Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix Log


  • This topic is locked This topic is locked
12 replies to this topic

#1 ktownmvp22

ktownmvp22

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 27 May 2008 - 07:22 PM

Hi, I've been trying to clean my computer from these constant desktop pop-ups. I have even tried to run a system recovery to fix the problem. I am still receiving constant pop-ups, even when not connect to the internet. I have also received an error message: buffer overrun with explorer. Can somebody help me? I would very much appreciate it thank you.

ComboFix 08-05-21.3 - Owner 2008-05-23 16:48:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.175 [GMT -4:00]
Running from: C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\Owner.YOUR-833BEBEC1E\lsass.exe
C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Start Menu\Programs\Startup\Deewoo.lnk
C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Start Menu\Programs\Startup\DW_Start.lnk
C:\kl.exe
C:\Program Files\CPV
C:\Program Files\Google\googletoolbar1.dll
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\Spcron
C:\Program Files\Spcron\Spc.dll
C:\Program Files\Svconr
C:\Program Files\Svconr\Svconr.exe
C:\Program Files\Svconr\Svconr.exe.lzma
C:\Program Files\Temporary
C:\Program Files\Temporary\inPV.exe.lzma
C:\Program Files\Temporary\WnInt.exe.lzma
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\b155.exe
C:\WINDOWS\b156.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\IA
C:\WINDOWS\IA\asappsrv.dll
C:\WINDOWS\IA\command.exe
C:\WINDOWS\IA\KE.vbs
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\{9aa54413-f9bb-c0af-0a90-2a314d6c10bd}.dll
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\CPV.stt
C:\WINDOWS\system32\drivers\asc3350pp.sys
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\huhwlcmm.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\nnnlKeBU.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\UBeKlnnn.ini
C:\WINDOWS\system32\UBeKlnnn.ini2
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\uninstall_nmon.vbs
D:\Autorun.inf
J:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService
-------\Service_Network Monitor
-------\Legacy_asc3350pp
-------\Service_asc3350pp


((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))
.

2008-05-23 15:41 . 2008-05-23 15:41 401,969 --a------ C:\WINDOWS\system32\g77.exe
2008-05-23 15:41 . 2008-05-23 15:41 200,769 --a------ C:\WINDOWS\system32\qcntskdm.exe
2008-05-23 15:41 . 2008-05-23 15:41 63,902 --a------ C:\WINDOWS\system32\{9aa54413-f9bb-c0af-0a90-2a314d6c10bd}.dll-uninst.exe
2008-05-23 15:41 . 2008-05-23 15:41 859 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-05-23 15:37 . 2008-05-23 15:37 94,208 --a------ C:\WINDOWS\system32\mmclwhuh.dll
2008-05-23 15:31 . 2008-05-23 15:31 <DIR> d-------- C:\WINDOWS\system32\vntiho18
2008-05-23 15:31 . 2008-05-23 15:31 <DIR> d-------- C:\WINDOWS\system32\hI2
2008-05-23 15:31 . 2008-05-23 15:31 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\NetMon
2008-05-23 15:31 . 2008-05-23 15:31 <DIR> d-------- C:\WINDOWS\system32\at1
2008-05-23 15:31 . 2008-05-23 15:31 <DIR> d-------- C:\WINDOWS\system32\1064a
2008-05-23 15:31 . 2008-05-23 15:31 <DIR> d-------- C:\Temp\vtmp2
2008-05-23 15:31 . 2008-05-23 16:48 <DIR> d-------- C:\Temp
2008-05-23 15:31 . 2008-05-23 15:31 28,160 --a------ C:\WINDOWS\system32\cbXPgddB.dll
2008-05-23 15:28 . 2008-05-23 15:28 14,848 --a------ C:\Documents and Settings\Owner.YOUR-833BEBEC1E\services.exe
2008-05-23 14:14 . 2008-05-23 14:14 <DIR> d---s---- C:\Documents and Settings\Owner.YOUR-833BEBEC1E\UserData
2008-05-23 02:13 . 2008-05-23 02:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-23 02:10 . 2008-05-23 01:48 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\You've Got Pictures Screensaver
2008-05-23 02:10 . 2008-05-23 01:57 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\SampleView
2008-05-23 02:09 . 2008-05-23 01:01 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-05-23 02:09 . 2008-05-23 01:48 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2008-05-23 02:09 . 2008-05-23 01:57 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
2008-05-23 02:09 . 2008-05-23 01:01 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-833BEBEC1E\WINDOWS
2008-05-23 02:09 . 2008-05-23 16:50 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-833BEBEC1E
2008-05-23 02:02 . 2008-05-23 02:02 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-05-23 01:59 . 2008-05-23 01:59 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-23 01:59 . 2008-05-23 01:59 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-23 01:59 . 2008-05-23 01:59 333 --a------ C:\WINDOWS\system32\$ncsp$.inf
2008-05-23 01:59 . 2008-05-23 01:59 0 --a------ C:\WINDOWS\system32\GATEWAY_W3507__GRD6A50008959.MRK
2008-05-23 01:58 . 2008-05-23 01:58 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-05-23 01:57 . 2008-05-23 01:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-05-23 01:56 . 2008-05-23 01:56 1,376 --a------ C:\WINDOWS\system32\Status.MPF
2008-05-23 01:53 . 2006-04-21 02:12 332,800 --a--c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-05-23 01:52 . 2006-06-22 06:47 181,248 --a--c--- C:\WINDOWS\system32\dllcache\rasmans.dll
2008-05-23 01:52 . 2006-05-19 08:59 148,480 --a--c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-05-23 01:52 . 2006-05-19 08:59 111,616 --a--c--- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
2008-05-23 01:52 . 2006-05-19 08:59 94,720 --a--c--- C:\WINDOWS\system32\dllcache\iphlpapi.dll
2008-05-23 01:51 . 2008-05-23 01:51 <DIR> d-------- C:\Program Files\SIFXINST
2008-05-23 01:50 . 2008-05-23 01:50 <DIR> d-------- C:\Program Files\McAfee
2008-05-23 01:50 . 2008-05-23 01:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-05-23 01:50 . 2008-05-23 01:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-23 01:50 . 2005-08-10 14:22 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2008-05-23 01:50 . 2005-08-16 19:18 80,640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys
2008-05-23 01:50 . 2005-08-16 19:13 9,216 --a------ C:\WINDOWS\system32\MpfApi.dll
2008-05-23 01:49 . 2008-05-23 01:50 <DIR> d-------- C:\Program Files\McAfee.com
2008-05-23 01:49 . 2008-05-23 01:49 <DIR> d-------- C:\Program Files\gtw_logo
2008-05-23 01:49 . 2008-05-23 01:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-23 01:49 . 2005-08-29 07:01 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2008-05-23 01:49 . 2005-05-24 07:23 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2008-05-23 01:49 . 2006-01-18 06:41 80,512 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2008-05-23 01:49 . 2003-03-25 08:00 67,072 --a------ C:\WINDOWS\POWERCFG.EXE
2008-05-23 01:49 . 2004-04-22 06:48 30,056 --a------ C:\WINDOWS\system32\oemlogo.bmp
2008-05-23 01:48 . 2008-05-23 01:48 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-05-23 01:48 . 2008-05-23 01:48 <DIR> d-------- C:\Program Files\QuickTime
2008-05-23 01:48 . 2008-05-23 01:49 <DIR> d-------- C:\Program Files\Microsoft Money 2006
2008-05-23 01:48 . 2008-05-23 01:48 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-05-23 01:48 . 2008-05-23 01:48 <DIR> d-------- C:\My Music
2008-05-23 01:48 . 2008-05-23 01:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-05-23 01:48 . 2008-05-23 01:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-05-23 01:48 . 2005-06-23 15:24 173,184 --a------ C:\WINDOWS\system32\ygpss.scr
2008-05-23 01:48 . 1999-11-10 14:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2008-05-23 01:48 . 2008-05-23 01:48 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2008-05-23 01:47 . 2008-05-23 01:47 <DIR> d-------- C:\Program Files\Viewpoint
2008-05-23 01:47 . 2008-05-23 01:47 <DIR> d-------- C:\Program Files\Real
2008-05-23 01:47 . 2008-05-23 01:47 <DIR> d-------- C:\Program Files\Pure Networks
2008-05-23 01:47 . 2008-05-23 01:47 <DIR> d-------- C:\Program Files\Common Files\Real
2008-05-23 01:47 . 2008-05-23 01:48 <DIR> d-------- C:\Program Files\Common Files\aolshare
2008-05-23 01:47 . 2008-05-23 01:47 <DIR> d-------- C:\Program Files\Common Files\AolCoach
2008-05-23 01:47 . 2008-05-23 01:48 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-05-23 01:47 . 2008-05-23 01:48 <DIR> d-------- C:\Program Files\America Online 9.0
2008-05-23 01:47 . 2008-05-23 01:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-23 01:47 . 2008-05-23 01:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-05-23 01:47 . 2008-05-23 01:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-05-23 01:46 . 2008-05-23 01:46 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-23 01:46 . 2008-05-23 01:46 <DIR> d-------- C:\Program Files\BigFix
2008-05-23 01:46 . 2005-10-11 15:48 10,280 --a------ C:\WINDOWS\BigFixClientOverride.dll
2008-05-23 01:45 . 2008-05-23 01:45 <DIR> d-------- C:\Program Files\MSN Encarta Plus
2008-05-23 01:45 . 2008-05-23 01:45 <DIR> d-------- C:\Program Files\Microsoft Digital Image 2006
2008-05-23 01:45 . 2008-05-23 01:45 4 --a------ C:\WINDOWS\Pix11.dat
2008-05-23 01:44 . 2008-05-23 01:44 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-23 01:43 . 2008-05-23 01:49 <DIR> d-------- C:\Program Files\Realtek
2008-05-23 01:41 . 2008-05-23 01:41 <DIR> d-------- C:\WINDOWS\wt
2008-05-23 01:41 . 2008-05-23 01:41 <DIR> d-------- C:\Program Files\WildTangent
2008-05-23 01:41 . 2008-05-23 01:43 <DIR> d-------- C:\Program Files\Gateway Games
2008-05-23 01:41 . 2008-05-23 01:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-05-23 01:40 . 2006-01-26 11:57 520,192 --a------ C:\WINDOWS\system32\ati2sgag.exe
2008-05-23 01:40 . 2005-03-04 06:36 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-05-23 01:40 . 2004-09-03 19:07 20,480 --a------ C:\WINDOWS\system32\Marker32.exe
2008-05-23 01:39 . 2008-05-23 01:40 <DIR> d-------- C:\Program Files\Java
2008-05-23 01:39 . 2008-05-23 01:39 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-23 01:39 . 2006-01-31 14:54 94,208 --a------ C:\WINDOWS\system32\bae.dll
2008-05-23 01:39 . 2005-04-17 21:52 2,238 --a------ C:\WINDOWS\system32\32-aol.ico
2008-05-23 01:39 . 2005-04-17 21:52 1,406 --a------ C:\WINDOWS\system32\16-aol.ico
2008-05-23 01:38 . 2008-05-23 01:38 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-23 01:38 . 2008-05-23 01:38 <DIR> d-------- C:\Program Files\Digital Media Reader
2008-05-23 01:37 . 2008-05-23 01:37 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-05-23 01:37 . 2004-03-22 18:17 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2008-05-23 01:37 . 2008-05-23 01:37 376 --a------ C:\WINDOWS\ODBC.INI
2008-05-23 01:36 . 2008-05-23 01:37 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-23 01:36 . 2008-05-23 01:36 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-23 01:36 . 2008-05-23 01:36 <DIR> dr-h----- C:\MSOCache
2008-05-23 01:35 . 2008-05-22 23:45 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-23 01:35 . 2008-05-23 01:35 <DIR> d-------- C:\Program Files\CyberLink
2008-05-23 01:35 . 2008-05-23 01:40 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-23 01:35 . 2008-05-23 01:35 2 --a------ C:\AUDIT_INSTALL_IN_PROGRESS
2008-05-23 01:33 . 2008-05-23 16:48 <DIR> d-------- C:\Program Files\Google
2008-05-23 01:33 . 2008-05-23 01:01 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS
2008-05-23 01:27 . 2008-05-23 01:27 2 -r-hs---- C:\USER
2008-05-23 01:27 . 2008-05-23 01:55 0 --a------ C:\REQUEST_OEMRESET_ENDUSER
2008-05-23 01:25 . 2008-05-23 01:25 <DIR> d-------- C:\Program Files\CONEXANT
2008-05-23 01:25 . 2004-08-04 01:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-05-23 01:24 . 2004-08-04 02:08 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2008-05-23 01:06 . 2008-05-23 01:51 <DIR> d-------- C:\WINDOWS\creator
2008-05-23 01:06 . 2008-05-23 01:06 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT
2008-05-23 01:05 . 2008-05-23 01:48 <DIR> d-------- C:\WINDOWS\SMINST
2008-05-23 01:05 . 2008-05-23 01:59 <DIR> d-------- C:\WINDOWS\I386
2008-05-23 01:05 . 2006-07-18 03:16 990,592 --a------ C:\WINDOWS\system32\drivers\HSF_DPV.sys
2008-05-23 01:05 . 2006-07-18 03:15 728,192 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys
2008-05-23 01:05 . 2006-07-18 03:15 256,128 --a------ C:\WINDOWS\system32\drivers\HSFHWBS2.sys
2008-05-23 01:05 . 2006-07-18 01:56 144,201 --a------ C:\WINDOWS\system32\drivers\HSFProf.cty
2008-05-23 01:05 . 2006-06-27 03:28 122,880 --a------ C:\WINDOWS\system32\Uci32107.dll
2008-05-23 01:05 . 2006-06-19 02:26 94,208 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2008-05-23 01:05 . 2001-08-17 18:36 13,824 --a------ C:\WINDOWS\system32\wowfaxui.dll
2008-05-23 01:05 . 2006-06-19 02:26 12,672 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-05-23 01:03 . 2004-08-03 20:56 294,912 --a------ C:\WINDOWS\system32\msh263.drv
2008-05-23 01:02 . 2001-08-17 10:02 262,528 --a------ C:\WINDOWS\system32\drivers\cinemst2.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 05:01 --------- d-----w C:\Program Files\Windows Plus
2008-05-23 05:01 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-23 05:01 --------- d-----w C:\Program Files\Common Files\New Boundary
2008-05-23 05:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prism Deploy
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}]
2008-05-23 15:31 28160 --a------ C:\WINDOWS\system32\cbXPgddB.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-22 23:13 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56 64512]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-23 01:33 169984]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 21:44 139264]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 03:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"HostManager"="C:\Program Files\Common Files\AOL\1211521631\EE\AOLHostManager.exe" [2004-11-03 17:03 125528]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 20:42 79448]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"McafWelcome"="C:\Program Files\McAfee.com\Agent\mcwelcom.exe" [2003-07-09 19:14 24576]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 21:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 15:49 163840]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 01:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-07-01 22:22 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2005-08-26 17:26 212992]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 13:26 110592]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 19:16 1121792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-23 01:48 98304]
"{FB-B2-26-6C-DW}"="c:\windows\system32\rwwnw64d.exe" [ ]
"2cffb2c3"="C:\WINDOWS\system32\mmclwhuh.dll" [2008-05-23 15:37 94208]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2008-05-23 01:46:53 2168360]
Install Pending Files.LNK - C:\Program Files\SIFXINST\SIFXINST.EXE [2008-05-23 01:51:08 729088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}"= C:\WINDOWS\system32\cbXPgddB.dll [2008-05-23 15:31 28160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXPgddB]
cbXPgddB.dll 2008-05-23 15:31 28160 C:\WINDOWS\system32\cbXPgddB.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1211521631\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=


.
Contents of the 'Scheduled Tasks' folder
"2008-05-23 06:09:29 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-05-23 06:09:29 C:\WINDOWS\Tasks\ISP signup reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-05-23 06:09:29 C:\WINDOWS\Tasks\ISP signup reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 16:53:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\cbXPgddB.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\mmclwhuh.dll
-> C:\PROGRA~1\Google\GOOGLE~1\GOA66E~1.DLL
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\VSO\McShield.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\PROGRA~1\McAfee.com\VSO\oasclnt.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\COMMON~1\AOL\121152~1\EE\AOLServiceHost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
.
**************************************************************************
.
Completion time: 2008-05-23 16:59:21 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-05-23 20:59:11

Pre-Run: 107,246,817,280 bytes free
Post-Run: 107,248,508,928 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

331 --- E O F --- 2008-05-23 07:01:12

BC AdBot (Login to Remove)

 


m

#2 pskelley

pskelley

  • Staff Emeritus
  • 1,487 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 05 June 2008 - 06:58 PM

Welcome to Bleeping Computer, please be sure you have read and followed the
Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
All advice given is taken at your own risk.

I apologize for the wait, if your issues are not resolved, read the instructions posted above and then follow the directions below. If you no longer need help, I would appreciate a quick post letting me know so I can close your topic.

If you still need help, please read the directions that I posted above and that are pinned to the top of the forum. Please note that even the creator of combofix suggests it not be used without supervision.

Download Trend Micro Hijack This™ to your Desktop
http://download.bleepingcomputer.com/hijac.../HJTInstall.exe
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log.
Copy and paste the contents of the log in your next reply using Add Reply.

Describe any malware symptoms.

