Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumode, Darksma, And Others Infected My Pc


  • This topic is locked This topic is locked
67 replies to this topic

#1 helpcook

helpcook

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 22 June 2008 - 02:05 PM

I have the darksma trojan or virus on my computer, virtumode and other malware. I get message saying you may have a virus click here for protection, task manager has been disabled, can't update windows, can't do a disc clean, get unwanted pop ups for spyware removal,etc. Got past the task manager problem. Have tried trojan downloader, CA, Registy repair, Spybot, Adware, Smitfraud fix, etc. Nothing fixed the problem and some of them said they experienced an error and skipped part of their scan, etc. Then downloaded Spyware Doctor and found more problems. When I try to fix the problems Spware Doctor found my screen goes blue and says something about an error and reboots. I tried everything in safe and nomal mode same problem. I've spent 40+ hours on this and need help. I have read numerous other posts similar to mine, but still can't get it fixed. It appears my registry is messed up. Here is my hijack log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23:20, on 6/21/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\System32\aniServ.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\portsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NBC 5 LIVE ONLINE\liveonline_3102752.exe
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\iftuyszv.exe,C:\WINDOWS\system32\iftuyszv.exe,
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Mskexe] c:\program files\mcafee\spamkiller\spamkiller.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1090975203\ee\AOLHostManager.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: NBC 5 LIVE ONLINE.lnk = C:\Program Files\NBC 5 LIVE ONLINE\liveonline_3102752.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - ?p=ZUxdm265LWUS
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\System32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installd...leanerstart.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1148771861161
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213744364730
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://66.179.44.121./MediaCM/VisitorChat/TLIEFlash.CAB
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {E596DF5F-4239-4D40-8367-EBADF0165917} - http://advancedcleaner.com/.cleaner/cab/installadcleaner.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...rcabinstall.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11706 bytes

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:48 AM

Posted 23 June 2008 - 09:59 AM

Hello helpcook,

I have read numerous other posts similar to mine, but still can't get it fixed. It appears my registry is messed up.



It is a very bad idea to copy someone elses post, as each one is specific to the infection on that persons computer. You may have done more damage than good. :thumbsup:

You said you used a "Registy repair". You may have shot yourself in the foot.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.


Please perform this online scan: Kaspersky Webscan

Note that you need to run this scan with Internet Explorer for it to work correctly.

If you have any problem running the scan to completion, disable your Antivirus and/or firewall temporarily, just refrain from surfing around while the scan is running and be sure to re-enable when done.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appear asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat step 1.
3. Select "Install" to download the ActiveX controls that allows Kaspersky to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. Wait for the scanner to initialize and update its databases. When the download is complete it will say ready, click "Next"
6. Click "Scan Settings" and check the option to use the EXTENDED DATABASE,
Scan Options:
Scan Archives
Scan Mail Bases


then click "OK"
7. Select a target to scan: Click on "My Computer" and the scan will begin.
8. Once the scan is complete it will display if your system has been infected.
Now click on the Save Report As... button:

Posted Image

Under Save as type select Text file write name for the file and save it to your Desktop.
Locate the file at the Desktop, open it, then copy and paste that information in your next post.
9. Post the Kaspersky scan results in your next reply.




We need to create a Deckard's System Scanner (DSS) Log
Please download Deckard's System Scanner (DSS) from one of the links below and save to your Desktop.
Primary Mirror
Secondary Mirror

DSS will do the following:
1. Create a new System Restore point in Windows XP and Vista.
2. Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
3. Check some important areas of your system and produce a report for an analyst to review.
4. Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.

Note: You must be logged onto an account with administrator privileges when using Deckard's System Scanner.

1. Close all applications and windows.
2. Double-click on dss.exe to run it and follow the prompts.

3. If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
4. When the scan is complete, two text files will open in Notepad:
main.txt <-- Will be maximized
extra.txt <-- Will be minimized
5. If not, they both can be found in the C:\Deckard\System Scanner folder.
6. Please copy (<Control>+C) and paste (<Control>+V) the contents of main.txt and extra.txt in your next reply.

Note: When running DSS, some firewalls may warn that DSS is trying to access the Internet; especially if you are asked to download the most current version of HijackThis. Please ensure that DSS is given permission to access the internet.
Note: If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.

In your next reply, I need to see the following reports:
DSS Main.txt
DSS Extra.txt
Kaspersky scan

Edited by SifuMike, 23 June 2008 - 10:07 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 helpcook

helpcook
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 23 June 2008 - 03:44 PM

Sorry for any confustion about copying the hijack log. I copied it from my earlier post which I put in the wrong forum. Computer is crawling. Will bring up Internet Explorer but havingt a tuff time getting the kaspersky page to come up. Can I execute this program. etc. from safe mode with networking. Also, I saw something from another computer i own in the kaspersky web site that I was to run the progam using administrator. Is that right? If so, I was going to run safe mode with networking under administrator. Thanks, David

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:48 AM

Posted 23 June 2008 - 04:32 PM

Will bring up Internet Explorer but havingt a tuff time getting the kaspersky page to come up. Can I execute this program. etc. from safe mode with networking.


Only run it with Safe Mode with Networking if you cant run it in Normal mode.
Kapsersky site is very busy, so it may take many tries to get it going.


Also, I saw something from another computer i own in the kaspersky web site that I was to run the progam using administrator. Is that right

?

Yes, according to the Requirements at the web site.

Requirements and limitations:
When using this service the first time, you have to run with Administrator privileges to install the product.


Edited by SifuMike, 23 June 2008 - 04:37 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:48 AM

Posted 23 June 2008 - 11:31 PM

Hi helpcook,


Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop.
Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

-- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..."
Please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press Ok and then run SDFix again.

-- If the Command Prompt window flashes on then off again on XP or Win 2000, please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\FixPath.exe /Q
Reboot and then run SDFix again.

-- If SDFix still does not run, check the %comspec% variable. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe.
%SystemRoot%\system32\cmd.exe

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 helpcook

helpcook
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 24 June 2008 - 01:09 AM

Got the computer to run in normal mode to obtain the files you requested. For some reason I couldn't connect to bleeping computer's logon, etc. until I rebooted in safe mode.

