DIR> d-------- C:\WINDOWS\Antivirus Pro
2008-03-10 23:21 . 2008-02-04 15:09 60,166 --a------ C:\WINDOWS\system32\Config.MPF
2008-03-10 13:17 . 2008-03-10 13:17 <DIR> d-------- C:\Program Files\InterMute
2008-03-09 13:12 . 2008-03-14 00:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-04 22:33 . 2008-03-04 22:33 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-03-04 20:42 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 20:18 80,896 ----a-w C:\WINDOWS\system32\kkpekkp.dll
2008-04-03 22:54 20,224 ----a-w C:\WINDOWS\system32\drivers\gpnnansk.dat
2008-04-01 02:03 --------- d-----w C:\Documents and Settings\CASSANDRA\Application Data\GetRightToGo
2008-04-01 01:49 --------- d-----w C:\Program Files\Winamp
2008-03-29 23:43 --------- d-----w C:\Program Files\StepMania
2008-03-14 05:31 --------- d-----w C:\Program Files\SB
2008-03-14 05:29 --------- d-----w C:\Program Files\Sophos
2008-03-14 05:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-14 04:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-14 04:50 --------- d-----w C:\Documents and Settings\CASSANDRA\Application Data\McAfee
2008-03-11 06:35 --------- d-----w C:\Program Files\McAfee.com
2008-03-06 21:59 --------- d-----w C:\Program Files\Google
2008-03-03 23:51 --------- d-----w C:\Program Files\AV VCS 3.0
2008-02-27 18:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-27 04:43 --------- d-----w C:\Program Files\Audacity
2008-02-26 00:37 --------- d-----w C:\Program Files\Mp3Doctor
2008-02-26 00:20 --------- d-----w C:\Program Files\GenTek Solutions Inc
2008-02-26 00:20 --------- d-----w C:\Program Files\Common Files\sony shared
2008-02-25 08:39 --------- d-----w C:\Documents and Settings\CASSANDRA\Application Data\.gaim
2008-02-17 02:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-16 14:37 10 ----a-w C:\WINDOWS\system32\drivers\tmbi.sys
2008-02-09 17:44 --------- d-----w C:\Documents and Settings\DAD\Application Data\Apple Computer
2008-02-08 23:06 --------- d-----w C:\Documents and Settings\CASSANDRA\Application Data\Ulead Systems
2008-02-08 23:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-02-08 22:56 --------- d-----w C:\Program Files\Ulead Systems
2008-02-08 22:40 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-02-08 22:40 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-07 12:41 --------- d-----w C:\Program Files\Apple Software Update
2008-02-07 12:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-06 18:33 --------- d-----w C:\Documents and Settings\DAD\Application Data\Lavasoft
2008-02-06 12:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-02-06 11:13 --------- d-----w C:\Documents and Settings\DAD\Application Data\McAfee.com Personal Firewall
2008-02-05 22:32 --------- d-----w C:\Program Files\HooTech
2008-02-05 22:31 --------- d-----w C:\Program Files\Quick Screen Capture
2008-02-05 21:43 --------- d-----w C:\Program Files\BitComet
2008-02-05 21:40 --------- d-----w C:\Documents and Settings\LocalService\Application Data\DivX
2007-04-06 03:44 5,187 ----a-w C:\Documents and Settings\CASSANDRA\Application Data\waver_2.95.dat
2001-11-23 17:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24B966FE-3658-47DA-923F-6BC612D9DA12}]
2008-04-04 15:18 80896 --a------ c:\windows\system32\kkpekkp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HijackThis startup scan"="C:\Program Files\HijackThis\HijackThis.exe" [2008-03-22 19:52 396288]
"SpybotSD TeaTimer"="C:\Program Files\SB\Spybot - Search & Destroy\TeaTimer.exe" [ ]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [ ]
"mbednkbp"="C:\WINDOWS\System32\mbednkbp.exe" [ ]
"AntiVirusProMFC"="C:\Program Files\Antivirus Pro\Antivirus Pro.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2005-05-23 09:57 90112]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-22 04:08 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 16:57 36640]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54 282624]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 01:16 5058560]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29 1160480]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 16:54 127022]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 17:31 61440]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 17:32 155648]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 18:05 257088]
"Cmaudio"="cmicnfg.cpl" []
"BearShare"="G:\Program Files\BearShare\BearShare.exe" [2005-09-07 12:25 3223552]