Thanks
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#3 ktownmvp22

ktownmvp22
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 06 June 2008 - 04:15 PM

Sorry, but I keep getting an error report from microsoft everytime I run deckard system scanner. Thanks for the help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:56 PM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3507
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3507
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [2cffb2c3] rundll32.exe "C:\WINDOWS\system32\yuvmaape.dll",b
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 5353 bytes

#4 pskelley

pskelley

  • Staff Emeritus
  • 1,487 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 06 June 2008 - 04:41 PM

Thanks for returning your HJT log, you are running System Configuration Utility (MSConfig) in Selective Startup mode. Return it to Normal Mode, then post a new HJT log so I can see everything.

Describe any malware symptoms

Is this the only malware symptoms you have?

Sorry, but I keep getting an error report from microsoft everytime I run deckard system scanner

.
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#5 ktownmvp22

ktownmvp22
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 06 June 2008 - 07:16 PM

I get constant pop-up ads, sometimes on my desktop as well. And other than occasional Microsoft Error Reports, the usual creeping internet connection. Oh, sometimes my start up tab disappears on my desktop and I have to restart my computer. I've tried a system recovery but it didn't do the trick.
'

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:52 PM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\RTHDCPL.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\COMMON~1\AOL\121152~1\EE\AOLHOS~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\COMMON~1\AOL\121152~1\EE\AOLServiceHost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3507
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3507
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [2cffb2c3] rundll32.exe "C:\WINDOWS\system32\scuvhqhq.dll",b
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [{FB-B2-26-6C-DW}] c:\windows\system32\rwwnw64d.exe DWram
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1211521631\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [BM2fcc815f] Rundll32.exe "C:\WINDOWS\system32\kyiyxrut.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 8154 bytes

#6 pskelley

pskelley

  • Staff Emeritus
  • 1,487 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 07 June 2008 - 06:12 AM

Thanks for returning your scan results, you said:

And other than occasional Microsoft Error Reports

I need the error reports word for word in order to research them. They may stop once we remove this junk.

1) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.

2) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

(follow these CFSript directions very carefully)

3) Open notepad and copy/paste the text in the codebox below into it:

File::
C:\WINDOWS\system32\cbXPgddB.dll
C:\WINDOWS\system32\scuvhqhq.dll
C:\WINDOWS\system32\kyiyxrut.dll
C:\WINDOWS\system32\{9aa54413-f9bb-c0af-0a90-2a314d6c10bd}.dll-uninst.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\mmclwhuh.dll

Save this as CFScript

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [2cffb2c3] rundll32.exe "C:\WINDOWS\system32\scuvhqhq.dll",b
O4 - HKLM\..\Run: [{FB-B2-26-6C-DW}] c:\windows\system32\rwwnw64d.exe DWram
O4 - HKLM\..\Run: [BM2fcc815f] Rundll32.exe "C:\WINDOWS\system32\kyiyxrut.dll",s

Close all programs but HJT and all browser windows, then click on "Fix Checked"

5) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart and post the combofix log, a new HJT log and tell me how the computer is running.

Thanks
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#7 ktownmvp22

ktownmvp22
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 07 June 2008 - 02:15 PM

Thanks, it seems to run better, but I am still having problems with pop-ups.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:50:02 PM, on 6/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\ehome\ehtray.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3507
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3507
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1211521631\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [BM2fcc815f] Rundll32.exe "C:\WINDOWS\system32\vbbgqtib.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7062 bytes




Start Time= Sat 06/07/2008 14:48:36.73

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2008-06-07 13:55:02 2560 ( A.... ) "C:\WINDOWS\system32\axjjuced.exe"
2008-06-07 13:52:04 111616 ( A.... ) "C:\WINDOWS\system32\rjokolop.dll"
2008-06-07 13:49:04 94208 ( A.... ) "C:\WINDOWS\system32\iybrdvuo.dll"
2008-06-07 13:46:04 101376 ( A.... ) "C:\WINDOWS\system32\vbbgqtib.dll"
2008-06-07 13:00:04 ( .D... ) "C:\Program Files\PE"
2008-06-06 16:34:26 ( .D... ) "C:\Program Files\Trend Micro"
2008-06-06 16:24:16 108544 ( A.... ) "C:\WINDOWS\system32\vivvylau.dll"
2008-06-06 13:47:00 93184 ( A.... ) "C:\WINDOWS\system32\yuvmaape.dll"
2008-06-06 13:45:26 2560 ( A.... ) "C:\WINDOWS\system32\tefjscgc.exe"
2008-06-06 13:45:18 107520 ( A.... ) "C:\WINDOWS\system32\adutjrbn.dll"
2008-06-04 23:52:22 2560 ( A.... ) "C:\WINDOWS\system32\fwqiglgo.exe"
2008-06-04 23:49:24 104448 ( A.... ) "C:\WINDOWS\system32\jdondpwf.dll"
2008-06-04 23:43:24 106496 ( A.... ) "C:\WINDOWS\system32\daaruwqt.dll"
2008-06-04 16:26:10 3072 ( A.... ) "C:\WINDOWS\system32\ppkdquvd.dll"
2008-06-03 23:47:10 2560 ( A.... ) "C:\WINDOWS\system32\oplmuyet.exe"
2008-06-03 23:44:10 114688 ( A.... ) "C:\WINDOWS\system32\xsxsttaf.dll"
2008-06-03 23:42:04 103424 ( A.... ) "C:\WINDOWS\system32\kyiyxrut.dll"
2008-06-02 18:45:36 89088 ( A.... ) "C:\WINDOWS\system32\kijuvxwq.dll"
2008-06-02 18:39:36 2560 ( A.... ) "C:\WINDOWS\system32\hxmbtywe.exe"
2008-06-02 18:36:36 114688 ( A.... ) "C:\WINDOWS\system32\kpqaedkl.dll"
2008-06-02 18:33:36 3072 ( A.... ) "C:\WINDOWS\system32\jcnsakdc.dll"
2008-06-02 18:30:12 103424 ( A.... ) "C:\WINDOWS\system32\bybkuvag.dll"
2008-06-01 11:47:10 2560 ( A.... ) "C:\WINDOWS\system32\kadkykrs.exe"
2008-06-01 11:39:28 108544 ( A.... ) "C:\WINDOWS\system32\ngixonbm.dll"
2008-06-01 11:37:28 104448 ( A.... ) "C:\WINDOWS\system32\wbpewpph.dll"
2008-05-31 11:33:34 108544 ( A.... ) "C:\WINDOWS\system32\ydibqlmt.dll"
2008-05-31 11:30:34 2560 ( A.... ) "C:\WINDOWS\system32\bonhssob.exe"
2008-05-31 11:28:20 104448 ( A.... ) "C:\WINDOWS\system32\jcwepluu.dll"
2008-05-31 11:27:30 275456 ( A.... ) "C:\WINDOWS\system32\xxyvurss.dll"
2008-05-30 18:06:22 ( .D... ) "C:\Program Files\MSXML 4.0"
2008-05-30 12:12:10 104448 ( A.... ) "C:\WINDOWS\system32\ppkhsgwu.dll"
2008-05-30 12:09:10 109568 ( A.... ) "C:\WINDOWS\system32\urglgmea.dll"
2008-05-30 11:24:12 104448 ( A.... ) "C:\WINDOWS\system32\fwkfbmkr.dll"
2008-05-30 11:21:12 90112 ( A.... ) "C:\WINDOWS\system32\gcbhcteq.dll"
2008-05-30 11:18:12 109568 ( A.... ) "C:\WINDOWS\system32\njbavwys.dll"
2008-05-29 11:21:30 117760 ( A.... ) "C:\WINDOWS\system32\ipkksgss.dll"
2008-05-29 11:15:06 110592 ( A.... ) "C:\WINDOWS\system32\hvgolxgw.dll"
2008-05-29 11:15:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\McAfee.com Personal Firewall"
2008-05-27 20:47:08 110592 ( A.... ) "C:\WINDOWS\system32\ogpqvbnw.dll"
2008-05-26 20:54:00 93696 ( A.... ) "C:\WINDOWS\system32\pbnwgahp.dll"
2008-05-26 20:52:26 117760 ( A.... ) "C:\WINDOWS\system32\ebbkloae.dll"
2008-05-26 20:47:58 108544 ( A.... ) "C:\WINDOWS\system32\mngtifxc.dll"
2008-05-26 13:34:58 117760 ( A.... ) "C:\WINDOWS\system32\dqhdxgjl.dll"
2008-05-26 13:27:30 109056 ( A.... ) "C:\WINDOWS\system32\dundmaoi.dll"
2008-05-25 13:52:42 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Apple Computer"
2008-05-25 13:51:48 ( .D... ) "C:\Program Files\iPod"
2008-05-25 13:51:40 ( .D... ) "C:\Program Files\iTunes"
2008-05-25 13:51:10 ( .D... ) "C:\Program Files\Bonjour"
2008-05-25 13:49:20 ( .D... ) "C:\Program Files\QuickTime"
2008-05-25 13:48:14 ( .D... ) "C:\Program Files\Apple Software Update"
2008-05-25 13:47:18 ( .D... ) "C:\Program Files\Common Files\Apple"
2008-05-25 12:34:32 94208 ( A.... ) "C:\WINDOWS\system32\bgmdjbxw.dll"
2008-05-25 12:31:04 117760 ( A.... ) "C:\WINDOWS\system32\vcuwjgov.dll"
2008-05-25 12:30:16 109056 ( A.... ) "C:\WINDOWS\system32\iabelkdk.dll"
2008-05-24 11:21:58 117760 ( A.... ) "C:\WINDOWS\system32\ocfmhpfr.dll"
2008-05-24 11:18:56 108544 ( A.... ) "C:\WINDOWS\system32\spasywow.dll"
2008-05-23 17:35:14 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\LimeWire"
2008-05-23 17:34:44 ( .D... ) "C:\Program Files\LimeWire"
2008-05-23 17:19:54 ( .D... ) "C:\Program Files\uTorrent"
2008-05-23 17:19:52 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\uTorrent"
2008-05-23 17:05:40 94208 ( A.... ) "C:\WINDOWS\system32\pwieyasl.dll"
2008-05-23 15:41:44 859 ( A.... ) "C:\WINDOWS\system32\winpfz33.sys"
2008-05-23 15:41:44 859 ( A.... ) "C:\WINDOWS\system32\winpfz33.sys"
2008-05-23 15:41:40 63902 ( A.... ) "C:\WINDOWS\system32\{9aa54413-f9bb-c0af-0a90-2a314d6c10bd}.dll-uninst.exe"
2008-05-23 15:41:38 200769 ( A.... ) "C:\WINDOWS\system32\qcntskdm.exe"
2008-05-23 15:41:36 401969 ( A.... ) "C:\WINDOWS\system32\g77.exe"
2008-05-23 15:31:22 28160 ( A.... ) "C:\WINDOWS\system32\cbXPgddB.dll"
2008-05-23 14:13:58 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Google"
2008-05-23 02:10:02 ( .DS.. ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Microsoft"
2008-05-23 02:10:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\You've Got Pictures Screensaver"
2008-05-23 02:10:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\SampleView"
2008-05-23 02:10:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Identities"
2008-05-23 01:51:10 ( .D... ) "C:\Program Files\SIFXINST"
2008-05-23 01:50:34 ( .D... ) "C:\Program Files\McAfee"
2008-05-23 01:49:44 ( .D... ) "C:\Program Files\McAfee.com"
2008-05-23 01:49:38 ( .D... ) "C:\Program Files\gtw_logo"
2008-05-23 01:48:40 ( .D... ) "C:\Program Files\Microsoft Money 2006"
2008-05-23 01:48:22 ( .D... ) "C:\Program Files\Common Files\Nullsoft"
2008-05-23 01:48:02 157696 ( A.... ) "C:\WINDOWS\system32\rmoc3260.dll"
2008-05-23 01:47:58 6656 ( A.... ) "C:\WINDOWS\system32\pndx5016.dll"
2008-05-23 01:47:58 5632 ( A.... ) "C:\WINDOWS\system32\pndx5032.dll"
2008-05-23 01:47:58 ( .D... ) "C:\Program Files\Real"
2008-05-23 01:47:56 278528 ( A.... ) "C:\WINDOWS\system32\pncrt.dll"
2008-05-23 01:47:56 ( .D... ) "C:\Program Files\Common Files\Real"
2008-05-23 01:47:44 ( .D... ) "C:\Program Files\Viewpoint"
2008-05-23 01:47:40 ( .D... ) "C:\Program Files\Pure Networks"
2008-05-23 01:47:34 ( .D... ) "C:\Program Files\Common Files\AolCoach"
2008-05-23 01:47:12 ( .D... ) "C:\Program Files\Common Files\aolshare"
2008-05-23 01:47:12 ( .D... ) "C:\Program Files\America Online 9.0"
2008-05-23 01:47:04 ( .D... ) "C:\Program Files\Common Files\AOL"
2008-05-23 01:46:54 ( .D... ) "C:\Program Files\BigFix"
2008-05-23 01:46:04 ( .D... ) "C:\Program Files\Microsoft Works"
2008-05-23 01:45:40 ( .D... ) "C:\Program Files\MSN Encarta Plus"
2008-05-23 01:45:02 ( .D... ) "C:\Program Files\Microsoft Digital Image 2006"
2008-05-23 01:44:56 ( .D... ) "C:\Program Files\Common Files\Adobe"
2008-05-23 01:44:42 ( .D... ) "C:\Program Files\Adobe"
2008-05-23 01:43:22 ( .D... ) "C:\Program Files\Realtek"
2008-05-23 01:41:40 ( .D... ) "C:\Program Files\WildTangent"
2008-05-23 01:41:36 ( .D... ) "C:\Program Files\Gateway Games"
2008-05-23 01:39:46 ( .D... ) "C:\Program Files\Java"
2008-05-23 01:39:44 ( .D... ) "C:\Program Files\Common Files\Java"
2008-05-23 01:38:46 ( .D... ) "C:\Program Files\Digital Media Reader"
2008-05-23 01:37:08 ( .D... ) "C:\Program Files\Microsoft ActiveSync"
2008-05-23 01:37:04 ( .D... ) "C:\Program Files\Common Files\DESIGNER"
2008-05-23 01:36:36 ( .D... ) "C:\Program Files\Microsoft.NET"
2008-05-23 01:36:36 ( .D... ) "C:\Program Files\Microsoft Office"
2008-05-23 01:35:26 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2008-05-23 01:35:26 ( .D... ) "C:\Program Files\CyberLink"
2008-05-23 01:35:24 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2008-05-23 01:33:22 ( .D... ) "C:\Program Files\Google"
2008-05-23 01:25:04 ( .D... ) "C:\Program Files\CONEXANT"
2008-05-22 23:46:04 ( .D... ) "C:\Program Files\Cucusoft"
2008-05-22 23:45:08 ( .D... ) "C:\Program Files\Full Tilt Poker"
2008-05-22 23:43:30 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\AdobeUM"
2008-05-22 23:42:42 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Adobe"
2008-05-22 23:14:16 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Macromedia"
2008-03-27 04:12:54 151583 ( A.... ) "C:\WINDOWS\system32\msjint40.dll"
2008-03-25 00:50:58 838432 ( A.... ) "C:\WINDOWS\system32\mswdat10.dll"
2008-03-25 00:50:58 621344 ( A.... ) "C:\WINDOWS\system32\mswstr10.dll"
2008-03-25 00:50:58 355104 ( A.... ) "C:\WINDOWS\system32\msxbde40.dll"
2008-03-25 00:50:56 264992 ( A.... ) "C:\WINDOWS\system32\mstext40.dll"
2008-03-25 00:50:52 559904 ( A.... ) "C:\WINDOWS\system32\msrepl40.dll"
2008-03-25 00:50:50 322336 ( A.... ) "C:\WINDOWS\system32\msrd3x40.dll"
2008-03-25 00:50:48 432928 ( A.... ) "C:\WINDOWS\system32\msrd2x40.dll"
2008-03-25 00:50:46 355104 ( A.... ) "C:\WINDOWS\system32\mspbde40.dll"
2008-03-25 00:50:44 219936 ( A.... ) "C:\WINDOWS\system32\msltus40.dll"
2008-03-25 00:50:42 248608 ( A.... ) "C:\WINDOWS\system32\msjtes40.dll"
2008-03-25 00:50:42 60192 ( A.... ) "C:\WINDOWS\system32\msjter40.dll"
2008-03-25 00:50:40 355112 ( A.... ) "C:\WINDOWS\system32\msjetoledb40.dll"
2008-03-25 00:50:34 1516568 ( A.... ) "C:\WINDOWS\system32\msjet40.dll"
2008-03-25 00:50:30 326432 ( A.... ) "C:\WINDOWS\system32\msexcl40.dll"
2008-03-25 00:50:28 518944 ( A.... ) "C:\WINDOWS\system32\msexch40.dll"
2008-03-19 05:47:00 1845248 ( A.... ) "C:\WINDOWS\system32\win32k.sys"


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Reminder"="%WINDIR%\\Creator\\Remind_XP.exe"
"Recguard"="%WINDIR%\\SMINST\\RECGUARD.EXE"
"readericon"="C:\\Program Files\\Digital Media Reader\\readericon45G.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1211521631\\EE\\AOLHostManager.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"BM2fcc815f"="Rundll32.exe \"C:\\WINDOWS\\system32\\vbbgqtib.dll\",s"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:000000ff

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Power2GoExpress"="NA"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"HideStartupScripts"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}"=""