Here are the reports you requested.

Have not ran SDfix you mentioned above. Do you want me to still run it?

Thanks for all of your help. I do appreciate it.

David

Deckard's System Scanner v20071014.68
Run by David Cook on 2008-06-23 20:25:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-06-24 02:25:26 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).
System Drive C: has 1.72 GiB (less than 15%) free.


-- HijackThis (run as David Cook.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:27:45, on 6/23/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\System32\aniServ.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\portsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\David Cook\Desktop\deckard's.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\David Cook.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bleepingcomputer.com/forums/lofiver...hp/t147284.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {08CF93C4-1C73-4604-BA38-30F0944AAEBD} - (no file)
O2 - BHO: (no name) - {1808A105-5802-4D8A-87B4-3CA66F604728} - C:\WINDOWS\system32\fccbATjk.dll
O2 - BHO: (no name) - {1D52986A-B6DC-47EC-B51D-5B578E5C461B} - (no file)
O2 - BHO: (no name) - {32131238-5434-4234-4234-432432423432} - (no file)
O2 - BHO: (no name) - {35BC79CA-6FC7-499B-AE7E-54020F06E4B4} - (no file)
O2 - BHO: (no name) - {36F2D7D4-139A-460B-B246-471062E0CDBB} - (no file)
O2 - BHO: (no name) - {44ac668e-aca1-416f-b256-f195913733d3} - C:\WINDOWS\System32\tnqpflto.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {e73a8078-5b05-952b-6844-3ddd99da25f6} - {6f52ad99-ddd3-4486-b259-50b58708a37e} - C:\WINDOWS\System32\lidfqajl.dll
O2 - BHO: (no name) - {9BCCFB11-8CC9-4864-83C2-E8B4D834945C} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AEB4CEDB-AF21-435E-978E-62F6B74159DF} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {B01C92CF-59BC-4D9C-A043-309BF60B39CB} - (no file)
O2 - BHO: (no name) - {C719AC96-BF05-4825-ABF7-2948A50DB993} - C:\WINDOWS\System32\ddcCUmJD.dll
O2 - BHO: (no name) - {D83D5080-A0F2-448E-A7D5-FFD3FFA4C221} - (no file)
O2 - BHO: (no name) - {DACE9A1F-761F-46FB-88EF-20B35175D21C} - (no file)
O2 - BHO: (no name) - {EEB095E5-D684-4A60-BD48-C5BEF185ACA2} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Mskexe] c:\program files\mcafee\spamkiller\spamkiller.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1090975203\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [BM8b58fbad] Rundll32.exe "C:\WINDOWS\System32\mtgixpxw.dll",s
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: NBC 5 LIVE ONLINE.lnk = C:\Program Files\NBC 5 LIVE ONLINE\liveonline_3102752.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - ?p=ZUxdm265LWUS
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\System32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1148771861161
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213744364730
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://66.179.44.121./MediaCM/VisitorChat/TLIEFlash.CAB
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...rcabinstall.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL lidfqajl.dll
O20 - Winlogon Notify: fccbATjk - C:\WINDOWS\SYSTEM32\fccbATjk.dll
O20 - Winlogon Notify: winkxe32 - winkxe32.dll (file missing)
O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13414 bytes

-- File Associations -----------------------------------------------------------

.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 Airgo (Belkin Wireless Pre-N Notebook Network Driver) - c:\windows\system32\drivers\wnihdd51.sys <Not Verified; Belkin Corporation, Inc.; Belkin Wireless Pre-N Notebook Network Card>
R3 WNIPROT5 (WNIPROT5 Protocol Driver) - c:\windows\system32\wniprot5.sys <Not Verified; Airgo Networks, Inc.; Airgo Networks Wireless Ethernet Adapter>

S3 TnIDriver - c:\docume~1\davidc~1\locals~1\temp\tni49d.tmp (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ANISERVICE (Airgo Networks NIC Service) - c:\windows\system32\aniserv.exe <Not Verified; Airgo Networks, Inc.; Airgo NIC Service>
R2 PlugPlayRPC (Plug and Play (RPC)) - c:\windows\portsv.exe service
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-17 14:29:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-06-03 23:16:37 432 --a------ C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as David Cook at 9 25 PM.job
2008-06-02 07:08:23 380 --a------ C:\WINDOWS\Tasks\PPv5Scan_Daily as David Cook at 2 00 AM.job
2007-09-16 09:13:28 326 --a------ C:\WINDOWS\Tasks\Registry Repair4.job
2004-03-12 11:48:59 258 --a------ C:\WINDOWS\Tasks\Registration reminder 3.job