C:\Documents and Settings\CASSANDRA\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
OCRAWARE.lnk - C:\OPLIMIT\OCRAWARE.EXE [2007-06-16 01:34:48 51360]
UMAX VistaAccess.lnk - C:\VSTASCAN\vsaccess.exe [2007-06-16 01:32:35 299008]
YouTube Uploader.lnk - C:\Documents and Settings\CASSANDRA\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-11-09 13:33:08 71152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"7H28X9M91L"= C:\WINDOWS\winlogon32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.WMV3"= wmv9vcm.dll
"MSVideo8"= VfWWDM32.dll
"vidc.tscc"= tsccvid.dll
"MSVideo"= vfwwdm32.dll
"msacm.iac2"= C:\PROGRA~1\REPLAY~1\iac25_32.ax

R0 hifozhgz;Microsoft RPC API Helper;C:\WINDOWS\System32\drivers\gpnnansk.dat []
R1 RapFile;RapFile;C:\WINDOWS\System32\drivers\RapFile.sys [2002-03-02 17:39]
R1 RapNet;RapNet;C:\WINDOWS\System32\drivers\RapNet.sys [2002-03-02 17:39]
R2 Vcs;Vcs support;C:\WINDOWS\System32\Drivers\Vcs.sys [2002-12-10 08:11]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\System32\2.tmp []
S3 Vsp;Vsp;C:\WINDOWS\System32\drivers\Vsp.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-03-27 13:57:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-11 06:35:54 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-04-01 06:07:05 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 15:28:26
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hifozhgz]
"ImagePath"="system32\drivers\gpnnansk.dat"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\System32\2.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6253\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-04-04 15:31:25 - machine was rebooted [DAD]
ComboFix-quarantined-files.txt 2008-04-04 20:31:13
Pre-Run: 5,206,056,960 bytes free
Post-Run: 5,867,511,808 bytes free







Now, Here is the second ComboFix log I created After I uninstalled my Anti-Virus software:

ComboFix 08-04-03.5 - DAD 2008-04-04 16:13:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.811 [GMT -5:00]
Running from: C:\Documents and Settings\CASSANDRA\My Documents\download\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-04-04 16:08 . 2008-04-04 16:08 33 --a------ C:\WINDOWS\LVMMail.INI
2008-04-04 15:54 . 2008-04-04 15:54 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-04-04 12:59 . 2008-04-04 12:59 2,669 --a------ C:\WINDOWS\system32\hijackthis-B4-Combo
2008-04-03 13:09 . 2008-04-03 13:09 <DIR> d-------- C:\Program Files\Common Files\Mozilla Shared
2008-04-03 13:08 . 2008-04-04 13:20 6,491,392 --a------ C:\WINDOWS\system32\ejkosrdj.dat
2008-04-03 13:05 . 2008-04-03 13:05 <DIR> d-------- C:\VundoFix Backups
2008-04-02 14:01 . 2008-04-02 15:43 <DIR> d-------- C:\Documents and Settings\DAD\.housecall6.6
2008-04-01 04:41 . 2008-04-01 04:41 <DIR> d-------- C:\Documents and Settings\CASSANDRA\Application Data\Participatory Culture Foundation
2008-04-01 04:40 . 2008-04-01 04:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Participatory Culture Foundation
2008-04-01 04:39 . 2008-04-01 04:39 <DIR> d-------- C:\Program Files\Participatory Culture Foundation
2008-03-31 21:05 . 2007-03-04 07:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2008-03-31 21:05 . 2007-03-04 07:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2008-03-31 21:04 . 2008-03-31 21:03 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-03-31 21:03 . 2008-03-31 21:14 <DIR> d-------- C:\Program Files\Replay Converter
2008-03-31 21:02 . 2008-03-31 21:02 411,248 --a------ C:\Program Files\FLV PlayerRCSetup.exe
2008-03-31 21:01 . 2008-03-31 21:01 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-03-31 21:01 . 2008-03-31 21:01 <DIR> d-------- C:\Program Files\FLV Player
2008-03-30 00:55 . 2008-03-30 22:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-30 00:55 . 2008-03-30 00:55 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-29 18:43 . 2008-03-29 18:43 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-03-22 00:15 . 2008-03-22 00:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2008-03-19 20:14 . 2008-03-30 22:00 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-19 00:59 . 2008-03-19 00:59 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-03-18 22:30 . 2008-03-18 22:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2008-03-18 00:23 . 2008-03-20 00:59 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-03-17 23:30 . 2008-04-03 11:07 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
2008-03-17 18:51 . 2008-03-17 18:51 61,480 --a------ C:\Documents and Settings\Administrator\GoToAssistDownloadHelper.exe
2008-03-17 18:33 . 2008-03-17 18:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\McAfee
2008-03-14 18:53 . 2008-03-15 12:06 <DIR> d-------- C:\SDAT
2008-03-14 18:46 . 2008-03-14 18:46 41,275,022 --a------ C:\sdat5252.exe
2008-03-14 00:13 . 2008-03-14 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2008-03-14 00:06 . 2008-03-14 00:06 61,480 --a------ C:\Documents and Settings\CASSANDRA\GoToAssistDownloadHelper.exe
2008-03-11 01:38 . 2008-04-04 15:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-03-10 23:48 . 2008-03-10 23:48 <DIR> d-------- C:\WINDOWS\Antivirus Pro
2008-03-10 13:17 . 2008-03-10 13:17 <DIR> d-------- C:\Program Files\InterMute
2008-03-09 13:12 . 2008-03-14 00:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-04 22:33 . 2008-03-04 22:33 <DIR> d-------- C:\WINDOWS\McAfee.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 20:57 --------- d-----w C:\Program Files\McAfee.com
2008-04-04 20:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-04 20:18 80,896 ----a-w C:\WINDOWS\system32\kkpekkp.dll
2008-04-03 22:54 20,224 ----a-w C:\WINDOWS\system32\drivers\gpnnansk.dat
2008-04-01 02:03 --------- d-----w C:\Documents and Settings\CASSANDRA\Application Data\GetRightToGo
2008-04-01 01:49 --------- d-----w C:\Program Files\Winamp
2008-03-29 23:43 --------- d-----w C:\Program Files\StepMania
2008-03-14 05:31 --------- d-----w C:\Program Files\SB
2008-03-14 05:29 --------- d-----w C:\Program Files\Sophos
2008-03-14 05:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-14 04:50 --------- d-----w C:\Documents and Settings\CASSANDRA\Application Data\McAfee
2008-03-06 21:59 --------- d-----w C:\Program Files\Google
2008-03-03 23:51 --------- d-----w C:\Program Files\AV VCS 3.0
2008-02-27 18:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-27 04:43 --------- d-----w C:\Program Files\Audacity
2008-02-26 00:37 --------- d-----w C:\Program Files\Mp3Doctor
2008-02-26 00:20 --------- d-----w C:\Program Files\GenTek Solutions Inc
2008-02-26 00:20 --------- d-----w C:\Program Files\Common Files\sony shared
2008-02-25 08:39 --------- d-----w C:\Documents and Settings\CASSANDRA\Application Data\.gaim
2008-02-17 02:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-16 14:37 10 ----a-w C:\WINDOWS\system32\drivers\tmbi.sys
2008-02-09 17:44 --------- d-----w C:\Documents and Settings\DAD\Application Data\Apple Computer
2008-02-08 23:06 --------- d-----w C:\Documents and Settings\CASSANDRA\Application Data\Ulead Systems
2008-02-08 23:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-02-08 22:56 --------- d-----w C:\Program Files\Ulead Systems
2008-02-08 22:40 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-02-08 22:40 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-07 12:41 --------- d-----w C:\Program Files\Apple Software Update
2008-02-07 12:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-06 18:33 --------- d-----w C:\Documents and Settings\DAD\Application Data\Lavasoft
2008-02-06 12:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-02-06 11:13 --------- d-----w C:\Documents and Settings\DAD\Application Data\McAfee.com Personal Firewall
2008-02-05 22:32 --------- d-----w C:\Program Files\HooTech
2008-02-05 22:31 --------- d-----w C:\Program Files\Quick Screen Capture
2008-02-05 21:43 --------- d-----w C:\Program Files\BitComet
2008-02-05 21:40 --------- d-----w C:\Documents and Settings\LocalService\Application Data\DivX
2007-04-06 03:44 5,187 ----a-w C:\Documents and Settings\CASSANDRA\Application Data\waver_2.95.dat
2001-11-23 17:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-04_15.30.42.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-09-01 01:10:00 341,064 ----a-r C:\WINDOWS\LastGood.Tmp\System32\mcinsctl.dll
+ 2002-08-29 03:41:10 17,408 ----a-w C:\WINDOWS\LastGood.Tmp\System32\psapi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24B966FE-3658-47DA-923F-6BC612D9DA12}]
2008-04-04 15:18 80896 --a------ c:\windows\system32\kkpekkp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HijackThis startup scan"="C:\Program Files\HijackThis\HijackThis.exe" [2008-03-22 19:52 396288]
"SpybotSD TeaTimer"="C:\Program Files\SB\Spybot - Search & Destroy\TeaTimer.exe" [ ]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [ ]
"mbednkbp"="C:\WINDOWS\System32\mbednkbp.exe" [ ]
"AntiVirusProMFC"="C:\Program Files\Antivirus Pro\Antivirus Pro.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-22 04:08 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54 282624]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 01:16 5058560]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 16:54 127022]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 17:31 61440]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 17:32 155648]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 18:05 257088]
"Cmaudio"="cmicnfg.cpl" []