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: Sat 06/07/2008 14:49:15.42
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt



Thanks, it seems to run better, but I am still having problems with pop-ups.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:50:02 PM, on 6/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\ehome\ehtray.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3507
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3507
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1211521631\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [BM2fcc815f] Rundll32.exe "C:\WINDOWS\system32\vbbgqtib.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7062 bytes




Start Time= Sat 06/07/2008 14:48:36.73

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2008-06-07 13:55:02 2560 ( A.... ) "C:\WINDOWS\system32\axjjuced.exe"
2008-06-07 13:52:04 111616 ( A.... ) "C:\WINDOWS\system32\rjokolop.dll"
2008-06-07 13:49:04 94208 ( A.... ) "C:\WINDOWS\system32\iybrdvuo.dll"
2008-06-07 13:46:04 101376 ( A.... ) "C:\WINDOWS\system32\vbbgqtib.dll"
2008-06-07 13:00:04 ( .D... ) "C:\Program Files\PE"
2008-06-06 16:34:26 ( .D... ) "C:\Program Files\Trend Micro"
2008-06-06 16:24:16 108544 ( A.... ) "C:\WINDOWS\system32\vivvylau.dll"
2008-06-06 13:47:00 93184 ( A.... ) "C:\WINDOWS\system32\yuvmaape.dll"
2008-06-06 13:45:26 2560 ( A.... ) "C:\WINDOWS\system32\tefjscgc.exe"
2008-06-06 13:45:18 107520 ( A.... ) "C:\WINDOWS\system32\adutjrbn.dll"
2008-06-04 23:52:22 2560 ( A.... ) "C:\WINDOWS\system32\fwqiglgo.exe"
2008-06-04 23:49:24 104448 ( A.... ) "C:\WINDOWS\system32\jdondpwf.dll"
2008-06-04 23:43:24 106496 ( A.... ) "C:\WINDOWS\system32\daaruwqt.dll"
2008-06-04 16:26:10 3072 ( A.... ) "C:\WINDOWS\system32\ppkdquvd.dll"
2008-06-03 23:47:10 2560 ( A.... ) "C:\WINDOWS\system32\oplmuyet.exe"
2008-06-03 23:44:10 114688 ( A.... ) "C:\WINDOWS\system32\xsxsttaf.dll"
2008-06-03 23:42:04 103424 ( A.... ) "C:\WINDOWS\system32\kyiyxrut.dll"
2008-06-02 18:45:36 89088 ( A.... ) "C:\WINDOWS\system32\kijuvxwq.dll"
2008-06-02 18:39:36 2560 ( A.... ) "C:\WINDOWS\system32\hxmbtywe.exe"
2008-06-02 18:36:36 114688 ( A.... ) "C:\WINDOWS\system32\kpqaedkl.dll"
2008-06-02 18:33:36 3072 ( A.... ) "C:\WINDOWS\system32\jcnsakdc.dll"
2008-06-02 18:30:12 103424 ( A.... ) "C:\WINDOWS\system32\bybkuvag.dll"
2008-06-01 11:47:10 2560 ( A.... ) "C:\WINDOWS\system32\kadkykrs.exe"
2008-06-01 11:39:28 108544 ( A.... ) "C:\WINDOWS\system32\ngixonbm.dll"
2008-06-01 11:37:28 104448 ( A.... ) "C:\WINDOWS\system32\wbpewpph.dll"
2008-05-31 11:33:34 108544 ( A.... ) "C:\WINDOWS\system32\ydibqlmt.dll"
2008-05-31 11:30:34 2560 ( A.... ) "C:\WINDOWS\system32\bonhssob.exe"
2008-05-31 11:28:20 104448 ( A.... ) "C:\WINDOWS\system32\jcwepluu.dll"
2008-05-31 11:27:30 275456 ( A.... ) "C:\WINDOWS\system32\xxyvurss.dll"
2008-05-30 18:06:22 ( .D... ) "C:\Program Files\MSXML 4.0"
2008-05-30 12:12:10 104448 ( A.... ) "C:\WINDOWS\system32\ppkhsgwu.dll"
2008-05-30 12:09:10 109568 ( A.... ) "C:\WINDOWS\system32\urglgmea.dll"
2008-05-30 11:24:12 104448 ( A.... ) "C:\WINDOWS\system32\fwkfbmkr.dll"
2008-05-30 11:21:12 90112 ( A.... ) "C:\WINDOWS\system32\gcbhcteq.dll"
2008-05-30 11:18:12 109568 ( A.... ) "C:\WINDOWS\system32\njbavwys.dll"
2008-05-29 11:21:30 117760 ( A.... ) "C:\WINDOWS\system32\ipkksgss.dll"
2008-05-29 11:15:06 110592 ( A.... ) "C:\WINDOWS\system32\hvgolxgw.dll"
2008-05-29 11:15:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\McAfee.com Personal Firewall"
2008-05-27 20:47:08 110592 ( A.... ) "C:\WINDOWS\system32\ogpqvbnw.dll"
2008-05-26 20:54:00 93696 ( A.... ) "C:\WINDOWS\system32\pbnwgahp.dll"
2008-05-26 20:52:26 117760 ( A.... ) "C:\WINDOWS\system32\ebbkloae.dll"
2008-05-26 20:47:58 108544 ( A.... ) "C:\WINDOWS\system32\mngtifxc.dll"
2008-05-26 13:34:58 117760 ( A.... ) "C:\WINDOWS\system32\dqhdxgjl.dll"
2008-05-26 13:27:30 109056 ( A.... ) "C:\WINDOWS\system32\dundmaoi.dll"
2008-05-25 13:52:42 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Apple Computer"
2008-05-25 13:51:48 ( .D... ) "C:\Program Files\iPod"
2008-05-25 13:51:40 ( .D... ) "C:\Program Files\iTunes"
2008-05-25 13:51:10 ( .D... ) "C:\Program Files\Bonjour"
2008-05-25 13:49:20 ( .D... ) "C:\Program Files\QuickTime"
2008-05-25 13:48:14 ( .D... ) "C:\Program Files\Apple Software Update"
2008-05-25 13:47:18 ( .D... ) "C:\Program Files\Common Files\Apple"
2008-05-25 12:34:32 94208 ( A.... ) "C:\WINDOWS\system32\bgmdjbxw.dll"
2008-05-25 12:31:04 117760 ( A.... ) "C:\WINDOWS\system32\vcuwjgov.dll"
2008-05-25 12:30:16 109056 ( A.... ) "C:\WINDOWS\system32\iabelkdk.dll"
2008-05-24 11:21:58 117760 ( A.... ) "C:\WINDOWS\system32\ocfmhpfr.dll"
2008-05-24 11:18:56 108544 ( A.... ) "C:\WINDOWS\system32\spasywow.dll"
2008-05-23 17:35:14 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\LimeWire"
2008-05-23 17:34:44 ( .D... ) "C:\Program Files\LimeWire"
2008-05-23 17:19:54 ( .D... ) "C:\Program Files\uTorrent"
2008-05-23 17:19:52 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\uTorrent"
2008-05-23 17:05:40 94208 ( A.... ) "C:\WINDOWS\system32\pwieyasl.dll"
2008-05-23 15:41:44 859 ( A.... ) "C:\WINDOWS\system32\winpfz33.sys"
2008-05-23 15:41:44 859 ( A.... ) "C:\WINDOWS\system32\winpfz33.sys"
2008-05-23 15:41:40 63902 ( A.... ) "C:\WINDOWS\system32\{9aa54413-f9bb-c0af-0a90-2a314d6c10bd}.dll-uninst.exe"
2008-05-23 15:41:38 200769 ( A.... ) "C:\WINDOWS\system32\qcntskdm.exe"
2008-05-23 15:41:36 401969 ( A.... ) "C:\WINDOWS\system32\g77.exe"
2008-05-23 15:31:22 28160 ( A.... ) "C:\WINDOWS\system32\cbXPgddB.dll"
2008-05-23 14:13:58 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Google"
2008-05-23 02:10:02 ( .DS.. ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Microsoft"
2008-05-23 02:10:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\You've Got Pictures Screensaver"
2008-05-23 02:10:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\SampleView"
2008-05-23 02:10:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Identities"
2008-05-23 01:51:10 ( .D... ) "C:\Program Files\SIFXINST"
2008-05-23 01:50:34 ( .D... ) "C:\Program Files\McAfee"
2008-05-23 01:49:44 ( .D... ) "C:\Program Files\McAfee.com"
2008-05-23 01:49:38 ( .D... ) "C:\Program Files\gtw_logo"
2008-05-23 01:48:40 ( .D... ) "C:\Program Files\Microsoft Money 2006"
2008-05-23 01:48:22 ( .D... ) "C:\Program Files\Common Files\Nullsoft"
2008-05-23 01:48:02 157696 ( A.... ) "C:\WINDOWS\system32\rmoc3260.dll"
2008-05-23 01:47:58 6656 ( A.... ) "C:\WINDOWS\system32\pndx5016.dll"
2008-05-23 01:47:58 5632 ( A.... ) "C:\WINDOWS\system32\pndx5032.dll"
2008-05-23 01:47:58 ( .D... ) "C:\Program Files\Real"
2008-05-23 01:47:56 278528 ( A.... ) "C:\WINDOWS\system32\pncrt.dll"
2008-05-23 01:47:56 ( .D... ) "C:\Program Files\Common Files\Real"
2008-05-23 01:47:44 ( .D... ) "C:\Program Files\Viewpoint"
2008-05-23 01:47:40 ( .D... ) "C:\Program Files\Pure Networks"
2008-05-23 01:47:34 ( .D... ) "C:\Program Files\Common Files\AolCoach"
2008-05-23 01:47:12 ( .D... ) "C:\Program Files\Common Files\aolshare"
2008-05-23 01:47:12 ( .D... ) "C:\Program Files\America Online 9.0"
2008-05-23 01:47:04 ( .D... ) "C:\Program Files\Common Files\AOL"
2008-05-23 01:46:54 ( .D... ) "C:\Program Files\BigFix"
2008-05-23 01:46:04 ( .D... ) "C:\Program Files\Microsoft Works"
2008-05-23 01:45:40 ( .D... ) "C:\Program Files\MSN Encarta Plus"
2008-05-23 01:45:02 ( .D... ) "C:\Program Files\Microsoft Digital Image 2006"
2008-05-23 01:44:56 ( .D... ) "C:\Program Files\Common Files\Adobe"
2008-05-23 01:44:42 ( .D... ) "C:\Program Files\Adobe"
2008-05-23 01:43:22 ( .D... ) "C:\Program Files\Realtek"
2008-05-23 01:41:40 ( .D... ) "C:\Program Files\WildTangent"
2008-05-23 01:41:36 ( .D... ) "C:\Program Files\Gateway Games"
2008-05-23 01:39:46 ( .D... ) "C:\Program Files\Java"
2008-05-23 01:39:44 ( .D... ) "C:\Program Files\Common Files\Java"
2008-05-23 01:38:46 ( .D... ) "C:\Program Files\Digital Media Reader"
2008-05-23 01:37:08 ( .D... ) "C:\Program Files\Microsoft ActiveSync"
2008-05-23 01:37:04 ( .D... ) "C:\Program Files\Common Files\DESIGNER"
2008-05-23 01:36:36 ( .D... ) "C:\Program Files\Microsoft.NET"
2008-05-23 01:36:36 ( .D... ) "C:\Program Files\Microsoft Office"
2008-05-23 01:35:26 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2008-05-23 01:35:26 ( .D... ) "C:\Program Files\CyberLink"
2008-05-23 01:35:24 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2008-05-23 01:33:22 ( .D... ) "C:\Program Files\Google"
2008-05-23 01:25:04 ( .D... ) "C:\Program Files\CONEXANT"
2008-05-22 23:46:04 ( .D... ) "C:\Program Files\Cucusoft"
2008-05-22 23:45:08 ( .D... ) "C:\Program Files\Full Tilt Poker"
2008-05-22 23:43:30 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\AdobeUM"
2008-05-22 23:42:42 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Adobe"
2008-05-22 23:14:16 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Macromedia"
2008-03-27 04:12:54 151583 ( A.... ) "C:\WINDOWS\system32\msjint40.dll"
2008-03-25 00:50:58 838432 ( A.... ) "C:\WINDOWS\system32\mswdat10.dll"
2008-03-25 00:50:58 621344 ( A.... ) "C:\WINDOWS\system32\mswstr10.dll"
2008-03-25 00:50:58 355104 ( A.... ) "C:\WINDOWS\system32\msxbde40.dll"
2008-03-25 00:50:56 264992 ( A.... ) "C:\WINDOWS\system32\mstext40.dll"
2008-03-25 00:50:52 559904 ( A.... ) "C:\WINDOWS\system32\msrepl40.dll"
2008-03-25 00:50:50 322336 ( A.... ) "C:\WINDOWS\system32\msrd3x40.dll"
2008-03-25 00:50:48 432928 ( A.... ) "C:\WINDOWS\system32\msrd2x40.dll"
2008-03-25 00:50:46 355104 ( A.... ) "C:\WINDOWS\system32\mspbde40.dll"
2008-03-25 00:50:44 219936 ( A.... ) "C:\WINDOWS\system32\msltus40.dll"
2008-03-25 00:50:42 248608 ( A.... ) "C:\WINDOWS\system32\msjtes40.dll"
2008-03-25 00:50:42 60192 ( A.... ) "C:\WINDOWS\system32\msjter40.dll"
2008-03-25 00:50:40 355112 ( A.... ) "C:\WINDOWS\system32\msjetoledb40.dll"
2008-03-25 00:50:34 1516568 ( A.... ) "C:\WINDOWS\system32\msjet40.dll"
2008-03-25 00:50:30 326432 ( A.... ) "C:\WINDOWS\system32\msexcl40.dll"
2008-03-25 00:50:28 518944 ( A.... ) "C:\WINDOWS\system32\msexch40.dll"
2008-03-19 05:47:00 1845248 ( A.... ) "C:\WINDOWS\system32\win32k.sys"


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Reminder"="%WINDIR%\\Creator\\Remind_XP.exe"
"Recguard"="%WINDIR%\\SMINST\\RECGUARD.EXE"
"readericon"="C:\\Program Files\\Digital Media Reader\\readericon45G.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1211521631\\EE\\AOLHostManager.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"BM2fcc815f"="Rundll32.exe \"C:\\WINDOWS\\system32\\vbbgqtib.dll\",s"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:000000ff

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Power2GoExpress"="NA"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"HideStartupScripts"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}"=""


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: Sat 06/07/2008 14:49:15.42
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt

#8 pskelley

pskelley

  • Staff Emeritus
  • 1,487 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 07 June 2008 - 02:39 PM

You still have the vundo infection showing in your HJT log, give this a try:

Open notepad and copy/paste the text in the codebox below into it:

File::
C:\WINDOWS\system32\vbbgqtib.dll

Save this as CFScript

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Post the combofix log and a new HJT log.