-- Files created between 2008-05-23 and 2008-06-23 -----------------------------

2008-06-23 15:00:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-23 15:00:19 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
2008-06-23 15:00:10 0 d-------- C:\WINDOWS\LastGood
2008-06-23 13:56:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-23 13:38:27 107872 --a------ C:\WINDOWS\System32\lidfqajl.dll
2008-06-23 13:35:59 84848 --a------ C:\WINDOWS\System32\blplfppc.dll
2008-06-23 13:35:16 91488 --a------ C:\WINDOWS\System32\mtgixpxw.dll
2008-06-22 17:36:16 1524 --ahs---- C:\WINDOWS\System32\DJmUCcdd.ini2
2008-06-22 13:58:50 0 dr-h----- C:\Documents and Settings\David Cook\Recent
2008-06-22 13:55:53 0 d-------- C:\Program Files\CCleaner
2008-06-21 16:06:36 0 d-------- C:\Documents and Settings\David Cook\Application Data\Malwarebytes
2008-06-21 16:06:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-21 16:06:03 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-21 14:47:37 0 d-------- C:\Program Files\Trend Micro
2008-06-21 09:35:30 101728 --a------ C:\WINDOWS\System32\tnqpflto.dll
2008-06-21 09:34:53 90464 --a------ C:\WINDOWS\System32\qjceypli.dll
2008-06-18 13:10:02 0 d-------- C:\Documents and Settings\David Cook\Application Data\PC Tools
2008-06-18 13:10:01 0 d-------- C:\Program Files\Spyware Doctor
2008-06-18 08:43:26 101712 --a------ C:\WINDOWS\System32\goetdips.dll
2008-06-18 08:40:26 90368 --a------ C:\WINDOWS\System32\grmqelwf.dll
2008-06-17 09:30:46 90416 --a------ C:\WINDOWS\System32\fftoiaaw.dll
2008-06-17 08:56:07 101728 --a------ C:\WINDOWS\System32\pyxuiqos.dll
2008-06-17 08:50:21 90416 --a------ C:\WINDOWS\System32\csupcsoe.dll
2008-06-17 08:38:29 90416 --a------ C:\WINDOWS\System32\keomtqtx.dll
2008-06-16 06:29:43 101648 --a------ C:\WINDOWS\System32\vlghaawh.dll
2008-06-16 06:26:38 90448 --a------ C:\WINDOWS\System32\eslbsgmf.dll
2008-06-14 16:21:11 101712 --a------ C:\WINDOWS\System32\bvxqtafx.dll
2008-06-14 16:15:14 90432 --a------ C:\WINDOWS\System32\sdvahwni.dll
2008-06-12 22:38:41 101616 --a------ C:\WINDOWS\System32\rjfdfijo.dll
2008-06-12 22:38:08 90400 --a------ C:\WINDOWS\System32\hkosslrj.dll
2008-06-12 22:35:09 318256 -----n--- C:\WINDOWS\System32\ddcCUmJD.dll
2008-06-12 10:54:33 101616 --a------ C:\WINDOWS\System32\xnsukwfq.dll
2008-06-12 10:49:18 90400 --a------ C:\WINDOWS\System32\psievfyv.dll
2008-06-12 10:48:32 460189 --ahs---- C:\WINDOWS\System32\ehkUuBeg.ini2
2008-06-12 09:51:06 0 d-------- C:\Program Files\altcmd
2008-06-12 09:51:02 163840 --a------ C:\WINDOWS\System32\2q4w4e.exe
2008-06-08 00:57:08 3418 --a------ C:\WINDOWS\System32\tmp.reg
2008-06-08 00:56:05 0 d-------- C:\Documents and Settings\David Cook\SmitfraudFix
2008-06-08 00:30:51 6077 --ahs---- C:\WINDOWS\System32\VyxbHggh.ini2
2008-06-04 09:15:10 91008 --a------ C:\WINDOWS\System32\dwgklmjm.dll
2008-06-04 09:14:49 538245 --ahs---- C:\WINDOWS\System32\xxHNoUvw.ini2
2008-06-04 08:17:41 467 --ahs---- C:\WINDOWS\System32\fMmVyyay.ini2
2008-06-04 06:39:14 98224 --a------ C:\WINDOWS\System32\clhvwgfw.dll
2008-06-04 05:30:13 0 d-------- C:\Documents and Settings\David Cook\Application Data\TrojanHunter
2008-06-04 05:19:46 0 d-------- C:\WINDOWS\CAVTemp
2008-06-04 05:19:39 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-06-04 04:52:43 347 --ahs---- C:\WINDOWS\System32\JPYxGfhk.ini2
2008-06-04 03:37:25 347 --ahs---- C:\WINDOWS\System32\CKlVxyxx.ini2
2008-06-04 01:20:50 98208 --a------ C:\WINDOWS\System32\yoyfeigt.dll
2008-06-04 01:20:00 1580 --ahs---- C:\WINDOWS\System32\MlTwaGgh.ini2
2008-06-03 23:49:49 347 --ahs---- C:\WINDOWS\System32\vEfNnnmp.ini2
2008-06-03 23:25:59 347 --ahs---- C:\WINDOWS\System32\BdffLRqr.ini2
2008-06-03 19:05:22 98208 --a------ C:\WINDOWS\System32\qqvwgjnf.dll
2008-06-03 19:02:21 2043 --ahs---- C:\WINDOWS\System32\HQpsDcdd.ini2
2008-06-03 18:57:03 26496 -----n--- C:\WINDOWS\System32\fccbATjk.dll
2008-06-03 14:34:39 0 d-------- C:\WINDOWS\System32\3591
2008-06-03 14:34:38 55808 --a------ C:\WINDOWS\portsv.exe
2008-06-03 13:45:00 401977 --a------ C:\WINDOWS\System32\g64.exe
2008-06-03 13:34:46 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-06-03 13:34:45 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-06-03 13:34:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-06-03 13:34:38 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-06-03 13:34:26 4 --a------ C:\WINDOWS\System32\hljwugsf.bin
2008-06-03 13:34:09 0 d-------- C:\WINDOWS\System32\Vco1
2008-06-03 13:34:09 0 d-------- C:\WINDOWS\System32\sTMP
2008-06-03 13:34:09 0 d-------- C:\WINDOWS\System32\Dev3
2008-06-03 13:34:09 0 d-------- C:\WINDOWS\System32\a053
2008-06-03 13:34:09 0 d-------- C:\WINDOWS\System32\6026c
2008-06-03 13:34:02 0 d-------- C:\WINDOWS\System32\vntiho01


-- Find3M Report ---------------------------------------------------------------

2008-06-03 23:15:38 0 d-------- C:\Program Files\CA
2008-06-03 19:05:27 0 d-------- C:\Program Files\Uniblue