C:\Documents and Settings\CASSANDRA\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
OCRAWARE.lnk - C:\OPLIMIT\OCRAWARE.EXE [2007-06-16 01:34:48 51360]
UMAX VistaAccess.lnk - C:\VSTASCAN\vsaccess.exe [2007-06-16 01:32:35 299008]
YouTube Uploader.lnk - C:\Documents and Settings\CASSANDRA\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-11-09 13:33:08 71152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"7H28X9M91L"= C:\WINDOWS\winlogon32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.WMV3"= wmv9vcm.dll
"MSVideo8"= VfWWDM32.dll
"vidc.tscc"= tsccvid.dll
"MSVideo"= vfwwdm32.dll
"msacm.iac2"= C:\PROGRA~1\REPLAY~1\iac25_32.ax

R0 hifozhgz;Microsoft RPC API Helper;C:\WINDOWS\System32\drivers\gpnnansk.dat []
R1 RapFile;RapFile;C:\WINDOWS\System32\drivers\RapFile.sys [2002-03-02 17:39]
R1 RapNet;RapNet;C:\WINDOWS\System32\drivers\RapNet.sys [2002-03-02 17:39]
R2 Vcs;Vcs support;C:\WINDOWS\System32\Drivers\Vcs.sys [2002-12-10 08:11]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\System32\2.tmp []
S3 Vsp;Vsp;C:\WINDOWS\System32\drivers\Vsp.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-03-27 13:57:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 16:16:34
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\hifozhgz]
"ImagePath"="system32\drivers\gpnnansk.dat"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\System32\2.tmp"
.
Completion time: 2008-04-04 16:17:27
ComboFix-quarantined-files.txt 2008-04-04 21:17:09
ComboFix2.txt 2008-04-04 20:31:28
Pre-Run: 9,184,464,896 bytes free
Post-Run: 9,173,004,288 bytes free




Now, Here is the HijackThis log created after both ComboFix logs were created:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:41:57 PM, on 4/4/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\CASSANDRA\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {24B966FE-3658-47DA-923F-6BC612D9DA12} - c:\windows\system32\kkpekkp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Policies\Explorer\Run: [7H28X9M91L] C:\WINDOWS\winlogon32.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\CASSANDRA\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...244/mcfscan.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 4854 bytes







I hope this information is what you wanted. Thanks.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:18 PM

Posted 04 April 2008 - 05:12 PM

Hi,

I see Bearshare installed. In case you didn't pay for it, I strongly recommend you uninstall it -- because the free version is bundled with spyware.
In case you paid for it, keep it.
In anyway, we will remove its startup reference here in the registry because I do not recommend P2P programs starting up with Windows.

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\Windows\system32\drivers\gpnnansk.dat
C:\WINDOWS\system32\ejkosrdj.dat
C:\WINDOWS\winlogon32.exe
c:\windows\system32\kkpekkp.dll
Folder::
C:\WINDOWS\Antivirus Pro
C:\VundoFix Backups
Driver::
hifozhgz
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hifozhgz]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24B966FE-3658-47DA-923F-6BC612D9DA12}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mbednkbp"=-
"AntiVirusProMFC"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BearShare"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"7H28X9M91L"=-


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:18 PM

Posted 13 April 2008 - 04:47 AM

Still with us?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:18 PM

Posted 17 April 2008 - 11:02 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users