Thanks
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#9 ktownmvp22

ktownmvp22
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 07 June 2008 - 08:31 PM

New logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:13 PM, on 6/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\121152~1\EE\AOLHOS~1.EXE
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\COMMON~1\AOL\121152~1\EE\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3507
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3507
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1211521631\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [BM2fcc815f] Rundll32.exe "C:\WINDOWS\system32\vbbgqtib.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7982 bytes



Start Time= Sat 06/07/2008 21:25:25.67

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2008-06-07 13:55:02 2560 ( A.... ) "C:\WINDOWS\system32\axjjuced.exe"
2008-06-07 13:52:04 111616 ( A.... ) "C:\WINDOWS\system32\rjokolop.dll"
2008-06-07 13:49:04 94208 ( A.... ) "C:\WINDOWS\system32\iybrdvuo.dll"
2008-06-07 13:46:04 101376 ( A.... ) "C:\WINDOWS\system32\vbbgqtib.dll"
2008-06-07 13:00:04 ( .D... ) "C:\Program Files\PE"
2008-06-06 16:34:26 ( .D... ) "C:\Program Files\Trend Micro"
2008-06-06 16:24:16 108544 ( A.... ) "C:\WINDOWS\system32\vivvylau.dll"
2008-06-06 13:47:00 93184 ( A.... ) "C:\WINDOWS\system32\yuvmaape.dll"
2008-06-06 13:45:26 2560 ( A.... ) "C:\WINDOWS\system32\tefjscgc.exe"
2008-06-06 13:45:18 107520 ( A.... ) "C:\WINDOWS\system32\adutjrbn.dll"
2008-06-04 23:52:22 2560 ( A.... ) "C:\WINDOWS\system32\fwqiglgo.exe"
2008-06-04 23:49:24 104448 ( A.... ) "C:\WINDOWS\system32\jdondpwf.dll"
2008-06-04 23:43:24 106496 ( A.... ) "C:\WINDOWS\system32\daaruwqt.dll"
2008-06-04 16:26:10 3072 ( A.... ) "C:\WINDOWS\system32\ppkdquvd.dll"
2008-06-03 23:47:10 2560 ( A.... ) "C:\WINDOWS\system32\oplmuyet.exe"
2008-06-03 23:44:10 114688 ( A.... ) "C:\WINDOWS\system32\xsxsttaf.dll"
2008-06-03 23:42:04 103424 ( A.... ) "C:\WINDOWS\system32\kyiyxrut.dll"
2008-06-02 18:45:36 89088 ( A.... ) "C:\WINDOWS\system32\kijuvxwq.dll"
2008-06-02 18:39:36 2560 ( A.... ) "C:\WINDOWS\system32\hxmbtywe.exe"
2008-06-02 18:36:36 114688 ( A.... ) "C:\WINDOWS\system32\kpqaedkl.dll"
2008-06-02 18:33:36 3072 ( A.... ) "C:\WINDOWS\system32\jcnsakdc.dll"
2008-06-02 18:30:12 103424 ( A.... ) "C:\WINDOWS\system32\bybkuvag.dll"
2008-06-01 11:47:10 2560 ( A.... ) "C:\WINDOWS\system32\kadkykrs.exe"
2008-06-01 11:39:28 108544 ( A.... ) "C:\WINDOWS\system32\ngixonbm.dll"
2008-06-01 11:37:28 104448 ( A.... ) "C:\WINDOWS\system32\wbpewpph.dll"
2008-05-31 11:33:34 108544 ( A.... ) "C:\WINDOWS\system32\ydibqlmt.dll"
2008-05-31 11:30:34 2560 ( A.... ) "C:\WINDOWS\system32\bonhssob.exe"
2008-05-31 11:28:20 104448 ( A.... ) "C:\WINDOWS\system32\jcwepluu.dll"
2008-05-31 11:27:30 275456 ( A.... ) "C:\WINDOWS\system32\xxyvurss.dll"
2008-05-30 18:06:22 ( .D... ) "C:\Program Files\MSXML 4.0"
2008-05-30 12:12:10 104448 ( A.... ) "C:\WINDOWS\system32\ppkhsgwu.dll"
2008-05-30 12:09:10 109568 ( A.... ) "C:\WINDOWS\system32\urglgmea.dll"
2008-05-30 11:24:12 104448 ( A.... ) "C:\WINDOWS\system32\fwkfbmkr.dll"
2008-05-30 11:21:12 90112 ( A.... ) "C:\WINDOWS\system32\gcbhcteq.dll"
2008-05-30 11:18:12 109568 ( A.... ) "C:\WINDOWS\system32\njbavwys.dll"
2008-05-29 11:21:30 117760 ( A.... ) "C:\WINDOWS\system32\ipkksgss.dll"
2008-05-29 11:15:06 110592 ( A.... ) "C:\WINDOWS\system32\hvgolxgw.dll"
2008-05-29 11:15:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\McAfee.com Personal Firewall"
2008-05-27 20:47:08 110592 ( A.... ) "C:\WINDOWS\system32\ogpqvbnw.dll"
2008-05-26 20:54:00 93696 ( A.... ) "C:\WINDOWS\system32\pbnwgahp.dll"
2008-05-26 20:52:26 117760 ( A.... ) "C:\WINDOWS\system32\ebbkloae.dll"
2008-05-26 20:47:58 108544 ( A.... ) "C:\WINDOWS\system32\mngtifxc.dll"
2008-05-26 13:34:58 117760 ( A.... ) "C:\WINDOWS\system32\dqhdxgjl.dll"
2008-05-26 13:27:30 109056 ( A.... ) "C:\WINDOWS\system32\dundmaoi.dll"
2008-05-25 13:52:42 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Apple Computer"
2008-05-25 13:51:48 ( .D... ) "C:\Program Files\iPod"
2008-05-25 13:51:40 ( .D... ) "C:\Program Files\iTunes"
2008-05-25 13:51:10 ( .D... ) "C:\Program Files\Bonjour"
2008-05-25 13:49:20 ( .D... ) "C:\Program Files\QuickTime"
2008-05-25 13:48:14 ( .D... ) "C:\Program Files\Apple Software Update"
2008-05-25 13:47:18 ( .D... ) "C:\Program Files\Common Files\Apple"
2008-05-25 12:34:32 94208 ( A.... ) "C:\WINDOWS\system32\bgmdjbxw.dll"
2008-05-25 12:31:04 117760 ( A.... ) "C:\WINDOWS\system32\vcuwjgov.dll"
2008-05-25 12:30:16 109056 ( A.... ) "C:\WINDOWS\system32\iabelkdk.dll"
2008-05-24 11:21:58 117760 ( A.... ) "C:\WINDOWS\system32\ocfmhpfr.dll"
2008-05-24 11:18:56 108544 ( A.... ) "C:\WINDOWS\system32\spasywow.dll"
2008-05-23 17:35:14 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\LimeWire"
2008-05-23 17:34:44 ( .D... ) "C:\Program Files\LimeWire"
2008-05-23 17:19:54 ( .D... ) "C:\Program Files\uTorrent"
2008-05-23 17:19:52 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\uTorrent"
2008-05-23 17:05:40 94208 ( A.... ) "C:\WINDOWS\system32\pwieyasl.dll"
2008-05-23 15:41:44 859 ( A.... ) "C:\WINDOWS\system32\winpfz33.sys"
2008-05-23 15:41:44 859 ( A.... ) "C:\WINDOWS\system32\winpfz33.sys"
2008-05-23 15:41:40 63902 ( A.... ) "C:\WINDOWS\system32\{9aa54413-f9bb-c0af-0a90-2a314d6c10bd}.dll-uninst.exe"
2008-05-23 15:41:38 200769 ( A.... ) "C:\WINDOWS\system32\qcntskdm.exe"
2008-05-23 15:41:36 401969 ( A.... ) "C:\WINDOWS\system32\g77.exe"
2008-05-23 15:31:22 28160 ( A.... ) "C:\WINDOWS\system32\cbXPgddB.dll"
2008-05-23 14:13:58 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Google"
2008-05-23 02:10:02 ( .DS.. ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Microsoft"
2008-05-23 02:10:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\You've Got Pictures Screensaver"
2008-05-23 02:10:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\SampleView"
2008-05-23 02:10:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Identities"
2008-05-23 01:51:10 ( .D... ) "C:\Program Files\SIFXINST"
2008-05-23 01:50:34 ( .D... ) "C:\Program Files\McAfee"
2008-05-23 01:49:44 ( .D... ) "C:\Program Files\McAfee.com"
2008-05-23 01:49:38 ( .D... ) "C:\Program Files\gtw_logo"
2008-05-23 01:48:40 ( .D... ) "C:\Program Files\Microsoft Money 2006"
2008-05-23 01:48:22 ( .D... ) "C:\Program Files\Common Files\Nullsoft"
2008-05-23 01:48:02 157696 ( A.... ) "C:\WINDOWS\system32\rmoc3260.dll"
2008-05-23 01:47:58 6656 ( A.... ) "C:\WINDOWS\system32\pndx5016.dll"
2008-05-23 01:47:58 5632 ( A.... ) "C:\WINDOWS\system32\pndx5032.dll"
2008-05-23 01:47:58 ( .D... ) "C:\Program Files\Real"
2008-05-23 01:47:56 278528 ( A.... ) "C:\WINDOWS\system32\pncrt.dll"
2008-05-23 01:47:56 ( .D... ) "C:\Program Files\Common Files\Real"
2008-05-23 01:47:44 ( .D... ) "C:\Program Files\Viewpoint"
2008-05-23 01:47:40 ( .D... ) "C:\Program Files\Pure Networks"
2008-05-23 01:47:34 ( .D... ) "C:\Program Files\Common Files\AolCoach"
2008-05-23 01:47:12 ( .D... ) "C:\Program Files\Common Files\aolshare"
2008-05-23 01:47:12 ( .D... ) "C:\Program Files\America Online 9.0"
2008-05-23 01:47:04 ( .D... ) "C:\Program Files\Common Files\AOL"
2008-05-23 01:46:54 ( .D... ) "C:\Program Files\BigFix"
2008-05-23 01:46:04 ( .D... ) "C:\Program Files\Microsoft Works"
2008-05-23 01:45:40 ( .D... ) "C:\Program Files\MSN Encarta Plus"
2008-05-23 01:45:02 ( .D... ) "C:\Program Files\Microsoft Digital Image 2006"
2008-05-23 01:44:56 ( .D... ) "C:\Program Files\Common Files\Adobe"
2008-05-23 01:44:42 ( .D... ) "C:\Program Files\Adobe"
2008-05-23 01:43:22 ( .D... ) "C:\Program Files\Realtek"
2008-05-23 01:41:40 ( .D... ) "C:\Program Files\WildTangent"
2008-05-23 01:41:36 ( .D... ) "C:\Program Files\Gateway Games"
2008-05-23 01:39:46 ( .D... ) "C:\Program Files\Java"
2008-05-23 01:39:44 ( .D... ) "C:\Program Files\Common Files\Java"
2008-05-23 01:38:46 ( .D... ) "C:\Program Files\Digital Media Reader"
2008-05-23 01:37:08 ( .D... ) "C:\Program Files\Microsoft ActiveSync"
2008-05-23 01:37:04 ( .D... ) "C:\Program Files\Common Files\DESIGNER"
2008-05-23 01:36:36 ( .D... ) "C:\Program Files\Microsoft.NET"
2008-05-23 01:36:36 ( .D... ) "C:\Program Files\Microsoft Office"
2008-05-23 01:35:26 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2008-05-23 01:35:26 ( .D... ) "C:\Program Files\CyberLink"
2008-05-23 01:35:24 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2008-05-23 01:33:22 ( .D... ) "C:\Program Files\Google"
2008-05-23 01:25:04 ( .D... ) "C:\Program Files\CONEXANT"
2008-05-22 23:46:04 ( .D... ) "C:\Program Files\Cucusoft"
2008-05-22 23:45:08 ( .D... ) "C:\Program Files\Full Tilt Poker"
2008-05-22 23:43:30 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\AdobeUM"
2008-05-22 23:42:42 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Adobe"
2008-05-22 23:14:16 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Macromedia"
2008-03-27 04:12:54 151583 ( A.... ) "C:\WINDOWS\system32\msjint40.dll"
2008-03-25 00:50:58 838432 ( A.... ) "C:\WINDOWS\system32\mswdat10.dll"
2008-03-25 00:50:58 621344 ( A.... ) "C:\WINDOWS\system32\mswstr10.dll"
2008-03-25 00:50:58 355104 ( A.... ) "C:\WINDOWS\system32\msxbde40.dll"
2008-03-25 00:50:56 264992 ( A.... ) "C:\WINDOWS\system32\mstext40.dll"
2008-03-25 00:50:52 559904 ( A.... ) "C:\WINDOWS\system32\msrepl40.dll"
2008-03-25 00:50:50 322336 ( A.... ) "C:\WINDOWS\system32\msrd3x40.dll"
2008-03-25 00:50:48 432928 ( A.... ) "C:\WINDOWS\system32\msrd2x40.dll"
2008-03-25 00:50:46 355104 ( A.... ) "C:\WINDOWS\system32\mspbde40.dll"
2008-03-25 00:50:44 219936 ( A.... ) "C:\WINDOWS\system32\msltus40.dll"
2008-03-25 00:50:42 248608 ( A.... ) "C:\WINDOWS\system32\msjtes40.dll"
2008-03-25 00:50:42 60192 ( A.... ) "C:\WINDOWS\system32\msjter40.dll"
2008-03-25 00:50:40 355112 ( A.... ) "C:\WINDOWS\system32\msjetoledb40.dll"
2008-03-25 00:50:34 1516568 ( A.... ) "C:\WINDOWS\system32\msjet40.dll"
2008-03-25 00:50:30 326432 ( A.... ) "C:\WINDOWS\system32\msexcl40.dll"
2008-03-25 00:50:28 518944 ( A.... ) "C:\WINDOWS\system32\msexch40.dll"
2008-03-19 05:47:00 1845248 ( A.... ) "C:\WINDOWS\system32\win32k.sys"


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Reminder"="%WINDIR%\\Creator\\Remind_XP.exe"
"Recguard"="%WINDIR%\\SMINST\\RECGUARD.EXE"
"readericon"="C:\\Program Files\\Digital Media Reader\\readericon45G.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1211521631\\EE\\AOLHostManager.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"BM2fcc815f"="Rundll32.exe \"C:\\WINDOWS\\system32\\vbbgqtib.dll\",s"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:000000ff

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Power2GoExpress"="NA"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"HideStartupScripts"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}"=""


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: Sat 06/07/2008 21:26:32.57
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt




New logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:13 PM, on 6/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\121152~1\EE\AOLHOS~1.EXE
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\COMMON~1\AOL\121152~1\EE\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3507
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3507
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1211521631\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [BM2fcc815f] Rundll32.exe "C:\WINDOWS\system32\vbbgqtib.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7982 bytes