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08CF93C4-1C73-4604-BA38-30F0944AAEBD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1808A105-5802-4D8A-87B4-3CA66F604728}]
06/03/2008 18:57 26496 --------- C:\WINDOWS\system32\fccbATjk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D52986A-B6DC-47EC-B51D-5B578E5C461B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32131238-5434-4234-4234-432432423432}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35BC79CA-6FC7-499B-AE7E-54020F06E4B4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36F2D7D4-139A-460B-B246-471062E0CDBB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44ac668e-aca1-416f-b256-f195913733d3}]
06/21/2008 09:35 101728 --a------ C:\WINDOWS\System32\tnqpflto.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6f52ad99-ddd3-4486-b259-50b58708a37e}]
06/23/2008 13:38 107872 --a------ C:\WINDOWS\System32\lidfqajl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9BCCFB11-8CC9-4864-83C2-E8B4D834945C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEB4CEDB-AF21-435E-978E-62F6B74159DF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B01C92CF-59BC-4D9C-A043-309BF60B39CB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C719AC96-BF05-4825-ABF7-2948A50DB993}]
06/12/2008 22:35 318256 --------- C:\WINDOWS\System32\ddcCUmJD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D83D5080-A0F2-448E-A7D5-FFD3FFA4C221}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DACE9A1F-761F-46FB-88EF-20B35175D21C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEB095E5-D684-4A60-BD48-C5BEF185ACA2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [03/18/2003 16:49 C:\WINDOWS\system32\carpserv.exe]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [02/27/2003 12:04]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 18:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/25/2003 17:00]
"Mouse Suite 98 Daemon"="ICO.EXE" [03/14/2002 17:46 C:\WINDOWS\system32\ico.exe]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/19/2003 23:08]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [08/20/2002 11:29]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [03/17/2003 10:00]
"ZTgServerSwitch"="c:\program files\support.com\client\lserver\server.vbs" [04/08/2003 13:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 09:54]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe" [10/12/2004 10:14]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 18:05]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" []
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" []
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" []
"Mskexe"="c:\program files\mcafee\spamkiller\spamkiller.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1090975203\ee\AOLHostManager.exe" []
"BM8b58fbad"="C:\WINDOWS\System32\mtgixpxw.dll" [06/23/2008 13:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [08/05/2005 15:08]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/29/2007 13:57]

C:\Documents and Settings\David Cook\Start Menu\Programs\Startup\
NBC 5 LIVE ONLINE.lnk - C:\Program Files\NBC 5 LIVE ONLINE\liveonline_3102752.exe [2/16/2008 2:44:14 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1808A105-5802-4D8A-87B4-3CA66F604728}"= C:\WINDOWS\system32\fccbATjk.dll [06/03/2008 18:57 26496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccbATjk]
fccbATjk.dll 06/03/2008 18:57 26496 C:\WINDOWS\system32\fccbATjk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 03/09/2006 13:46 73728 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkxe32]
winkxe32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL lidfqajl.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^David Cook^Start Menu^Programs^Startup^Deewoo.lnk]
backup=C:\WINDOWS\pss\Deewoo.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^David Cook^Start Menu^Programs^Startup^DW_Start.lnk]
backup=C:\WINDOWS\pss\DW_Start.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12




-- Hosts -----------------------------------------------------------------------

192.168.2.2 HP0017A4280C6D


-- End of Deckard's System Scanner: finished at 2008-06-23 20:30:59 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 82%
Physical Memory (total/avail): 446.98 MiB / 76.3 MiB
Pagefile Memory (total/avail): 1054.18 MiB / 669.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.05 MiB

C: is Fixed (NTFS) - 13.97 GiB total, 1.72 GiB free.
D: is Fixed (NTFS) - 18.62 GiB total, 16.3 GiB free.
E: is Removable (No Media)
F: is CDROM (No Media)
Z: is Network (Unformatted)

\\.\PHYSICALDRIVE0 - HITACHI_DK23EA-40 - 37.26 GiB - 3 partitions
\PARTITION0 - Unknown - 4.66 GiB
\PARTITION1 (bootable) - Installable File System - 13.97 GiB - C:
\PARTITION2 - Installable File System - 18.62 GiB - D:

\\.\PHYSICALDRIVE1 - Memory Stick Slot



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\David Cook\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NANCY
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\David Cook
LOGONSERVER=\\NANCY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Belkin\Belkin Wireless Utility\Unicows;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DAVIDC~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DAVIDC~1\LOCALS~1\Temp
USERDOMAIN=NANCY
USERNAME=David Cook
USERPROFILE=C:\Documents and Settings\David Cook
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

David Cook (admin)
Cameron (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Ad-Aware SE Plus --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
altcompare --> C:\Program Files\altcmd\uninstall.bat
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Belkin Wireless Client Utility --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0DACEA66-186D-4187-80B7-4D28ABBAE59D} /l1033
CA Internet Security Suite --> "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Collin County Community College District E-Schedule with MultiV --> "C:\Program Files\MVReader\CCD-0001\unins000.exe"
DVgate Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\setup.exe"
Experience VAIO --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{36FE914F-1B2B-4D83-B3E1-032A508E9EC4}\setup.exe"
FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Photos Screensaver --> MsiExec.exe /X{A52415E5-CA1E-44DE-9EDC-D412F31D271C}
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Home Office Page for Experience VAIO --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{374E48BA-CBC1-4134-86B9-7A97B0E76B2E}\setup.exe"
HotKey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB311F54-39D6-4A03-8E18-053D1B2833D7}\setup.exe" -l0x9
HP Customer Participation Program 7.0 --> C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0 --> C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
hp LaserJet 1160/1320 series --> MsiExec.exe /x {7F04B272-E0DD-47E7-8B55-D97483DB0EBD}
HP Officejet Pro All-In-One Series --> C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\{7729A02E-D1AD-4830-8FC5-11853500D90D}\setup\hpzscr01.exe -datfile hpwscr05.dat
HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Software Update --> MsiExec.exe /X{90B5E602-1867-449D-86FD-FC9DEA4434BF}
HP Solution Center 7.0 --> C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
ImageStation Tour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28336AFC-722C-4E17-B286-2A7C906183C0}\setup.exe"
InterVideo WinDVD 4 --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
Java 2 Runtime Environment, SE v1.4.0_03 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC1E4C93-C1E7-11D6-9D10-00010240CE95}\Setup.exe" Anytext
Java Web Start --> "C:\Program Files\Java Web Start\uninst-javaws.exe"
Kaspersky Online Scanner --> C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Learning Essentials for Microsoft Office --> MsiExec.exe /I{29CF7EF3-C932-43A3-A19C-EE48D950BE36}
Lexmark 3100 Series --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBRUN5C.EXE -dLexmark 3100 Series
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memory Stick Formatter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Student 2006 DVD --> MsiExec.exe /I{06041881-3E21-46D6-9A91-D927BA08F41D}
Microsoft Student Graphing Calculator --> MsiExec.exe /I{06043840-7A70-4AC6-9340-2EB7E1486914}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft Upgrade Offer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDEAF307-51B7-41FF-8B08-AE646117172E}\setup.exe"
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MoodLogic --> C:\WINDOWS\ml-uninstall-v10.exe
MPM --> MsiExec.exe /X{D48AD533-BAD5-469B-A9AA-272C6D80E70B}
Music Visualizer Library 1.4.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\setup.exe" -l0x9
NBC 5 LIVE ONLINE --> C:\WINDOWS\uninstall.exe "NBC 5 LIVE ONLINE"
OCR Software by I.R.I.S 7.0 --> C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OpenMG Limited Patch 3.2-03-02-21-08 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-02-21-08\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.2-03-02-25-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-02-25-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62F33B80-6244-4A70-A233-0DA13B640364}\Setup.exe" -l0x9 UNINSTALL
PhotoRescue 2.1 Demo Version (build 674) --> "C:\Program Files\PhotoRescue\unins000.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PictureGear Studio 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27C5164D-ED0E-4D64-B788-93305BD62100}\setup.exe"
Quicken 2003 New User Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F61F2821-694C-475F-99AB-6AF2EFDF40FD} anything
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SoftK56 Data Fax CARP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_8158104D\HXFSETUP.EXE -U -IVEN_10B9&DEV_5457&SUBSYS_8158104D
SonicStage 1.5.50 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x9 UNINSTALL
Sony Certificate PCH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony Notebook Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{936FADC9-C609-471A-B6F2-A33E2E660D1A}\setup.exe" -l0x9
Sony on Yahoo! Essentials --> C:\Program Files\Yahoo!\unwise.exe C:\progra~1\yahoo!\install.log
Sony USB Mouse --> Pmuninst.exe MouseSuite98
Sony Utilities DLL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\setup.exe" -l0x9
Sony Video Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
StompSoft Registry Repair --> "C:\WINDOWS\Registry Repair\uninstall.exe" "/U:D:\REGISTRY REPAIR\Uninstall\uninstall.xml"
TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe"
Uniblue Registry Booster --> "C:\Program Files\Uniblue\Registry Booster\unins000.exe"
VAIO DeepSea Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3147661C-2807-49EC-B971-3B0F23D95018}\setup.exe"
VAIO Help and Support --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}
VAIO Media 2.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\setup.exe" -l0x9 UNINSTALL
VAIO Media Music Server 2.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF733005-0F40-11D6-9254-0000F460E7A9}\setup.exe" -l0x9 UNINSTALL
VAIO Media Photo Server 2.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E30D77F-CE1B-4674-8AFB-0DE22E5AC3A8}\setup.exe" -l0x9
VAIO Media Platform 2.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF0DD6E9-F673-4466-8353-70B50A506FD9}\setup.exe"
VAIO Media Redistribution 2.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\setup.exe" -l0x9 UNINSTALL
VAIO Media Setup 2.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CCAC48E4-4B4D-43CB-ABB5-E817E39873B3}\setup.exe" -l0x9
VAIO Registration --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO Support --> "c:\program files\support.com\client\bin\tgfix.exe" /rm /nq
VAIO Survey Standalone --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type15665 / Success
Event Submitted/Written: 06/23/2008 02:10:53 PM
Event ID/Source: 88 / UmxAgent
Event Description:
Sync client C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe registered successfully

Event Record #/Type15664 / Success
Event Submitted/Written: 06/23/2008 02:10:47 PM
Event ID/Source: 88 / UmxAgent
Event Description:
Shell is started at session 0

Event Record #/Type15663 / Success
Event Submitted/Written: 06/23/2008 02:10:47 PM
Event ID/Source: 88 / UmxAgent
Event Description:
explorer.exe started

Event Record #/Type15662 / Success
Event Submitted/Written: 06/23/2008 02:10:47 PM
Event ID/Source: 88 / UmxAgent
Event Description:
explorer.exe started

Event Record #/Type15656 / Success
Event Submitted/Written: 06/23/2008 02:09:45 PM
Event ID/Source: 88 / UmxAgent
Event Description:
Async Process Map: ReadProcessesFromKmxCfg: count=18



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type418 / Error
Event Submitted/Written: 06/23/2008 08:28:04 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The VAIO Media Photo Server service has reported an invalid current state 272.

Event Record #/Type413 / Error
Event Submitted/Written: 06/23/2008 02:29:03 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type410 / Error
Event Submitted/Written: 06/23/2008 02:18:24 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The PC Tools Auxiliary Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type396 / Error
Event Submitted/Written: 06/23/2008 02:14:54 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type391 / Error
Event Submitted/Written: 06/23/2008 02:14:53 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The PC Tools Security Service service hung on starting.



-- End of Deckard's System Scanner: finished at 2008-06-23 20:30:59 ------------

Attached Files


Edited by SifuMike, 25 June 2008 - 10:18 PM.
insert DSS main and extra logs


#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:48 AM

Posted 24 June 2008 - 10:03 AM

Have not ran SDfix you mentioned above. Do you want me to still run it?


Yes.

Edited by SifuMike, 24 June 2008 - 10:05 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 helpcook

helpcook
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 24 June 2008 - 11:38 AM

Had to do the run & paste as well as checked enviromental check which was ok. The command promt just flashes under checking running processes and services. Please advise.

#9 helpcook

helpcook
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 24 June 2008 - 11:52 AM

Spoke too quick. It is running!

#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:48 AM

Posted 24 June 2008 - 12:35 PM

Please be patient and follow the instructions.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 helpcook

helpcook
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 24 June 2008 - 11:35 PM

Couldn't send reports in Normal mode. Computer hangs up when trying to connect to bleeping computer. Had to reboot to safe mode with networking to send reports as follows.