Start Time= Sat 06/07/2008 21:25:25.67

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2008-06-07 13:55:02 2560 ( A.... ) "C:\WINDOWS\system32\axjjuced.exe"
2008-06-07 13:52:04 111616 ( A.... ) "C:\WINDOWS\system32\rjokolop.dll"
2008-06-07 13:49:04 94208 ( A.... ) "C:\WINDOWS\system32\iybrdvuo.dll"
2008-06-07 13:46:04 101376 ( A.... ) "C:\WINDOWS\system32\vbbgqtib.dll"
2008-06-07 13:00:04 ( .D... ) "C:\Program Files\PE"
2008-06-06 16:34:26 ( .D... ) "C:\Program Files\Trend Micro"
2008-06-06 16:24:16 108544 ( A.... ) "C:\WINDOWS\system32\vivvylau.dll"
2008-06-06 13:47:00 93184 ( A.... ) "C:\WINDOWS\system32\yuvmaape.dll"
2008-06-06 13:45:26 2560 ( A.... ) "C:\WINDOWS\system32\tefjscgc.exe"
2008-06-06 13:45:18 107520 ( A.... ) "C:\WINDOWS\system32\adutjrbn.dll"
2008-06-04 23:52:22 2560 ( A.... ) "C:\WINDOWS\system32\fwqiglgo.exe"
2008-06-04 23:49:24 104448 ( A.... ) "C:\WINDOWS\system32\jdondpwf.dll"
2008-06-04 23:43:24 106496 ( A.... ) "C:\WINDOWS\system32\daaruwqt.dll"
2008-06-04 16:26:10 3072 ( A.... ) "C:\WINDOWS\system32\ppkdquvd.dll"
2008-06-03 23:47:10 2560 ( A.... ) "C:\WINDOWS\system32\oplmuyet.exe"
2008-06-03 23:44:10 114688 ( A.... ) "C:\WINDOWS\system32\xsxsttaf.dll"
2008-06-03 23:42:04 103424 ( A.... ) "C:\WINDOWS\system32\kyiyxrut.dll"
2008-06-02 18:45:36 89088 ( A.... ) "C:\WINDOWS\system32\kijuvxwq.dll"
2008-06-02 18:39:36 2560 ( A.... ) "C:\WINDOWS\system32\hxmbtywe.exe"
2008-06-02 18:36:36 114688 ( A.... ) "C:\WINDOWS\system32\kpqaedkl.dll"
2008-06-02 18:33:36 3072 ( A.... ) "C:\WINDOWS\system32\jcnsakdc.dll"
2008-06-02 18:30:12 103424 ( A.... ) "C:\WINDOWS\system32\bybkuvag.dll"
2008-06-01 11:47:10 2560 ( A.... ) "C:\WINDOWS\system32\kadkykrs.exe"
2008-06-01 11:39:28 108544 ( A.... ) "C:\WINDOWS\system32\ngixonbm.dll"
2008-06-01 11:37:28 104448 ( A.... ) "C:\WINDOWS\system32\wbpewpph.dll"
2008-05-31 11:33:34 108544 ( A.... ) "C:\WINDOWS\system32\ydibqlmt.dll"
2008-05-31 11:30:34 2560 ( A.... ) "C:\WINDOWS\system32\bonhssob.exe"
2008-05-31 11:28:20 104448 ( A.... ) "C:\WINDOWS\system32\jcwepluu.dll"
2008-05-31 11:27:30 275456 ( A.... ) "C:\WINDOWS\system32\xxyvurss.dll"
2008-05-30 18:06:22 ( .D... ) "C:\Program Files\MSXML 4.0"
2008-05-30 12:12:10 104448 ( A.... ) "C:\WINDOWS\system32\ppkhsgwu.dll"
2008-05-30 12:09:10 109568 ( A.... ) "C:\WINDOWS\system32\urglgmea.dll"
2008-05-30 11:24:12 104448 ( A.... ) "C:\WINDOWS\system32\fwkfbmkr.dll"
2008-05-30 11:21:12 90112 ( A.... ) "C:\WINDOWS\system32\gcbhcteq.dll"
2008-05-30 11:18:12 109568 ( A.... ) "C:\WINDOWS\system32\njbavwys.dll"
2008-05-29 11:21:30 117760 ( A.... ) "C:\WINDOWS\system32\ipkksgss.dll"
2008-05-29 11:15:06 110592 ( A.... ) "C:\WINDOWS\system32\hvgolxgw.dll"
2008-05-29 11:15:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\McAfee.com Personal Firewall"
2008-05-27 20:47:08 110592 ( A.... ) "C:\WINDOWS\system32\ogpqvbnw.dll"
2008-05-26 20:54:00 93696 ( A.... ) "C:\WINDOWS\system32\pbnwgahp.dll"
2008-05-26 20:52:26 117760 ( A.... ) "C:\WINDOWS\system32\ebbkloae.dll"
2008-05-26 20:47:58 108544 ( A.... ) "C:\WINDOWS\system32\mngtifxc.dll"
2008-05-26 13:34:58 117760 ( A.... ) "C:\WINDOWS\system32\dqhdxgjl.dll"
2008-05-26 13:27:30 109056 ( A.... ) "C:\WINDOWS\system32\dundmaoi.dll"
2008-05-25 13:52:42 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Apple Computer"
2008-05-25 13:51:48 ( .D... ) "C:\Program Files\iPod"
2008-05-25 13:51:40 ( .D... ) "C:\Program Files\iTunes"
2008-05-25 13:51:10 ( .D... ) "C:\Program Files\Bonjour"
2008-05-25 13:49:20 ( .D... ) "C:\Program Files\QuickTime"
2008-05-25 13:48:14 ( .D... ) "C:\Program Files\Apple Software Update"
2008-05-25 13:47:18 ( .D... ) "C:\Program Files\Common Files\Apple"
2008-05-25 12:34:32 94208 ( A.... ) "C:\WINDOWS\system32\bgmdjbxw.dll"
2008-05-25 12:31:04 117760 ( A.... ) "C:\WINDOWS\system32\vcuwjgov.dll"
2008-05-25 12:30:16 109056 ( A.... ) "C:\WINDOWS\system32\iabelkdk.dll"
2008-05-24 11:21:58 117760 ( A.... ) "C:\WINDOWS\system32\ocfmhpfr.dll"
2008-05-24 11:18:56 108544 ( A.... ) "C:\WINDOWS\system32\spasywow.dll"
2008-05-23 17:35:14 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\LimeWire"
2008-05-23 17:34:44 ( .D... ) "C:\Program Files\LimeWire"
2008-05-23 17:19:54 ( .D... ) "C:\Program Files\uTorrent"
2008-05-23 17:19:52 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\uTorrent"
2008-05-23 17:05:40 94208 ( A.... ) "C:\WINDOWS\system32\pwieyasl.dll"
2008-05-23 15:41:44 859 ( A.... ) "C:\WINDOWS\system32\winpfz33.sys"
2008-05-23 15:41:44 859 ( A.... ) "C:\WINDOWS\system32\winpfz33.sys"
2008-05-23 15:41:40 63902 ( A.... ) "C:\WINDOWS\system32\{9aa54413-f9bb-c0af-0a90-2a314d6c10bd}.dll-uninst.exe"
2008-05-23 15:41:38 200769 ( A.... ) "C:\WINDOWS\system32\qcntskdm.exe"
2008-05-23 15:41:36 401969 ( A.... ) "C:\WINDOWS\system32\g77.exe"
2008-05-23 15:31:22 28160 ( A.... ) "C:\WINDOWS\system32\cbXPgddB.dll"
2008-05-23 14:13:58 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Google"
2008-05-23 02:10:02 ( .DS.. ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Microsoft"
2008-05-23 02:10:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\You've Got Pictures Screensaver"
2008-05-23 02:10:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\SampleView"
2008-05-23 02:10:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Identities"
2008-05-23 01:51:10 ( .D... ) "C:\Program Files\SIFXINST"
2008-05-23 01:50:34 ( .D... ) "C:\Program Files\McAfee"
2008-05-23 01:49:44 ( .D... ) "C:\Program Files\McAfee.com"
2008-05-23 01:49:38 ( .D... ) "C:\Program Files\gtw_logo"
2008-05-23 01:48:40 ( .D... ) "C:\Program Files\Microsoft Money 2006"
2008-05-23 01:48:22 ( .D... ) "C:\Program Files\Common Files\Nullsoft"
2008-05-23 01:48:02 157696 ( A.... ) "C:\WINDOWS\system32\rmoc3260.dll"
2008-05-23 01:47:58 6656 ( A.... ) "C:\WINDOWS\system32\pndx5016.dll"
2008-05-23 01:47:58 5632 ( A.... ) "C:\WINDOWS\system32\pndx5032.dll"
2008-05-23 01:47:58 ( .D... ) "C:\Program Files\Real"
2008-05-23 01:47:56 278528 ( A.... ) "C:\WINDOWS\system32\pncrt.dll"
2008-05-23 01:47:56 ( .D... ) "C:\Program Files\Common Files\Real"
2008-05-23 01:47:44 ( .D... ) "C:\Program Files\Viewpoint"
2008-05-23 01:47:40 ( .D... ) "C:\Program Files\Pure Networks"
2008-05-23 01:47:34 ( .D... ) "C:\Program Files\Common Files\AolCoach"
2008-05-23 01:47:12 ( .D... ) "C:\Program Files\Common Files\aolshare"
2008-05-23 01:47:12 ( .D... ) "C:\Program Files\America Online 9.0"
2008-05-23 01:47:04 ( .D... ) "C:\Program Files\Common Files\AOL"
2008-05-23 01:46:54 ( .D... ) "C:\Program Files\BigFix"
2008-05-23 01:46:04 ( .D... ) "C:\Program Files\Microsoft Works"
2008-05-23 01:45:40 ( .D... ) "C:\Program Files\MSN Encarta Plus"
2008-05-23 01:45:02 ( .D... ) "C:\Program Files\Microsoft Digital Image 2006"
2008-05-23 01:44:56 ( .D... ) "C:\Program Files\Common Files\Adobe"
2008-05-23 01:44:42 ( .D... ) "C:\Program Files\Adobe"
2008-05-23 01:43:22 ( .D... ) "C:\Program Files\Realtek"
2008-05-23 01:41:40 ( .D... ) "C:\Program Files\WildTangent"
2008-05-23 01:41:36 ( .D... ) "C:\Program Files\Gateway Games"
2008-05-23 01:39:46 ( .D... ) "C:\Program Files\Java"
2008-05-23 01:39:44 ( .D... ) "C:\Program Files\Common Files\Java"
2008-05-23 01:38:46 ( .D... ) "C:\Program Files\Digital Media Reader"
2008-05-23 01:37:08 ( .D... ) "C:\Program Files\Microsoft ActiveSync"
2008-05-23 01:37:04 ( .D... ) "C:\Program Files\Common Files\DESIGNER"
2008-05-23 01:36:36 ( .D... ) "C:\Program Files\Microsoft.NET"
2008-05-23 01:36:36 ( .D... ) "C:\Program Files\Microsoft Office"
2008-05-23 01:35:26 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2008-05-23 01:35:26 ( .D... ) "C:\Program Files\CyberLink"
2008-05-23 01:35:24 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2008-05-23 01:33:22 ( .D... ) "C:\Program Files\Google"
2008-05-23 01:25:04 ( .D... ) "C:\Program Files\CONEXANT"
2008-05-22 23:46:04 ( .D... ) "C:\Program Files\Cucusoft"
2008-05-22 23:45:08 ( .D... ) "C:\Program Files\Full Tilt Poker"
2008-05-22 23:43:30 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\AdobeUM"
2008-05-22 23:42:42 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Adobe"
2008-05-22 23:14:16 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Macromedia"
2008-03-27 04:12:54 151583 ( A.... ) "C:\WINDOWS\system32\msjint40.dll"
2008-03-25 00:50:58 838432 ( A.... ) "C:\WINDOWS\system32\mswdat10.dll"
2008-03-25 00:50:58 621344 ( A.... ) "C:\WINDOWS\system32\mswstr10.dll"
2008-03-25 00:50:58 355104 ( A.... ) "C:\WINDOWS\system32\msxbde40.dll"
2008-03-25 00:50:56 264992 ( A.... ) "C:\WINDOWS\system32\mstext40.dll"
2008-03-25 00:50:52 559904 ( A.... ) "C:\WINDOWS\system32\msrepl40.dll"
2008-03-25 00:50:50 322336 ( A.... ) "C:\WINDOWS\system32\msrd3x40.dll"
2008-03-25 00:50:48 432928 ( A.... ) "C:\WINDOWS\system32\msrd2x40.dll"
2008-03-25 00:50:46 355104 ( A.... ) "C:\WINDOWS\system32\mspbde40.dll"
2008-03-25 00:50:44 219936 ( A.... ) "C:\WINDOWS\system32\msltus40.dll"
2008-03-25 00:50:42 248608 ( A.... ) "C:\WINDOWS\system32\msjtes40.dll"
2008-03-25 00:50:42 60192 ( A.... ) "C:\WINDOWS\system32\msjter40.dll"
2008-03-25 00:50:40 355112 ( A.... ) "C:\WINDOWS\system32\msjetoledb40.dll"
2008-03-25 00:50:34 1516568 ( A.... ) "C:\WINDOWS\system32\msjet40.dll"
2008-03-25 00:50:30 326432 ( A.... ) "C:\WINDOWS\system32\msexcl40.dll"
2008-03-25 00:50:28 518944 ( A.... ) "C:\WINDOWS\system32\msexch40.dll"
2008-03-19 05:47:00 1845248 ( A.... ) "C:\WINDOWS\system32\win32k.sys"


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Reminder"="%WINDIR%\\Creator\\Remind_XP.exe"
"Recguard"="%WINDIR%\\SMINST\\RECGUARD.EXE"
"readericon"="C:\\Program Files\\Digital Media Reader\\readericon45G.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1211521631\\EE\\AOLHostManager.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"BM2fcc815f"="Rundll32.exe \"C:\\WINDOWS\\system32\\vbbgqtib.dll\",s"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:000000ff

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Power2GoExpress"="NA"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"HideStartupScripts"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}"=""


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: Sat 06/07/2008 21:26:32.57
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt

New logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:13 PM, on 6/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\121152~1\EE\AOLHOS~1.EXE
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\COMMON~1\AOL\121152~1\EE\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3507
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3507
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1211521631\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [BM2fcc815f] Rundll32.exe "C:\WINDOWS\system32\vbbgqtib.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7982 bytes



Start Time= Sat 06/07/2008 21:25:25.67

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2008-06-07 13:55:02 2560 ( A.... ) "C:\WINDOWS\system32\axjjuced.exe"
2008-06-07 13:52:04 111616 ( A.... ) "C:\WINDOWS\system32\rjokolop.dll"
2008-06-07 13:49:04 94208 ( A.... ) "C:\WINDOWS\system32\iybrdvuo.dll"
2008-06-07 13:46:04 101376 ( A.... ) "C:\WINDOWS\system32\vbbgqtib.dll"
2008-06-07 13:00:04 ( .D... ) "C:\Program Files\PE"
2008-06-06 16:34:26 ( .D... ) "C:\Program Files\Trend Micro"
2008-06-06 16:24:16 108544 ( A.... ) "C:\WINDOWS\system32\vivvylau.dll"
2008-06-06 13:47:00 93184 ( A.... ) "C:\WINDOWS\system32\yuvmaape.dll"
2008-06-06 13:45:26 2560 ( A.... ) "C:\WINDOWS\system32\tefjscgc.exe"
2008-06-06 13:45:18 107520 ( A.... ) "C:\WINDOWS\system32\adutjrbn.dll"
2008-06-04 23:52:22 2560 ( A.... ) "C:\WINDOWS\system32\fwqiglgo.exe"
2008-06-04 23:49:24 104448 ( A.... ) "C:\WINDOWS\system32\jdondpwf.dll"
2008-06-04 23:43:24 106496 ( A.... ) "C:\WINDOWS\system32\daaruwqt.dll"
2008-06-04 16:26:10 3072 ( A.... ) "C:\WINDOWS\system32\ppkdquvd.dll"
2008-06-03 23:47:10 2560 ( A.... ) "C:\WINDOWS\system32\oplmuyet.exe"
2008-06-03 23:44:10 114688 ( A.... ) "C:\WINDOWS\system32\xsxsttaf.dll"
2008-06-03 23:42:04 103424 ( A.... ) "C:\WINDOWS\system32\kyiyxrut.dll"
2008-06-02 18:45:36 89088 ( A.... ) "C:\WINDOWS\system32\kijuvxwq.dll"
2008-06-02 18:39:36 2560 ( A.... ) "C:\WINDOWS\system32\hxmbtywe.exe"
2008-06-02 18:36:36 114688 ( A.... ) "C:\WINDOWS\system32\kpqaedkl.dll"
2008-06-02 18:33:36 3072 ( A.... ) "C:\WINDOWS\system32\jcnsakdc.dll"
2008-06-02 18:30:12 103424 ( A.... ) "C:\WINDOWS\system32\bybkuvag.dll"
2008-06-01 11:47:10 2560 ( A.... ) "C:\WINDOWS\system32\kadkykrs.exe"
2008-06-01 11:39:28 108544 ( A.... ) "C:\WINDOWS\system32\ngixonbm.dll"
2008-06-01 11:37:28 104448 ( A.... ) "C:\WINDOWS\system32\wbpewpph.dll"
2008-05-31 11:33:34 108544 ( A.... ) "C:\WINDOWS\system32\ydibqlmt.dll"
2008-05-31 11:30:34 2560 ( A.... ) "C:\WINDOWS\system32\bonhssob.exe"
2008-05-31 11:28:20 104448 ( A.... ) "C:\WINDOWS\system32\jcwepluu.dll"
2008-05-31 11:27:30 275456 ( A.... ) "C:\WINDOWS\system32\xxyvurss.dll"
2008-05-30 18:06:22 ( .D... ) "C:\Program Files\MSXML 4.0"
2008-05-30 12:12:10 104448 ( A.... ) "C:\WINDOWS\system32\ppkhsgwu.dll"
2008-05-30 12:09:10 109568 ( A.... ) "C:\WINDOWS\system32\urglgmea.dll"
2008-05-30 11:24:12 104448 ( A.... ) "C:\WINDOWS\system32\fwkfbmkr.dll"
2008-05-30 11:21:12 90112 ( A.... ) "C:\WINDOWS\system32\gcbhcteq.dll"
2008-05-30 11:18:12 109568 ( A.... ) "C:\WINDOWS\system32\njbavwys.dll"
2008-05-29 11:21:30 117760 ( A.... ) "C:\WINDOWS\system32\ipkksgss.dll"
2008-05-29 11:15:06 110592 ( A.... ) "C:\WINDOWS\system32\hvgolxgw.dll"
2008-05-29 11:15:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\McAfee.com Personal Firewall"
2008-05-27 20:47:08 110592 ( A.... ) "C:\WINDOWS\system32\ogpqvbnw.dll"
2008-05-26 20:54:00 93696 ( A.... ) "C:\WINDOWS\system32\pbnwgahp.dll"
2008-05-26 20:52:26 117760 ( A.... ) "C:\WINDOWS\system32\ebbkloae.dll"
2008-05-26 20:47:58 108544 ( A.... ) "C:\WINDOWS\system32\mngtifxc.dll"
2008-05-26 13:34:58 117760 ( A.... ) "C:\WINDOWS\system32\dqhdxgjl.dll"
2008-05-26 13:27:30 109056 ( A.... ) "C:\WINDOWS\system32\dundmaoi.dll"
2008-05-25 13:52:42 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Apple Computer"
2008-05-25 13:51:48 ( .D... ) "C:\Program Files\iPod"
2008-05-25 13:51:40 ( .D... ) "C:\Program Files\iTunes"
2008-05-25 13:51:10 ( .D... ) "C:\Program Files\Bonjour"
2008-05-25 13:49:20 ( .D... ) "C:\Program Files\QuickTime"
2008-05-25 13:48:14 ( .D... ) "C:\Program Files\Apple Software Update"
2008-05-25 13:47:18 ( .D... ) "C:\Program Files\Common Files\Apple"
2008-05-25 12:34:32 94208 ( A.... ) "C:\WINDOWS\system32\bgmdjbxw.dll"
2008-05-25 12:31:04 117760 ( A.... ) "C:\WINDOWS\system32\vcuwjgov.dll"
2008-05-25 12:30:16 109056 ( A.... ) "C:\WINDOWS\system32\iabelkdk.dll"
2008-05-24 11:21:58 117760 ( A.... ) "C:\WINDOWS\system32\ocfmhpfr.dll"
2008-05-24 11:18:56 108544 ( A.... ) "C:\WINDOWS\system32\spasywow.dll"
2008-05-23 17:35:14 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\LimeWire"
2008-05-23 17:34:44 ( .D... ) "C:\Program Files\LimeWire"
2008-05-23 17:19:54 ( .D... ) "C:\Program Files\uTorrent"
2008-05-23 17:19:52 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\uTorrent"
2008-05-23 17:05:40 94208 ( A.... ) "C:\WINDOWS\system32\pwieyasl.dll"
2008-05-23 15:41:44 859 ( A.... ) "C:\WINDOWS\system32\winpfz33.sys"
2008-05-23 15:41:44 859 ( A.... ) "C:\WINDOWS\system32\winpfz33.sys"
2008-05-23 15:41:40 63902 ( A.... ) "C:\WINDOWS\system32\{9aa54413-f9bb-c0af-0a90-2a314d6c10bd}.dll-uninst.exe"
2008-05-23 15:41:38 200769 ( A.... ) "C:\WINDOWS\system32\qcntskdm.exe"
2008-05-23 15:41:36 401969 ( A.... ) "C:\WINDOWS\system32\g77.exe"
2008-05-23 15:31:22 28160 ( A.... ) "C:\WINDOWS\system32\cbXPgddB.dll"
2008-05-23 14:13:58 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Google"
2008-05-23 02:10:02 ( .DS.. ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Microsoft"
2008-05-23 02:10:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\You've Got Pictures Screensaver"
2008-05-23 02:10:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\SampleView"
2008-05-23 02:10:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Identities"
2008-05-23 01:51:10 ( .D... ) "C:\Program Files\SIFXINST"
2008-05-23 01:50:34 ( .D... ) "C:\Program Files\McAfee"
2008-05-23 01:49:44 ( .D... ) "C:\Program Files\McAfee.com"
2008-05-23 01:49:38 ( .D... ) "C:\Program Files\gtw_logo"
2008-05-23 01:48:40 ( .D... ) "C:\Program Files\Microsoft Money 2006"
2008-05-23 01:48:22 ( .D... ) "C:\Program Files\Common Files\Nullsoft"
2008-05-23 01:48:02 157696 ( A.... ) "C:\WINDOWS\system32\rmoc3260.dll"
2008-05-23 01:47:58 6656 ( A.... ) "C:\WINDOWS\system32\pndx5016.dll"
2008-05-23 01:47:58 5632 ( A.... ) "C:\WINDOWS\system32\pndx5032.dll"
2008-05-23 01:47:58 ( .D... ) "C:\Program Files\Real"
2008-05-23 01:47:56 278528 ( A.... ) "C:\WINDOWS\system32\pncrt.dll"
2008-05-23 01:47:56 ( .D... ) "C:\Program Files\Common Files\Real"
2008-05-23 01:47:44 ( .D... ) "C:\Program Files\Viewpoint"
2008-05-23 01:47:40 ( .D... ) "C:\Program Files\Pure Networks"
2008-05-23 01:47:34 ( .D... ) "C:\Program Files\Common Files\AolCoach"
2008-05-23 01:47:12 ( .D... ) "C:\Program Files\Common Files\aolshare"
2008-05-23 01:47:12 ( .D... ) "C:\Program Files\America Online 9.0"
2008-05-23 01:47:04 ( .D... ) "C:\Program Files\Common Files\AOL"
2008-05-23 01:46:54 ( .D... ) "C:\Program Files\BigFix"
2008-05-23 01:46:04 ( .D... ) "C:\Program Files\Microsoft Works"
2008-05-23 01:45:40 ( .D... ) "C:\Program Files\MSN Encarta Plus"
2008-05-23 01:45:02 ( .D... ) "C:\Program Files\Microsoft Digital Image 2006"
2008-05-23 01:44:56 ( .D... ) "C:\Program Files\Common Files\Adobe"
2008-05-23 01:44:42 ( .D... ) "C:\Program Files\Adobe"
2008-05-23 01:43:22 ( .D... ) "C:\Program Files\Realtek"
2008-05-23 01:41:40 ( .D... ) "C:\Program Files\WildTangent"
2008-05-23 01:41:36 ( .D... ) "C:\Program Files\Gateway Games"
2008-05-23 01:39:46 ( .D... ) "C:\Program Files\Java"
2008-05-23 01:39:44 ( .D... ) "C:\Program Files\Common Files\Java"
2008-05-23 01:38:46 ( .D... ) "C:\Program Files\Digital Media Reader"
2008-05-23 01:37:08 ( .D... ) "C:\Program Files\Microsoft ActiveSync"
2008-05-23 01:37:04 ( .D... ) "C:\Program Files\Common Files\DESIGNER"
2008-05-23 01:36:36 ( .D... ) "C:\Program Files\Microsoft.NET"
2008-05-23 01:36:36 ( .D... ) "C:\Program Files\Microsoft Office"
2008-05-23 01:35:26 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2008-05-23 01:35:26 ( .D... ) "C:\Program Files\CyberLink"
2008-05-23 01:35:24 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2008-05-23 01:33:22 ( .D... ) "C:\Program Files\Google"
2008-05-23 01:25:04 ( .D... ) "C:\Program Files\CONEXANT"
2008-05-22 23:46:04 ( .D... ) "C:\Program Files\Cucusoft"
2008-05-22 23:45:08 ( .D... ) "C:\Program Files\Full Tilt Poker"
2008-05-22 23:43:30 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\AdobeUM"
2008-05-22 23:42:42 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Adobe"
2008-05-22 23:14:16 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Macromedia"
2008-03-27 04:12:54 151583 ( A.... ) "C:\WINDOWS\system32\msjint40.dll"
2008-03-25 00:50:58 838432 ( A.... ) "C:\WINDOWS\system32\mswdat10.dll"
2008-03-25 00:50:58 621344 ( A.... ) "C:\WINDOWS\system32\mswstr10.dll"
2008-03-25 00:50:58 355104 ( A.... ) "C:\WINDOWS\system32\msxbde40.dll"
2008-03-25 00:50:56 264992 ( A.... ) "C:\WINDOWS\system32\mstext40.dll"
2008-03-25 00:50:52 559904 ( A.... ) "C:\WINDOWS\system32\msrepl40.dll"
2008-03-25 00:50:50 322336 ( A.... ) "C:\WINDOWS\system32\msrd3x40.dll"
2008-03-25 00:50:48 432928 ( A.... ) "C:\WINDOWS\system32\msrd2x40.dll"
2008-03-25 00:50:46 355104 ( A.... ) "C:\WINDOWS\system32\mspbde40.dll"
2008-03-25 00:50:44 219936 ( A.... ) "C:\WINDOWS\system32\msltus40.dll"
2008-03-25 00:50:42 248608 ( A.... ) "C:\WINDOWS\system32\msjtes40.dll"
2008-03-25 00:50:42 60192 ( A.... ) "C:\WINDOWS\system32\msjter40.dll"
2008-03-25 00:50:40 355112 ( A.... ) "C:\WINDOWS\system32\msjetoledb40.dll"
2008-03-25 00:50:34 1516568 ( A.... ) "C:\WINDOWS\system32\msjet40.dll"
2008-03-25 00:50:30 326432 ( A.... ) "C:\WINDOWS\system32\msexcl40.dll"
2008-03-25 00:50:28 518944 ( A.... ) "C:\WINDOWS\system32\msexch40.dll"
2008-03-19 05:47:00 1845248 ( A.... ) "C:\WINDOWS\system32\win32k.sys"