David

SDFix: Version 1.196
Run by David Cook on Tue 06/24/2008 at 20:18

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\fccbATjk.dll - Deleted
C:\WINDOWS\system32\fccbATjk.dll - Deleted
C:\WINDOWS\megavid.cdt - Deleted
C:\WINDOWS\muotr.so - Deleted
C:\WINDOWS\system32\hljwugsf.bin - Deleted



Folder C:\WINDOWS\system32\vntiho01 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 21:14:05
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 18 Apr 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 25 Jun 2007 11,461 ...H. --- "C:\Documents and Settings\David Cook\My Documents\~WRL2004.tmp"
Thu 7 Feb 2008 23,454,528 A..H. --- "C:\Documents and Settings\All Users\Application Data\Google Updater\cache\BIT21.tmp"

Finished!

Attached Files


Edited by SifuMike, 25 June 2008 - 10:22 PM.
inserted SDFix report


#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:48 AM

Posted 24 June 2008 - 11:50 PM

Hi David,


I (as well as MicroSoft, McAfee and Symantec) recommend that you DO NOT have more than one anti virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".

It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection.

In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove one of these.
CA Antivirus or Mc Afee Antivirus


We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
 It is intended by its creator to be used under the guidance and supervision of an expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


You need to disable your CA Anti-Virus or McAfee Antivirus (depending on which one you removed previously) before running ComboFix, as it will prevent it from running.


Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop.

 When following the instructions install the Windows XP Recovery Console if you are using XP. <== IMPORTANT  It is our safety net.
It is a simple procedure that will only take a few moments of your time.


You DO NOT need to have the Windows CD to install Recovery Console!

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.


We need Recovery Console because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged.
Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read  here   what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

A caution -
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post the ComboFix log.

Edited by SifuMike, 24 June 2008 - 11:50 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 helpcook

helpcook
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 25 June 2008 - 08:14 AM

I had previously removed McAfee. I did a file scan for it and found McAfee.com in Progam files, but to my knowledge the software has been removed from the add/remove software icon, etc.

After I drug the Windows XP icon over the ComboFix icon I got a blue screened box with the following message.

'GREP.cfexe' is not recognized as an internal or external command, operable program or batch file. The command prompt or cursor is blinking.

What should I do now?

David

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:48 AM

Posted 25 June 2008 - 02:07 PM

Hi David,

I had previously removed McAfee.

There is still parts of McAfee lingering in your log.

How to uninstall supported McAfee consumer products using the McAfee Consumer Products Removal tool (MCPR.exe)

Summary: This document explains how to remove McAfee Consumer products using the McAfee Consumer Products Removal tool. This option should only be used as an alternative if you cannot remove your McAfee product through the normal Add/Remove Programs.

Affected Products:
McAfee Security Center
McAfee VirusScan
McAfee Personal Firewall Plus
McAfee Privacy Service
McAfee SpamKiller
McAfee Wireless Network Security
McAfee SiteAdvisor
McAfee Data Backup
McAfee Network Manager
McAfee Easy Network
McAfee AntiSpyware
Affected Operating Systems:
Microsoft Windows 2000 Professional
Microsoft Windows XP Professional
Microsoft Windows XP Home
Microsoft Windows Vista

NOTE: This tool is not compatible with Microsoft Windows 98 or ME.

Description
Running the McAfee Consumer Product Removal tool (MCPR.exe) removes all 2005, 2006, and 2007 versions of McAfee consumer products.

Solution
Download and run the McAfee Removal tool

NOTE: Always be sure to uninstall your McAfee product through Add/Remove Programs, first. The following steps should only be taken if uninstalling through Add/Remove Programs has failed.

Download the removal tool from http://download.mcafee.com/products/licens...atches/MCPR.exe.
Click Save and save the file to any folder on the computer.
Navigate to the folder where the file is saved.
Make sure all McAfee application windows are closed.
Double-click MCPR.exe and the removal tool will start automatically.
Note: Windows Vista users must right-click and select Run as Administrator.
Once the removal tool is finished, you will be prompted to restart your computer. If you choose to restart later, your McAfee product will not be fully removed until you do.
Wait for the computer to restart.

**********************

After I drug the Windows XP icon over the ComboFix icon I got a blue screened box with the following message.

'GREP.cfexe' is not recognized as an internal or external command, operable program or batch file. The command prompt or cursor is blinking.


Sounds like your antivirus program is preventing that file from loading.

Did you disable your CA Anti-Virus (and any antimalware tools) before running ComboFix? They it will prevent it from running.

Edited by SifuMike, 25 June 2008 - 02:24 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 helpcook

helpcook
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 25 June 2008 - 07:20 PM

Hello again:

Did McAfee uninstall as you requested. Did Recovery Console & Combo Fix as well. Can't sign on to bleeping computer in normal mode. Never connects, just hangs. Had to reboot to safe mode with networking to send you this update. Combo Fix log as follows:

Thanks,

David

ComboFix 08-06-20.4 - David Cook 2008-06-25 14:27:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.113 [GMT -6:00]
Running from: C:\Documents and Settings\David Cook\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\David Cook\Desktop\winxpsp1_en_hom_bf.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM8b58fbad.xml
C:\WINDOWS\Downloaded Program Files\Quarantine
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\g32.txt
C:\WINDOWS\mainms.vpi
C:\WINDOWS\portsv.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\3591\23926.dll
C:\WINDOWS\system32\BdffLRqr.ini
C:\WINDOWS\system32\BdffLRqr.ini2
C:\WINDOWS\system32\bvedulsw.ini
C:\WINDOWS\system32\bvxqtafx.dll
C:\WINDOWS\system32\CKlVxyxx.ini
C:\WINDOWS\system32\CKlVxyxx.ini2
C:\WINDOWS\system32\clhvwgfw.dll
C:\WINDOWS\system32\cppflplb.ini
C:\WINDOWS\system32\csupcsoe.dll
C:\WINDOWS\system32\cxqihwpo.ini
C:\WINDOWS\system32\ddcCUmJD.dll
C:\WINDOWS\system32\DJmUCcdd.ini
C:\WINDOWS\system32\DJmUCcdd.ini2
C:\WINDOWS\system32\dwgklmjm.dll
C:\WINDOWS\system32\ehkUuBeg.ini
C:\WINDOWS\system32\ehkUuBeg.ini2
C:\WINDOWS\system32\eslbsgmf.dll
C:\WINDOWS\system32\fftoiaaw.dll
C:\WINDOWS\system32\fMmVyyay.ini
C:\WINDOWS\system32\fMmVyyay.ini2
C:\WINDOWS\system32\g64.exe
C:\WINDOWS\system32\goetdips.dll
C:\WINDOWS\system32\grmqelwf.dll
C:\WINDOWS\system32\hkosslrj.dll
C:\WINDOWS\system32\HQpsDcdd.ini
C:\WINDOWS\system32\HQpsDcdd.ini2
C:\WINDOWS\system32\JPYxGfhk.ini
C:\WINDOWS\system32\JPYxGfhk.ini2
C:\WINDOWS\system32\keomtqtx.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MlTwaGgh.ini
C:\WINDOWS\system32\MlTwaGgh.ini2
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\psievfyv.dll
C:\WINDOWS\system32\pyxuiqos.dll
C:\WINDOWS\system32\qqvwgjnf.dll
C:\WINDOWS\system32\rjfdfijo.dll
C:\WINDOWS\system32\sdvahwni.dll
C:\WINDOWS\system32\vEfNnnmp.ini
C:\WINDOWS\system32\vEfNnnmp.ini2
C:\WINDOWS\system32\vlghaawh.dll
C:\WINDOWS\system32\VyxbHggh.ini
C:\WINDOWS\system32\VyxbHggh.ini2
C:\WINDOWS\system32\win
C:\WINDOWS\system32\win\cult.exe
C:\WINDOWS\system32\win\dlcl.edp
C:\WINDOWS\system32\win\ffe.e
C:\WINDOWS\system32\win\ger.exe
C:\WINDOWS\system32\win\w.e
C:\WINDOWS\system32\wnsapisv.exe
C:\WINDOWS\system32\xnsukwfq.dll
C:\WINDOWS\system32\xxHNoUvw.ini
C:\WINDOWS\system32\xxHNoUvw.ini2
C:\WINDOWS\system32\yoyfeigt.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TNIDRIVER
-------\Service_TnIDriver
-------\Legacy_PlugPlayRPC
-------\Service_PlugPlayRPC


((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.

2008-06-24 19:56 . 2008-06-24 19:56 101,728 --a------ C:\WINDOWS\system32\fnipthld.dll
2008-06-24 19:56 . 2008-06-24 19:56 84,864 --a------ C:\WINDOWS\system32\wsludevb.dll
2008-06-24 19:53 . 2008-06-24 19:53 91,488 --a------ C:\WINDOWS\system32\kjdfnbeg.dll
2008-06-24 10:13 . 2008-06-24 10:13 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-24 10:06 . 2008-06-24 21:18 <DIR> d-------- C:\SDFix
2008-06-23 20:40 . 2008-06-23 20:40 25,488 --a------ C:\WINDOWS\system32\qoMdARHw.dll
2008-06-23 20:40 . 2008-06-23 20:40 25,488 --a------ C:\WINDOWS\system32\ljJYRHXR.dll
2008-06-23 20:24 . 2008-06-23 20:24 <DIR> d-------- C:\Deckard
2008-06-23 15:00 . 2008-06-23 15:00 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-23 15:00 . 2008-06-23 15:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-23 13:56 . 2008-06-23 13:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-23 13:38 . 2008-06-23 13:38 107,872 --a------ C:\WINDOWS\system32\lidfqajl.dll
2008-06-23 13:35 . 2008-06-23 13:35 91,488 --a------ C:\WINDOWS\system32\mtgixpxw.dll
2008-06-23 13:35 . 2008-06-23 13:35 84,848 --a------ C:\WINDOWS\system32\blplfppc.dll
2008-06-22 13:55 . 2008-06-22 13:57 <DIR> d-------- C:\Program Files\CCleaner
2008-06-21 16:06 . 2008-06-21 16:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-21 16:06 . 2008-06-21 16:06 <DIR> d-------- C:\Documents and Settings\David Cook\Application Data\Malwarebytes
2008-06-21 16:06 . 2008-06-21 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-21 16:06 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-21 16:06 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-21 14:47 . 2008-06-21 14:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-21 09:35 . 2008-06-21 09:35 101,728 --a------ C:\WINDOWS\system32\tnqpflto.dll
2008-06-21 09:34 . 2008-06-21 09:34 90,464 --a------ C:\WINDOWS\system32\qjceypli.dll
2008-06-18 13:11 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-18 13:11 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-18 13:11 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-18 13:11 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-18 13:10 . 2008-06-21 09:52 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-18 13:10 . 2008-06-18 13:10 <DIR> d-------- C:\Documents and Settings\David Cook\Application Data\PC Tools
2008-06-12 09:51 . 2008-06-13 16:10 <DIR> d-------- C:\Program Files\altcmd
2008-06-12 09:51 . 2008-06-12 09:51 163,840 --a------ C:\WINDOWS\system32\2q4w4e.exe
2008-06-10 14:55 . 2008-06-25 15:10 116,748 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2008-06-10 14:55 . 2008-06-25 15:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2008-06-10 14:55 . 2008-06-25 15:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2008-06-10 14:55 . 2008-06-25 15:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2008-06-10 14:55 . 2008-06-25 15:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2008-06-10 14:55 . 2008-06-25 15:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2008-06-10 14:55 . 2008-06-25 15:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2008-06-10 14:55 . 2008-06-25 15:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2008-06-08 00:57 . 2008-06-22 14:16 3,418 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-08 00:56 . 2008-06-10 13:47 <DIR> d-------- C:\Documents and Settings\David Cook\SmitfraudFix
2008-06-04 14:33 . 2008-06-11 15:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-04 14:33 . 2008-06-04 14:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-04 11:34 . 2008-06-04 11:33 880,560 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2008-06-04 11:34 . 2008-06-04 11:33 108,368 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2008-06-04 05:30 . 2008-06-04 05:30 <DIR> d-------- C:\Documents and Settings\David Cook\Application Data\TrojanHunter
2008-06-04 05:19 . 2008-06-25 18:02 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-06-04 05:19 . 2008-06-04 05:22 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-06-03 23:37 . 2007-08-20 13:42 99,592 --a------ C:\WINDOWS\system32\isafeif.dll
2008-06-03 23:37 . 2007-08-20 13:42 79,424 --a------ C:\WINDOWS\system32\vetredir.dll
2008-06-03 23:37 . 2007-08-20 13:42 75,016 --a------ C:\WINDOWS\system32\isafprod.dll
2008-06-03 23:37 . 2007-08-20 13:42 32,264 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-06-03 23:37 . 2007-08-20 13:42 26,376 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2008-06-03 23:37 . 2007-08-20 13:42 21,512 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-06-03 23:37 . 2007-08-20 13:42 21,128 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2008-06-03 17:50 . 2008-06-03 17:50 13,942 --a------ C:\WINDOWS\system32\iphone-011.ico
2008-06-03 14:34 . 2008-06-25 14:58 <DIR> d-------- C:\WINDOWS\system32\3591
2008-06-03 13:34 . 2008-06-03 13:34 <DIR> d-------- C:\WINDOWS\system32\Vco1
2008-06-03 13:34 . 2008-06-04 13:38 <DIR> d-------- C:\WINDOWS\system32\sTMP
2008-06-03 13:34 . 2008-06-03 20:54 <DIR> d-------- C:\WINDOWS\system32\Dev3
2008-06-03 13:34 . 2008-06-18 11:19 <DIR> d-------- C:\WINDOWS\system32\a053
2008-06-03 13:34 . 2008-06-03 20:54 <DIR> d-------- C:\WINDOWS\system32\6026c