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Reminder"="%WINDIR%\\Creator\\Remind_XP.exe"
"Recguard"="%WINDIR%\\SMINST\\RECGUARD.EXE"
"readericon"="C:\\Program Files\\Digital Media Reader\\readericon45G.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1211521631\\EE\\AOLHostManager.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"BM2fcc815f"="Rundll32.exe \"C:\\WINDOWS\\system32\\vbbgqtib.dll\",s"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:000000ff

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Power2GoExpress"="NA"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"HideStartupScripts"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}"=""


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: Sat 06/07/2008 21:26:32.57
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt

New logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:13 PM, on 6/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\121152~1\EE\AOLHOS~1.EXE
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\COMMON~1\AOL\121152~1\EE\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3507
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3507
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1211521631\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [BM2fcc815f] Rundll32.exe "C:\WINDOWS\system32\vbbgqtib.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7982 bytes



Start Time= Sat 06/07/2008 21:25:25.67

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2008-06-07 13:55:02 2560 ( A.... ) "C:\WINDOWS\system32\axjjuced.exe"
2008-06-07 13:52:04 111616 ( A.... ) "C:\WINDOWS\system32\rjokolop.dll"
2008-06-07 13:49:04 94208 ( A.... ) "C:\WINDOWS\system32\iybrdvuo.dll"
2008-06-07 13:46:04 101376 ( A.... ) "C:\WINDOWS\system32\vbbgqtib.dll"
2008-06-07 13:00:04 ( .D... ) "C:\Program Files\PE"
2008-06-06 16:34:26 ( .D... ) "C:\Program Files\Trend Micro"
2008-06-06 16:24:16 108544 ( A.... ) "C:\WINDOWS\system32\vivvylau.dll"
2008-06-06 13:47:00 93184 ( A.... ) "C:\WINDOWS\system32\yuvmaape.dll"
2008-06-06 13:45:26 2560 ( A.... ) "C:\WINDOWS\system32\tefjscgc.exe"
2008-06-06 13:45:18 107520 ( A.... ) "C:\WINDOWS\system32\adutjrbn.dll"
2008-06-04 23:52:22 2560 ( A.... ) "C:\WINDOWS\system32\fwqiglgo.exe"
2008-06-04 23:49:24 104448 ( A.... ) "C:\WINDOWS\system32\jdondpwf.dll"
2008-06-04 23:43:24 106496 ( A.... ) "C:\WINDOWS\system32\daaruwqt.dll"
2008-06-04 16:26:10 3072 ( A.... ) "C:\WINDOWS\system32\ppkdquvd.dll"
2008-06-03 23:47:10 2560 ( A.... ) "C:\WINDOWS\system32\oplmuyet.exe"
2008-06-03 23:44:10 114688 ( A.... ) "C:\WINDOWS\system32\xsxsttaf.dll"
2008-06-03 23:42:04 103424 ( A.... ) "C:\WINDOWS\system32\kyiyxrut.dll"
2008-06-02 18:45:36 89088 ( A.... ) "C:\WINDOWS\system32\kijuvxwq.dll"
2008-06-02 18:39:36 2560 ( A.... ) "C:\WINDOWS\system32\hxmbtywe.exe"
2008-06-02 18:36:36 114688 ( A.... ) "C:\WINDOWS\system32\kpqaedkl.dll"
2008-06-02 18:33:36 3072 ( A.... ) "C:\WINDOWS\system32\jcnsakdc.dll"
2008-06-02 18:30:12 103424 ( A.... ) "C:\WINDOWS\system32\bybkuvag.dll"
2008-06-01 11:47:10 2560 ( A.... ) "C:\WINDOWS\system32\kadkykrs.exe"
2008-06-01 11:39:28 108544 ( A.... ) "C:\WINDOWS\system32\ngixonbm.dll"
2008-06-01 11:37:28 104448 ( A.... ) "C:\WINDOWS\system32\wbpewpph.dll"
2008-05-31 11:33:34 108544 ( A.... ) "C:\WINDOWS\system32\ydibqlmt.dll"
2008-05-31 11:30:34 2560 ( A.... ) "C:\WINDOWS\system32\bonhssob.exe"
2008-05-31 11:28:20 104448 ( A.... ) "C:\WINDOWS\system32\jcwepluu.dll"
2008-05-31 11:27:30 275456 ( A.... ) "C:\WINDOWS\system32\xxyvurss.dll"
2008-05-30 18:06:22 ( .D... ) "C:\Program Files\MSXML 4.0"
2008-05-30 12:12:10 104448 ( A.... ) "C:\WINDOWS\system32\ppkhsgwu.dll"
2008-05-30 12:09:10 109568 ( A.... ) "C:\WINDOWS\system32\urglgmea.dll"
2008-05-30 11:24:12 104448 ( A.... ) "C:\WINDOWS\system32\fwkfbmkr.dll"
2008-05-30 11:21:12 90112 ( A.... ) "C:\WINDOWS\system32\gcbhcteq.dll"
2008-05-30 11:18:12 109568 ( A.... ) "C:\WINDOWS\system32\njbavwys.dll"
2008-05-29 11:21:30 117760 ( A.... ) "C:\WINDOWS\system32\ipkksgss.dll"
2008-05-29 11:15:06 110592 ( A.... ) "C:\WINDOWS\system32\hvgolxgw.dll"
2008-05-29 11:15:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\McAfee.com Personal Firewall"
2008-05-27 20:47:08 110592 ( A.... ) "C:\WINDOWS\system32\ogpqvbnw.dll"
2008-05-26 20:54:00 93696 ( A.... ) "C:\WINDOWS\system32\pbnwgahp.dll"
2008-05-26 20:52:26 117760 ( A.... ) "C:\WINDOWS\system32\ebbkloae.dll"
2008-05-26 20:47:58 108544 ( A.... ) "C:\WINDOWS\system32\mngtifxc.dll"
2008-05-26 13:34:58 117760 ( A.... ) "C:\WINDOWS\system32\dqhdxgjl.dll"
2008-05-26 13:27:30 109056 ( A.... ) "C:\WINDOWS\system32\dundmaoi.dll"
2008-05-25 13:52:42 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Apple Computer"
2008-05-25 13:51:48 ( .D... ) "C:\Program Files\iPod"
2008-05-25 13:51:40 ( .D... ) "C:\Program Files\iTunes"
2008-05-25 13:51:10 ( .D... ) "C:\Program Files\Bonjour"
2008-05-25 13:49:20 ( .D... ) "C:\Program Files\QuickTime"
2008-05-25 13:48:14 ( .D... ) "C:\Program Files\Apple Software Update"
2008-05-25 13:47:18 ( .D... ) "C:\Program Files\Common Files\Apple"
2008-05-25 12:34:32 94208 ( A.... ) "C:\WINDOWS\system32\bgmdjbxw.dll"
2008-05-25 12:31:04 117760 ( A.... ) "C:\WINDOWS\system32\vcuwjgov.dll"
2008-05-25 12:30:16 109056 ( A.... ) "C:\WINDOWS\system32\iabelkdk.dll"
2008-05-24 11:21:58 117760 ( A.... ) "C:\WINDOWS\system32\ocfmhpfr.dll"
2008-05-24 11:18:56 108544 ( A.... ) "C:\WINDOWS\system32\spasywow.dll"
2008-05-23 17:35:14 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\LimeWire"
2008-05-23 17:34:44 ( .D... ) "C:\Program Files\LimeWire"
2008-05-23 17:19:54 ( .D... ) "C:\Program Files\uTorrent"
2008-05-23 17:19:52 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\uTorrent"
2008-05-23 17:05:40 94208 ( A.... ) "C:\WINDOWS\system32\pwieyasl.dll"
2008-05-23 15:41:44 859 ( A.... ) "C:\WINDOWS\system32\winpfz33.sys"
2008-05-23 15:41:44 859 ( A.... ) "C:\WINDOWS\system32\winpfz33.sys"
2008-05-23 15:41:40 63902 ( A.... ) "C:\WINDOWS\system32\{9aa54413-f9bb-c0af-0a90-2a314d6c10bd}.dll-uninst.exe"
2008-05-23 15:41:38 200769 ( A.... ) "C:\WINDOWS\system32\qcntskdm.exe"
2008-05-23 15:41:36 401969 ( A.... ) "C:\WINDOWS\system32\g77.exe"
2008-05-23 15:31:22 28160 ( A.... ) "C:\WINDOWS\system32\cbXPgddB.dll"
2008-05-23 14:13:58 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Google"
2008-05-23 02:10:02 ( .DS.. ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Microsoft"
2008-05-23 02:10:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\You've Got Pictures Screensaver"
2008-05-23 02:10:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\SampleView"
2008-05-23 02:10:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Identities"
2008-05-23 01:51:10 ( .D... ) "C:\Program Files\SIFXINST"
2008-05-23 01:50:34 ( .D... ) "C:\Program Files\McAfee"
2008-05-23 01:49:44 ( .D... ) "C:\Program Files\McAfee.com"
2008-05-23 01:49:38 ( .D... ) "C:\Program Files\gtw_logo"
2008-05-23 01:48:40 ( .D... ) "C:\Program Files\Microsoft Money 2006"
2008-05-23 01:48:22 ( .D... ) "C:\Program Files\Common Files\Nullsoft"
2008-05-23 01:48:02 157696 ( A.... ) "C:\WINDOWS\system32\rmoc3260.dll"
2008-05-23 01:47:58 6656 ( A.... ) "C:\WINDOWS\system32\pndx5016.dll"
2008-05-23 01:47:58 5632 ( A.... ) "C:\WINDOWS\system32\pndx5032.dll"
2008-05-23 01:47:58 ( .D... ) "C:\Program Files\Real"
2008-05-23 01:47:56 278528 ( A.... ) "C:\WINDOWS\system32\pncrt.dll"
2008-05-23 01:47:56 ( .D... ) "C:\Program Files\Common Files\Real"
2008-05-23 01:47:44 ( .D... ) "C:\Program Files\Viewpoint"
2008-05-23 01:47:40 ( .D... ) "C:\Program Files\Pure Networks"
2008-05-23 01:47:34 ( .D... ) "C:\Program Files\Common Files\AolCoach"
2008-05-23 01:47:12 ( .D... ) "C:\Program Files\Common Files\aolshare"
2008-05-23 01:47:12 ( .D... ) "C:\Program Files\America Online 9.0"
2008-05-23 01:47:04 ( .D... ) "C:\Program Files\Common Files\AOL"
2008-05-23 01:46:54 ( .D... ) "C:\Program Files\BigFix"
2008-05-23 01:46:04 ( .D... ) "C:\Program Files\Microsoft Works"
2008-05-23 01:45:40 ( .D... ) "C:\Program Files\MSN Encarta Plus"
2008-05-23 01:45:02 ( .D... ) "C:\Program Files\Microsoft Digital Image 2006"
2008-05-23 01:44:56 ( .D... ) "C:\Program Files\Common Files\Adobe"
2008-05-23 01:44:42 ( .D... ) "C:\Program Files\Adobe"
2008-05-23 01:43:22 ( .D... ) "C:\Program Files\Realtek"
2008-05-23 01:41:40 ( .D... ) "C:\Program Files\WildTangent"
2008-05-23 01:41:36 ( .D... ) "C:\Program Files\Gateway Games"
2008-05-23 01:39:46 ( .D... ) "C:\Program Files\Java"
2008-05-23 01:39:44 ( .D... ) "C:\Program Files\Common Files\Java"
2008-05-23 01:38:46 ( .D... ) "C:\Program Files\Digital Media Reader"
2008-05-23 01:37:08 ( .D... ) "C:\Program Files\Microsoft ActiveSync"
2008-05-23 01:37:04 ( .D... ) "C:\Program Files\Common Files\DESIGNER"
2008-05-23 01:36:36 ( .D... ) "C:\Program Files\Microsoft.NET"
2008-05-23 01:36:36 ( .D... ) "C:\Program Files\Microsoft Office"
2008-05-23 01:35:26 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2008-05-23 01:35:26 ( .D... ) "C:\Program Files\CyberLink"
2008-05-23 01:35:24 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2008-05-23 01:33:22 ( .D... ) "C:\Program Files\Google"
2008-05-23 01:25:04 ( .D... ) "C:\Program Files\CONEXANT"
2008-05-22 23:46:04 ( .D... ) "C:\Program Files\Cucusoft"
2008-05-22 23:45:08 ( .D... ) "C:\Program Files\Full Tilt Poker"
2008-05-22 23:43:30 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\AdobeUM"
2008-05-22 23:42:42 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Adobe"
2008-05-22 23:14:16 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Macromedia"
2008-03-27 04:12:54 151583 ( A.... ) "C:\WINDOWS\system32\msjint40.dll"
2008-03-25 00:50:58 838432 ( A.... ) "C:\WINDOWS\system32\mswdat10.dll"
2008-03-25 00:50:58 621344 ( A.... ) "C:\WINDOWS\system32\mswstr10.dll"
2008-03-25 00:50:58 355104 ( A.... ) "C:\WINDOWS\system32\msxbde40.dll"
2008-03-25 00:50:56 264992 ( A.... ) "C:\WINDOWS\system32\mstext40.dll"
2008-03-25 00:50:52 559904 ( A.... ) "C:\WINDOWS\system32\msrepl40.dll"
2008-03-25 00:50:50 322336 ( A.... ) "C:\WINDOWS\system32\msrd3x40.dll"
2008-03-25 00:50:48 432928 ( A.... ) "C:\WINDOWS\system32\msrd2x40.dll"
2008-03-25 00:50:46 355104 ( A.... ) "C:\WINDOWS\system32\mspbde40.dll"
2008-03-25 00:50:44 219936 ( A.... ) "C:\WINDOWS\system32\msltus40.dll"
2008-03-25 00:50:42 248608 ( A.... ) "C:\WINDOWS\system32\msjtes40.dll"
2008-03-25 00:50:42 60192 ( A.... ) "C:\WINDOWS\system32\msjter40.dll"
2008-03-25 00:50:40 355112 ( A.... ) "C:\WINDOWS\system32\msjetoledb40.dll"
2008-03-25 00:50:34 1516568 ( A.... ) "C:\WINDOWS\system32\msjet40.dll"
2008-03-25 00:50:30 326432 ( A.... ) "C:\WINDOWS\system32\msexcl40.dll"
2008-03-25 00:50:28 518944 ( A.... ) "C:\WINDOWS\system32\msexch40.dll"
2008-03-19 05:47:00 1845248 ( A.... ) "C:\WINDOWS\system32\win32k.sys"


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Reminder"="%WINDIR%\\Creator\\Remind_XP.exe"
"Recguard"="%WINDIR%\\SMINST\\RECGUARD.EXE"
"readericon"="C:\\Program Files\\Digital Media Reader\\readericon45G.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1211521631\\EE\\AOLHostManager.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"BM2fcc815f"="Rundll32.exe \"C:\\WINDOWS\\system32\\vbbgqtib.dll\",s"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:000000ff

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Power2GoExpress"="NA"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"HideStartupScripts"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}"=""


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: Sat 06/07/2008 21:26:32.57
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt

New logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:13 PM, on 6/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\121152~1\EE\AOLHOS~1.EXE
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\COMMON~1\AOL\121152~1\EE\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3507
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3507
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1211521631\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [BM2fcc815f] Rundll32.exe "C:\WINDOWS\system32\vbbgqtib.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7982 bytes



Start Time= Sat 06/07/2008 21:25:25.67

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2008-06-07 13:55:02 2560 ( A.... ) "C:\WINDOWS\system32\axjjuced.exe"
2008-06-07 13:52:04 111616 ( A.... ) "C:\WINDOWS\system32\rjokolop.dll"
2008-06-07 13:49:04 94208 ( A.... ) "C:\WINDOWS\system32\iybrdvuo.dll"
2008-06-07 13:46:04 101376 ( A.... ) "C:\WINDOWS\system32\vbbgqtib.dll"
2008-06-07 13:00:04 ( .D... ) "C:\Program Files\PE"
2008-06-06 16:34:26 ( .D... ) "C:\Program Files\Trend Micro"
2008-06-06 16:24:16 108544 ( A.... ) "C:\WINDOWS\system32\vivvylau.dll"
2008-06-06 13:47:00 93184 ( A.... ) "C:\WINDOWS\system32\yuvmaape.dll"
2008-06-06 13:45:26 2560 ( A.... ) "C:\WINDOWS\system32\tefjscgc.exe"
2008-06-06 13:45:18 107520 ( A.... ) "C:\WINDOWS\system32\adutjrbn.dll"
2008-06-04 23:52:22 2560 ( A.... ) "C:\WINDOWS\system32\fwqiglgo.exe"
2008-06-04 23:49:24 104448 ( A.... ) "C:\WINDOWS\system32\jdondpwf.dll"
2008-06-04 23:43:24 106496 ( A.... ) "C:\WINDOWS\system32\daaruwqt.dll"
2008-06-04 16:26:10 3072 ( A.... ) "C:\WINDOWS\system32\ppkdquvd.dll"
2008-06-03 23:47:10 2560 ( A.... ) "C:\WINDOWS\system32\oplmuyet.exe"
2008-06-03 23:44:10 114688 ( A.... ) "C:\WINDOWS\system32\xsxsttaf.dll"
2008-06-03 23:42:04 103424 ( A.... ) "C:\WINDOWS\system32\kyiyxrut.dll"
2008-06-02 18:45:36 89088 ( A.... ) "C:\WINDOWS\system32\kijuvxwq.dll"
2008-06-02 18:39:36 2560 ( A.... ) "C:\WINDOWS\system32\hxmbtywe.exe"
2008-06-02 18:36:36 114688 ( A.... ) "C:\WINDOWS\system32\kpqaedkl.dll"
2008-06-02 18:33:36 3072 ( A.... ) "C:\WINDOWS\system32\jcnsakdc.dll"
2008-06-02 18:30:12 103424 ( A.... ) "C:\WINDOWS\system32\bybkuvag.dll"
2008-06-01 11:47:10 2560 ( A.... ) "C:\WINDOWS\system32\kadkykrs.exe"
2008-06-01 11:39:28 108544 ( A.... ) "C:\WINDOWS\system32\ngixonbm.dll"
2008-06-01 11:37:28 104448 ( A.... ) "C:\WINDOWS\system32\wbpewpph.dll"
2008-05-31 11:33:34 108544 ( A.... ) "C:\WINDOWS\system32\ydibqlmt.dll"
2008-05-31 11:30:34 2560 ( A.... ) "C:\WINDOWS\system32\bonhssob.exe"
2008-05-31 11:28:20 104448 ( A.... ) "C:\WINDOWS\system32\jcwepluu.dll"
2008-05-31 11:27:30 275456 ( A.... ) "C:\WINDOWS\system32\xxyvurss.dll"
2008-05-30 18:06:22 ( .D... ) "C:\Program Files\MSXML 4.0"
2008-05-30 12:12:10 104448 ( A.... ) "C:\WINDOWS\system32\ppkhsgwu.dll"
2008-05-30 12:09:10 109568 ( A.... ) "C:\WINDOWS\system32\urglgmea.dll"
2008-05-30 11:24:12 104448 ( A.... ) "C:\WINDOWS\system32\fwkfbmkr.dll"
2008-05-30 11:21:12 90112 ( A.... ) "C:\WINDOWS\system32\gcbhcteq.dll"
2008-05-30 11:18:12 109568 ( A.... ) "C:\WINDOWS\system32\njbavwys.dll"
2008-05-29 11:21:30 117760 ( A.... ) "C:\WINDOWS\system32\ipkksgss.dll"
2008-05-29 11:15:06 110592 ( A.... ) "C:\WINDOWS\system32\hvgolxgw.dll"
2008-05-29 11:15:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\McAfee.com Personal Firewall"
2008-05-27 20:47:08 110592 ( A.... ) "C:\WINDOWS\system32\ogpqvbnw.dll"
2008-05-26 20:54:00 93696 ( A.... ) "C:\WINDOWS\system32\pbnwgahp.dll"
2008-05-26 20:52:26 117760 ( A.... ) "C:\WINDOWS\system32\ebbkloae.dll"
2008-05-26 20:47:58 108544 ( A.... ) "C:\WINDOWS\system32\mngtifxc.dll"
2008-05-26 13:34:58 117760 ( A.... ) "C:\WINDOWS\system32\dqhdxgjl.dll"
2008-05-26 13:27:30 109056 ( A.... ) "C:\WINDOWS\system32\dundmaoi.dll"
2008-05-25 13:52:42 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Apple Computer"
2008-05-25 13:51:48 ( .D... ) "C:\Program Files\iPod"
2008-05-25 13:51:40 ( .D... ) "C:\Program Files\iTunes"
2008-05-25 13:51:10 ( .D... ) "C:\Program Files\Bonjour"
2008-05-25 13:49:20 ( .D... ) "C:\Program Files\QuickTime"
2008-05-25 13:48:14 ( .D... ) "C:\Program Files\Apple Software Update"
2008-05-25 13:47:18 ( .D... ) "C:\Program Files\Common Files\Apple"
2008-05-25 12:34:32 94208 ( A.... ) "C:\WINDOWS\system32\bgmdjbxw.dll"
2008-05-25 12:31:04 117760 ( A.... ) "C:\WINDOWS\system32\vcuwjgov.dll"
2008-05-25 12:30:16 109056 ( A.... ) "C:\WINDOWS\system32\iabelkdk.dll"
2008-05-24 11:21:58 117760 ( A.... ) "C:\WINDOWS\system32\ocfmhpfr.dll"
2008-05-24 11:18:56 108544 ( A.... ) "C:\WINDOWS\system32\spasywow.dll"
2008-05-23 17:35:14 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\LimeWire"
2008-05-23 17:34:44 ( .D... ) "C:\Program Files\LimeWire"
2008-05-23 17:19:54 ( .D... ) "C:\Program Files\uTorrent"
2008-05-23 17:19:52 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\uTorrent"
2008-05-23 17:05:40 94208 ( A.... ) "C:\WINDOWS\system32\pwieyasl.dll"
2008-05-23 15:41:44 859 ( A.... ) "C:\WINDOWS\system32\winpfz33.sys"
2008-05-23 15:41:44 859 ( A.... ) "C:\WINDOWS\system32\winpfz33.sys"
2008-05-23 15:41:40 63902 ( A.... ) "C:\WINDOWS\system32\{9aa54413-f9bb-c0af-0a90-2a314d6c10bd}.dll-uninst.exe"
2008-05-23 15:41:38 200769 ( A.... ) "C:\WINDOWS\system32\qcntskdm.exe"
2008-05-23 15:41:36 401969 ( A.... ) "C:\WINDOWS\system32\g77.exe"
2008-05-23 15:31:22 28160 ( A.... ) "C:\WINDOWS\system32\cbXPgddB.dll"
2008-05-23 14:13:58 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Google"
2008-05-23 02:10:02 ( .DS.. ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Microsoft"
2008-05-23 02:10:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\You've Got Pictures Screensaver"
2008-05-23 02:10:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\SampleView"
2008-05-23 02:10:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Identities"
2008-05-23 01:51:10 ( .D... ) "C:\Program Files\SIFXINST"
2008-05-23 01:50:34 ( .D... ) "C:\Program Files\McAfee"
2008-05-23 01:49:44 ( .D... ) "C:\Program Files\McAfee.com"
2008-05-23 01:49:38 ( .D... ) "C:\Program Files\gtw_logo"
2008-05-23 01:48:40 ( .D... ) "C:\Program Files\Microsoft Money 2006"
2008-05-23 01:48:22 ( .D... ) "C:\Program Files\Common Files\Nullsoft"
2008-05-23 01:48:02 157696 ( A.... ) "C:\WINDOWS\system32\rmoc3260.dll"
2008-05-23 01:47:58 6656 ( A.... ) "C:\WINDOWS\system32\pndx5016.dll"
2008-05-23 01:47:58 5632 ( A.... ) "C:\WINDOWS\system32\pndx5032.dll"
2008-05-23 01:47:58 ( .D... ) "C:\Program Files\Real"
2008-05-23 01:47:56 278528 ( A.... ) "C:\WINDOWS\system32\pncrt.dll"
2008-05-23 01:47:56 ( .D... ) "C:\Program Files\Common Files\Real"
2008-05-23 01:47:44 ( .D... ) "C:\Program Files\Viewpoint"
2008-05-23 01:47:40 ( .D... ) "C:\Program Files\Pure Networks"
2008-05-23 01:47:34 ( .D... ) "C:\Program Files\Common Files\AolCoach"
2008-05-23 01:47:12 ( .D... ) "C:\Program Files\Common Files\aolshare"
2008-05-23 01:47:12 ( .D... ) "C:\Program Files\America Online 9.0"
2008-05-23 01:47:04 ( .D... ) "C:\Program Files\Common Files\AOL"
2008-05-23 01:46:54 ( .D... ) "C:\Program Files\BigFix"
2008-05-23 01:46:04 ( .D... ) "C:\Program Files\Microsoft Works"
2008-05-23 01:45:40 ( .D... ) "C:\Program Files\MSN Encarta Plus"
2008-05-23 01:45:02 ( .D... ) "C:\Program Files\Microsoft Digital Image 2006"
2008-05-23 01:44:56 ( .D... ) "C:\Program Files\Common Files\Adobe"
2008-05-23 01:44:42 ( .D... ) "C:\Program Files\Adobe"
2008-05-23 01:43:22 ( .D... ) "C:\Program Files\Realtek"
2008-05-23 01:41:40 ( .D... ) "C:\Program Files\WildTangent"
2008-05-23 01:41:36 ( .D... ) "C:\Program Files\Gateway Games"
2008-05-23 01:39:46 ( .D... ) "C:\Program Files\Java"
2008-05-23 01:39:44 ( .D... ) "C:\Program Files\Common Files\Java"
2008-05-23 01:38:46 ( .D... ) "C:\Program Files\Digital Media Reader"
2008-05-23 01:37:08 ( .D... ) "C:\Program Files\Microsoft ActiveSync"
2008-05-23 01:37:04 ( .D... ) "C:\Program Files\Common Files\DESIGNER"
2008-05-23 01:36:36 ( .D... ) "C:\Program Files\Microsoft.NET"
2008-05-23 01:36:36 ( .D... ) "C:\Program Files\Microsoft Office"
2008-05-23 01:35:26 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2008-05-23 01:35:26 ( .D... ) "C:\Program Files\CyberLink"
2008-05-23 01:35:24 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2008-05-23 01:33:22 ( .D... ) "C:\Program Files\Google"
2008-05-23 01:25:04 ( .D... ) "C:\Program Files\CONEXANT"
2008-05-22 23:46:04 ( .D... ) "C:\Program Files\Cucusoft"
2008-05-22 23:45:08 ( .D... ) "C:\Program Files\Full Tilt Poker"
2008-05-22 23:43:30 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\AdobeUM"
2008-05-22 23:42:42 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Adobe"
2008-05-22 23:14:16 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Macromedia"
2008-03-27 04:12:54 151583 ( A.... ) "C:\WINDOWS\system32\msjint40.dll"
2008-03-25 00:50:58 838432 ( A.... ) "C:\WINDOWS\system32\mswdat10.dll"
2008-03-25 00:50:58 621344 ( A.... ) "C:\WINDOWS\system32\mswstr10.dll"
2008-03-25 00:50:58 355104 ( A.... ) "C:\WINDOWS\system32\msxbde40.dll"
2008-03-25 00:50:56 264992 ( A.... ) "C:\WINDOWS\system32\mstext40.dll"
2008-03-25 00:50:52 559904 ( A.... ) "C:\WINDOWS\system32\msrepl40.dll"
2008-03-25 00:50:50 322336 ( A.... ) "C:\WINDOWS\system32\msrd3x40.dll"
2008-03-25 00:50:48 432928 ( A.... ) "C:\WINDOWS\system32\msrd2x40.dll"
2008-03-25 00:50:46 355104 ( A.... ) "C:\WINDOWS\system32\mspbde40.dll"
2008-03-25 00:50:44 219936 ( A.... ) "C:\WINDOWS\system32\msltus40.dll"
2008-03-25 00:50:42 248608 ( A.... ) "C:\WINDOWS\system32\msjtes40.dll"
2008-03-25 00:50:42 60192 ( A.... ) "C:\WINDOWS\system32\msjter40.dll"
2008-03-25 00:50:40 355112 ( A.... ) "C:\WINDOWS\system32\msjetoledb40.dll"
2008-03-25 00:50:34 1516568 ( A.... ) "C:\WINDOWS\system32\msjet40.dll"
2008-03-25 00:50:30 326432 ( A.... ) "C:\WINDOWS\system32\msexcl40.dll"
2008-03-25 00:50:28 518944 ( A.... ) "C:\WINDOWS\system32\msexch40.dll"
2008-03-19 05:47:00 1845248 ( A.... ) "C:\WINDOWS\system32\win32k.sys"