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 03:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-23 20:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-22 19:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-17 16:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-06-04 05:15 --------- d-----w C:\Program Files\CA
2008-06-04 03:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\CA
2008-06-04 01:05 --------- d-----w C:\Program Files\Uniblue
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44ac668e-aca1-416f-b256-f195913733d3}]
2008-06-21 09:35 101728 --a------ C:\WINDOWS\System32\tnqpflto.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d017d90d-e356-40d8-8840-a833f26b4de6}]
2008-06-24 19:56 101728 --a------ C:\WINDOWS\System32\fnipthld.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 15:08 67160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [2003-03-18 16:49 4608 C:\WINDOWS\system32\carpserv.exe]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-02-27 12:04 114688]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-03-25 17:00 319488]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 17:46 45056 C:\WINDOWS\system32\ico.exe]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 23:08 28672]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 11:29 40960]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2003-03-17 10:00 81920]
"ZTgServerSwitch"="c:\program files\support.com\client\lserver\server.vbs" [2003-04-08 13:16 11750]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54 282624]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe" [2004-10-12 10:14 538112]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 18:05 257088]
"Mskexe"="c:\program files\mcafee\spamkiller\spamkiller.exe" [ ]
"HostManager"="C:\Program Files\Common Files\AOL\1090975203\ee\AOLHostManager.exe" [ ]
"BM8b58fbad"="C:\WINDOWS\System32\kjdfnbeg.dll" [2008-06-24 19:53 91488]

C:\Documents and Settings\David Cook\Start Menu\Programs\Startup\
NBC 5 LIVE ONLINE.lnk - C:\Program Files\NBC 5 LIVE ONLINE\liveonline_3102752.exe [2008-02-16 14:44:14 454656]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2006-03-09 13:46 73728 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkxe32]
winkxe32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL lidfqajl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
path=
backup=

[HKLM\~\startupfolder\C:^Documents and Settings^David Cook^Start Menu^Programs^Startup^Deewoo.lnk]
backup=C:\WINDOWS\pss\Deewoo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^David Cook^Start Menu^Programs^Startup^DW_Start.lnk]
backup=C:\WINDOWS\pss\DW_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2005-08-05 15:08 67160 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-03-14 18:05 257088 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

R0 KmxStart;KmxStart;C:\WINDOWS\System32\DRIVERS\kmxstart.sys [2007-10-18 10:24]
R1 KmxAgent;KmxAgent;C:\WINDOWS\System32\DRIVERS\kmxagent.sys [2007-05-18 13:30]
R1 KmxFile;KmxFile;C:\WINDOWS\System32\DRIVERS\KmxFile.sys [2007-05-18 13:30]
R1 KmxFw;KmxFw;C:\WINDOWS\System32\DRIVERS\kmxfw.sys [2007-10-18 14:21]
R2 ANISERVICE;Airgo Networks NIC Service;C:\WINDOWS\System32\aniServ.exe [2004-08-11 12:00]
R2 KmxCF;KmxCF;C:\WINDOWS\System32\DRIVERS\KmxCF.sys [2007-10-18 10:24]
R2 KmxSbx;KmxSbx;C:\WINDOWS\System32\DRIVERS\KmxSbx.sys [2007-11-02 12:09]
R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" [2007-10-18 10:24]
R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" [2007-10-18 10:24]
R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe" [2007-05-18 13:30]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]
R3 KmxCfg;KmxCfg;C:\WINDOWS\System32\DRIVERS\kmxcfg.sys [2007-09-13 15:15]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.
Contents of the 'Scheduled Tasks' folder
"2008-06-17 20:29:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-04 05:16:37 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as David Cook at 9 25 PM.job"
- C:\Program Files\CA\eTrust PestPatrol\CAAntiSpyware.ex
- C:\Program Files\CA\eTrust PestPatrol\
"2008-06-02 13:08:23 C:\WINDOWS\Tasks\PPv5Scan_Daily as David Cook at 2 00 AM.job"
- C:\Program Files\CA\eTrust PestPatrol\ppv5consumercl.exe
"2004-03-12 17:48:59 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2007-09-16 15:13:28 C:\WINDOWS\Tasks\Registry Repair4.job"
- D:\REGISTRY REPAIR\Registry Repair.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 17:58:13
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\System32\kjdfnbeg.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-06-25 18:07:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-26 00:06:39

Pre-Run: 1,632,776,192 bytes free
Post-Run: 1,562,914,816 bytes free

winxpsp1_en_hom_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

284 --- E O F --- 2008-05-12 14:46:13

Attached Files


Edited by SifuMike, 25 June 2008 - 08:50 PM.
inserted combofix log





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users