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Reminder"="%WINDIR%\\Creator\\Remind_XP.exe"
"Recguard"="%WINDIR%\\SMINST\\RECGUARD.EXE"
"readericon"="C:\\Program Files\\Digital Media Reader\\readericon45G.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1211521631\\EE\\AOLHostManager.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"BM2fcc815f"="Rundll32.exe \"C:\\WINDOWS\\system32\\vbbgqtib.dll\",s"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:000000ff

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Power2GoExpress"="NA"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"HideStartupScripts"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}"=""


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: Sat 06/07/2008 21:26:32.57
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt

New logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:13 PM, on 6/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\121152~1\EE\AOLHOS~1.EXE
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\COMMON~1\AOL\121152~1\EE\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3507
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3507
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1211521631\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [BM2fcc815f] Rundll32.exe "C:\WINDOWS\system32\vbbgqtib.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7982 bytes



Start Time= Sat 06/07/2008 21:25:25.67

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2008-06-07 13:55:02 2560 ( A.... ) "C:\WINDOWS\system32\axjjuced.exe"
2008-06-07 13:52:04 111616 ( A.... ) "C:\WINDOWS\system32\rjokolop.dll"
2008-06-07 13:49:04 94208 ( A.... ) "C:\WINDOWS\system32\iybrdvuo.dll"
2008-06-07 13:46:04 101376 ( A.... ) "C:\WINDOWS\system32\vbbgqtib.dll"
2008-06-07 13:00:04 ( .D... ) "C:\Program Files\PE"
2008-06-06 16:34:26 ( .D... ) "C:\Program Files\Trend Micro"
2008-06-06 16:24:16 108544 ( A.... ) "C:\WINDOWS\system32\vivvylau.dll"
2008-06-06 13:47:00 93184 ( A.... ) "C:\WINDOWS\system32\yuvmaape.dll"
2008-06-06 13:45:26 2560 ( A.... ) "C:\WINDOWS\system32\tefjscgc.exe"
2008-06-06 13:45:18 107520 ( A.... ) "C:\WINDOWS\system32\adutjrbn.dll"
2008-06-04 23:52:22 2560 ( A.... ) "C:\WINDOWS\system32\fwqiglgo.exe"
2008-06-04 23:49:24 104448 ( A.... ) "C:\WINDOWS\system32\jdondpwf.dll"
2008-06-04 23:43:24 106496 ( A.... ) "C:\WINDOWS\system32\daaruwqt.dll"
2008-06-04 16:26:10 3072 ( A.... ) "C:\WINDOWS\system32\ppkdquvd.dll"
2008-06-03 23:47:10 2560 ( A.... ) "C:\WINDOWS\system32\oplmuyet.exe"
2008-06-03 23:44:10 114688 ( A.... ) "C:\WINDOWS\system32\xsxsttaf.dll"
2008-06-03 23:42:04 103424 ( A.... ) "C:\WINDOWS\system32\kyiyxrut.dll"
2008-06-02 18:45:36 89088 ( A.... ) "C:\WINDOWS\system32\kijuvxwq.dll"
2008-06-02 18:39:36 2560 ( A.... ) "C:\WINDOWS\system32\hxmbtywe.exe"
2008-06-02 18:36:36 114688 ( A.... ) "C:\WINDOWS\system32\kpqaedkl.dll"
2008-06-02 18:33:36 3072 ( A.... ) "C:\WINDOWS\system32\jcnsakdc.dll"
2008-06-02 18:30:12 103424 ( A.... ) "C:\WINDOWS\system32\bybkuvag.dll"
2008-06-01 11:47:10 2560 ( A.... ) "C:\WINDOWS\system32\kadkykrs.exe"
2008-06-01 11:39:28 108544 ( A.... ) "C:\WINDOWS\system32\ngixonbm.dll"
2008-06-01 11:37:28 104448 ( A.... ) "C:\WINDOWS\system32\wbpewpph.dll"
2008-05-31 11:33:34 108544 ( A.... ) "C:\WINDOWS\system32\ydibqlmt.dll"
2008-05-31 11:30:34 2560 ( A.... ) "C:\WINDOWS\system32\bonhssob.exe"
2008-05-31 11:28:20 104448 ( A.... ) "C:\WINDOWS\system32\jcwepluu.dll"
2008-05-31 11:27:30 275456 ( A.... ) "C:\WINDOWS\system32\xxyvurss.dll"
2008-05-30 18:06:22 ( .D... ) "C:\Program Files\MSXML 4.0"
2008-05-30 12:12:10 104448 ( A.... ) "C:\WINDOWS\system32\ppkhsgwu.dll"
2008-05-30 12:09:10 109568 ( A.... ) "C:\WINDOWS\system32\urglgmea.dll"
2008-05-30 11:24:12 104448 ( A.... ) "C:\WINDOWS\system32\fwkfbmkr.dll"
2008-05-30 11:21:12 90112 ( A.... ) "C:\WINDOWS\system32\gcbhcteq.dll"
2008-05-30 11:18:12 109568 ( A.... ) "C:\WINDOWS\system32\njbavwys.dll"
2008-05-29 11:21:30 117760 ( A.... ) "C:\WINDOWS\system32\ipkksgss.dll"
2008-05-29 11:15:06 110592 ( A.... ) "C:\WINDOWS\system32\hvgolxgw.dll"
2008-05-29 11:15:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\McAfee.com Personal Firewall"
2008-05-27 20:47:08 110592 ( A.... ) "C:\WINDOWS\system32\ogpqvbnw.dll"
2008-05-26 20:54:00 93696 ( A.... ) "C:\WINDOWS\system32\pbnwgahp.dll"
2008-05-26 20:52:26 117760 ( A.... ) "C:\WINDOWS\system32\ebbkloae.dll"
2008-05-26 20:47:58 108544 ( A.... ) "C:\WINDOWS\system32\mngtifxc.dll"
2008-05-26 13:34:58 117760 ( A.... ) "C:\WINDOWS\system32\dqhdxgjl.dll"
2008-05-26 13:27:30 109056 ( A.... ) "C:\WINDOWS\system32\dundmaoi.dll"
2008-05-25 13:52:42 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Apple Computer"
2008-05-25 13:51:48 ( .D... ) "C:\Program Files\iPod"
2008-05-25 13:51:40 ( .D... ) "C:\Program Files\iTunes"
2008-05-25 13:51:10 ( .D... ) "C:\Program Files\Bonjour"
2008-05-25 13:49:20 ( .D... ) "C:\Program Files\QuickTime"
2008-05-25 13:48:14 ( .D... ) "C:\Program Files\Apple Software Update"
2008-05-25 13:47:18 ( .D... ) "C:\Program Files\Common Files\Apple"
2008-05-25 12:34:32 94208 ( A.... ) "C:\WINDOWS\system32\bgmdjbxw.dll"
2008-05-25 12:31:04 117760 ( A.... ) "C:\WINDOWS\system32\vcuwjgov.dll"
2008-05-25 12:30:16 109056 ( A.... ) "C:\WINDOWS\system32\iabelkdk.dll"
2008-05-24 11:21:58 117760 ( A.... ) "C:\WINDOWS\system32\ocfmhpfr.dll"
2008-05-24 11:18:56 108544 ( A.... ) "C:\WINDOWS\system32\spasywow.dll"
2008-05-23 17:35:14 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\LimeWire"
2008-05-23 17:34:44 ( .D... ) "C:\Program Files\LimeWire"
2008-05-23 17:19:54 ( .D... ) "C:\Program Files\uTorrent"
2008-05-23 17:19:52 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\uTorrent"
2008-05-23 17:05:40 94208 ( A.... ) "C:\WINDOWS\system32\pwieyasl.dll"
2008-05-23 15:41:44 859 ( A.... ) "C:\WINDOWS\system32\winpfz33.sys"
2008-05-23 15:41:44 859 ( A.... ) "C:\WINDOWS\system32\winpfz33.sys"
2008-05-23 15:41:40 63902 ( A.... ) "C:\WINDOWS\system32\{9aa54413-f9bb-c0af-0a90-2a314d6c10bd}.dll-uninst.exe"
2008-05-23 15:41:38 200769 ( A.... ) "C:\WINDOWS\system32\qcntskdm.exe"
2008-05-23 15:41:36 401969 ( A.... ) "C:\WINDOWS\system32\g77.exe"
2008-05-23 15:31:22 28160 ( A.... ) "C:\WINDOWS\system32\cbXPgddB.dll"
2008-05-23 14:13:58 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Google"
2008-05-23 02:10:02 ( .DS.. ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Microsoft"
2008-05-23 02:10:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\You've Got Pictures Screensaver"
2008-05-23 02:10:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\SampleView"
2008-05-23 02:10:02 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Identities"
2008-05-23 01:51:10 ( .D... ) "C:\Program Files\SIFXINST"
2008-05-23 01:50:34 ( .D... ) "C:\Program Files\McAfee"
2008-05-23 01:49:44 ( .D... ) "C:\Program Files\McAfee.com"
2008-05-23 01:49:38 ( .D... ) "C:\Program Files\gtw_logo"
2008-05-23 01:48:40 ( .D... ) "C:\Program Files\Microsoft Money 2006"
2008-05-23 01:48:22 ( .D... ) "C:\Program Files\Common Files\Nullsoft"
2008-05-23 01:48:02 157696 ( A.... ) "C:\WINDOWS\system32\rmoc3260.dll"
2008-05-23 01:47:58 6656 ( A.... ) "C:\WINDOWS\system32\pndx5016.dll"
2008-05-23 01:47:58 5632 ( A.... ) "C:\WINDOWS\system32\pndx5032.dll"
2008-05-23 01:47:58 ( .D... ) "C:\Program Files\Real"
2008-05-23 01:47:56 278528 ( A.... ) "C:\WINDOWS\system32\pncrt.dll"
2008-05-23 01:47:56 ( .D... ) "C:\Program Files\Common Files\Real"
2008-05-23 01:47:44 ( .D... ) "C:\Program Files\Viewpoint"
2008-05-23 01:47:40 ( .D... ) "C:\Program Files\Pure Networks"
2008-05-23 01:47:34 ( .D... ) "C:\Program Files\Common Files\AolCoach"
2008-05-23 01:47:12 ( .D... ) "C:\Program Files\Common Files\aolshare"
2008-05-23 01:47:12 ( .D... ) "C:\Program Files\America Online 9.0"
2008-05-23 01:47:04 ( .D... ) "C:\Program Files\Common Files\AOL"
2008-05-23 01:46:54 ( .D... ) "C:\Program Files\BigFix"
2008-05-23 01:46:04 ( .D... ) "C:\Program Files\Microsoft Works"
2008-05-23 01:45:40 ( .D... ) "C:\Program Files\MSN Encarta Plus"
2008-05-23 01:45:02 ( .D... ) "C:\Program Files\Microsoft Digital Image 2006"
2008-05-23 01:44:56 ( .D... ) "C:\Program Files\Common Files\Adobe"
2008-05-23 01:44:42 ( .D... ) "C:\Program Files\Adobe"
2008-05-23 01:43:22 ( .D... ) "C:\Program Files\Realtek"
2008-05-23 01:41:40 ( .D... ) "C:\Program Files\WildTangent"
2008-05-23 01:41:36 ( .D... ) "C:\Program Files\Gateway Games"
2008-05-23 01:39:46 ( .D... ) "C:\Program Files\Java"
2008-05-23 01:39:44 ( .D... ) "C:\Program Files\Common Files\Java"
2008-05-23 01:38:46 ( .D... ) "C:\Program Files\Digital Media Reader"
2008-05-23 01:37:08 ( .D... ) "C:\Program Files\Microsoft ActiveSync"
2008-05-23 01:37:04 ( .D... ) "C:\Program Files\Common Files\DESIGNER"
2008-05-23 01:36:36 ( .D... ) "C:\Program Files\Microsoft.NET"
2008-05-23 01:36:36 ( .D... ) "C:\Program Files\Microsoft Office"
2008-05-23 01:35:26 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2008-05-23 01:35:26 ( .D... ) "C:\Program Files\CyberLink"
2008-05-23 01:35:24 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2008-05-23 01:33:22 ( .D... ) "C:\Program Files\Google"
2008-05-23 01:25:04 ( .D... ) "C:\Program Files\CONEXANT"
2008-05-22 23:46:04 ( .D... ) "C:\Program Files\Cucusoft"
2008-05-22 23:45:08 ( .D... ) "C:\Program Files\Full Tilt Poker"
2008-05-22 23:43:30 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\AdobeUM"
2008-05-22 23:42:42 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Adobe"
2008-05-22 23:14:16 ( .D... ) "C:\Documents and Settings\Owner.YOUR-833BEBEC1E\Application Data\Macromedia"
2008-03-27 04:12:54 151583 ( A.... ) "C:\WINDOWS\system32\msjint40.dll"
2008-03-25 00:50:58 838432 ( A.... ) "C:\WINDOWS\system32\mswdat10.dll"
2008-03-25 00:50:58 621344 ( A.... ) "C:\WINDOWS\system32\mswstr10.dll"
2008-03-25 00:50:58 355104 ( A.... ) "C:\WINDOWS\system32\msxbde40.dll"
2008-03-25 00:50:56 264992 ( A.... ) "C:\WINDOWS\system32\mstext40.dll"
2008-03-25 00:50:52 559904 ( A.... ) "C:\WINDOWS\system32\msrepl40.dll"
2008-03-25 00:50:50 322336 ( A.... ) "C:\WINDOWS\system32\msrd3x40.dll"
2008-03-25 00:50:48 432928 ( A.... ) "C:\WINDOWS\system32\msrd2x40.dll"
2008-03-25 00:50:46 355104 ( A.... ) "C:\WINDOWS\system32\mspbde40.dll"
2008-03-25 00:50:44 219936 ( A.... ) "C:\WINDOWS\system32\msltus40.dll"
2008-03-25 00:50:42 248608 ( A.... ) "C:\WINDOWS\system32\msjtes40.dll"
2008-03-25 00:50:42 60192 ( A.... ) "C:\WINDOWS\system32\msjter40.dll"
2008-03-25 00:50:40 355112 ( A.... ) "C:\WINDOWS\system32\msjetoledb40.dll"
2008-03-25 00:50:34 1516568 ( A.... ) "C:\WINDOWS\system32\msjet40.dll"
2008-03-25 00:50:30 326432 ( A.... ) "C:\WINDOWS\system32\msexcl40.dll"
2008-03-25 00:50:28 518944 ( A.... ) "C:\WINDOWS\system32\msexch40.dll"
2008-03-19 05:47:00 1845248 ( A.... ) "C:\WINDOWS\system32\win32k.sys"


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Reminder"="%WINDIR%\\Creator\\Remind_XP.exe"
"Recguard"="%WINDIR%\\SMINST\\RECGUARD.EXE"
"readericon"="C:\\Program Files\\Digital Media Reader\\readericon45G.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1211521631\\EE\\AOLHostManager.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"BM2fcc815f"="Rundll32.exe \"C:\\WINDOWS\\system32\\vbbgqtib.dll\",s"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:000000ff

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Power2GoExpress"="NA"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"HideStartupScripts"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}"=""


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: Sat 06/07/2008 21:26:32.57
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt

#10 pskelley

pskelley

  • Staff Emeritus
  • 1,487 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 08 June 2008 - 08:37 AM

Somehow you are not following the directions I am posting, return to my post #8 and read carefully those directions.

See the item in the code box: C:\WINDOWS\system32\vbbgqtib.dll

here is is in the newest HJT log you just posted:
O4 - HKLM\..\Run: [BM2fcc815f] Rundll32.exe "C:\WINDOWS\system32\vbbgqtib.dll",s
That is the item causing the popups.

Do not do any other scans, follow the directions.
QuickScan did not find any signs of infected files ???

Look at this log where the CFScript is being run correctly in post #4.
When finished you will get a response similiar to this:

C:\Documents and Settings\(edit)XXXXXX\Desktop\cfscript.txt

The option would be to navigate to that file:
C:\WINDOWS\system32\vbbgqtib.dll <<< and delete it manually.

Thanks
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#11 ktownmvp22

ktownmvp22
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 08 June 2008 - 12:58 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:41 PM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\RTHDCPL.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\COMMON~1\AOL\121152~1\EE\AOLHOS~1.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\COMMON~1\AOL\121152~1\EE\AOLServiceHost.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3507
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3507
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1211521631\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [mount.exe] C:\Program Files\GiPo@Utilities\FileUtilities.3\mount.exe /z
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7944 bytes

#12 pskelley

pskelley

  • Staff Emeritus
  • 1,487 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 08 June 2008 - 02:02 PM

Looks like you got it, the HJT log is clean of malware. I will make suggestions, first some information:
http://forums.spybot.info/showthread.php?t=282
http://www.nutnworks.com/SafeHex/file_sharing.htm

C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
This program is dngerous enough as it is, if you must use it, I suggest you start it when you need it and stop it when done, now you have it running everytime you start the computer.

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
I also suggest you consider updating to IE 7 if just for the additional security it provides.
http://www.microsoft.com/windows/products/...ie/default.mspx

This will remove combofix from your computer:
Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

Posted Image


This scan will check to make sure we missed no malware:
Run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner
Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.

Then post it here. <<< if the scan should be clean, there is no need to post it.

Thanks
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#13 pskelley

pskelley

  • Staff Emeritus
  • 1,487 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 18 June 2008 - 06:52 PM

Some good information for you:
http://users.telenet.be/bluepatchy/miekiem...owcomputer.html
http://www.microsoft.com/windowsxp/using/h...ps/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiem...prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
BleepingComputer
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users