Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Xp Antivirus 2008 Pro


  • This topic is locked This topic is locked
6 replies to this topic

#1 mld338

mld338

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 03 July 2008 - 07:41 PM

Hello,

Two days ago my computer became infected with XP AntiVirus 2008 Pro. My desktop has the "Warning! Spyware detected on your computer!" message and will not change. Aside from the desktop issues, I had many popups, my Internet Explorer continullay redirected me to other random websites, and my Firefox browser would not open.

I was finally able to update my spyware definitions and removed the malware. Unfortunately, my desktop still has the same message, my internet explorer still redirects me, and Firefox will still not open. I'm typing this from another computer as the infected one cannot use the internet. I have also suffered periodic blue screens of death. They flash so quickly that I do not have time to read the error message. Subsequently, the computer is forced into restarting.

I really would appreciate any help you could provide

-Mike


Deckard's System Scanner v20071014.68
Run by Michael DiBiase on 2008-07-03 20:19:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Michael DiBiase.exe) -------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-03 20:19:51
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE
C:\Program Files\Network Associates\VirusScan\shstat.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Michael DiBiase\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: (no name) - {B7A7BEBE-10D3-4D4F-8300-6854DE4D8CDC} - C:\WINDOWS\system32\iifecyvW.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [StatusClient] "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" /auto
O4 - HKLM\..\Run: [TomcatStartup] "C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\system32\WRLogonNTF.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: MobilePre Installer (MobilePreInstallerService) - M-Audio - C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\hphipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe


--
End of file - 9158 bytes

-- Files created between 2008-06-03 and 2008-07-03 -----------------------------

2008-07-03 00:41:20 0 d-------- C:\Documents and Settings\Michael DiBiase\Application Data\SUPERAntiSpyware.com
2008-07-02 23:05:13 0 d-------- C:\VundoFix Backups
2008-07-02 21:22:59 0 d-------- C:\Documents and Settings\Administrator.MIKE\Application Data\SUPERAntiSpyware.com
2008-07-02 17:58:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-02 17:57:40 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-02 16:53:16 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-02 16:53:15 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-02 16:53:14 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-02 16:53:14 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-02 16:53:12 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-02 16:53:10 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-02 16:53:07 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-02 16:53:04 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-02 16:42:29 0 d-------- C:\KAV
2008-07-02 16:03:37 91520 --a------ C:\WINDOWS\system32\wkbqiljj.dll
2008-07-02 00:23:27 0 d-------- C:\Program Files\Alwil Software
2008-07-01 22:34:09 3632 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-01 22:07:55 1477906 --a------ C:\SmitfraudFix.exe <SMITFR~1.EXE>
2008-07-01 20:20:58 0 d-------- C:\Documents and Settings\Michael DiBiase\Application Data\shcl4dj0e13e
2008-07-01 20:20:30 0 d-------- C:\Program Files\shcl4dj0e13e
2008-07-01 18:14:20 0 d-------- C:\Program Files\Spyware Doctor
2008-07-01 18:14:20 0 d-------- C:\Documents and Settings\Michael DiBiase\Application Data\PC Tools
2008-07-01 15:27:38 0 d--h----- C:\$AVG8.VAULT$
2008-07-01 15:21:56 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-01 15:21:32 0 d-------- C:\Program Files\AVG
2008-07-01 15:13:07 0 --a------ C:\WINDOWS\system32\blphcj4dj0e13e.scr
2008-07-01 14:31:18 0 d-------- C:\Documents and Settings\Administrator.MIKE\Application Data\AVGTOOLBAR
2008-07-01 12:57:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-07-01 12:48:32 0 d-------- C:\Program Files\Lavasoft
2008-07-01 12:48:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-01 12:21:19 0 d-------- C:\Program Files\Common Files\Scanner
2008-07-01 12:20:59 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-07-01 12:20:57 0 d-------- C:\Program Files\CA
2008-07-01 11:17:32 0 d-------- C:\Documents and Settings\Michael DiBiase\Application Data\AVGTOOLBAR
2008-07-01 11:00:58 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-01 11:00:29 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-01 09:44:11 91520 --a------ C:\WINDOWS\system32\ilpftjbe.dll
2008-07-01 01:00:32 0 d-------- C:\Program Files\Enigma Software Group
2008-07-01 00:35:28 91520 --a------ C:\WINDOWS\system32\akktvihk.dll
2008-07-01 00:04:57 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-30 23:59:46 0 d-------- C:\Program Files\RogueRemover FREE
2008-06-30 23:50:56 0 d-------- C:\Documents and Settings\Administrator.MIKE\Application Data\Macromedia
2008-06-30 23:50:55 0 d-------- C:\Documents and Settings\Administrator.MIKE\Application Data\Adobe
2008-06-30 23:06:23 0 dr------- C:\Documents and Settings\Administrator.MIKE\Favorites
2008-06-30 23:06:23 0 d-------- C:\Documents and Settings\Administrator.MIKE\Desktop
2008-06-30 23:06:23 0 d---s---- C:\Documents and Settings\Administrator.MIKE\Cookies
2008-06-30 23:06:23 0 dr-h----- C:\Documents and Settings\Administrator.MIKE\Application Data
2008-06-30 23:06:23 0 d-------- C:\Documents and Settings\Administrator.MIKE\Application Data\Symantec
2008-06-30 23:06:23 0 d---s---- C:\Documents and Settings\Administrator.MIKE\Application Data\Microsoft
2008-06-30 23:06:23 0 d-------- C:\Documents and Settings\Administrator.MIKE\Application Data\Identities
2008-06-30 23:06:23 0 d-------- C:\Documents and Settings\Administrator.MIKE\Application Data\Apple Computer
2008-06-30 23:06:22 0 d--h----- C:\Documents and Settings\Administrator.MIKE\NetHood
2008-06-30 23:06:22 0 dr------- C:\Documents and Settings\Administrator.MIKE\My Documents
2008-06-30 23:06:22 0 d--h----- C:\Documents and Settings\Administrator.MIKE\Local Settings
2008-06-30 23:06:21 0 d--h----- C:\Documents and Settings\Administrator.MIKE\Templates
2008-06-30 23:06:21 0 dr------- C:\Documents and Settings\Administrator.MIKE\Start Menu
2008-06-30 23:06:21 0 dr-h----- C:\Documents and Settings\Administrator.MIKE\SendTo
2008-06-30 23:06:21 0 dr-h----- C:\Documents and Settings\Administrator.MIKE\Recent
2008-06-30 23:06:21 0 d--h----- C:\Documents and Settings\Administrator.MIKE\PrintHood
2008-06-30 23:06:19 786432 --a------ C:\Documents and Settings\Administrator.MIKE\NTUSER.DAT
2008-06-30 22:52:20 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-30 22:52:20 0 d-------- C:\Documents and Settings\Administrator\Cookies
2008-06-30 22:52:20 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-06-30 22:52:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-30 22:52:19 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-06-30 22:52:19 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2008-06-30 22:52:18 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-30 22:33:44 4718592 --a------ C:\Documents and Settings\Michael DiBiase\NTUSER.DAT
2008-06-30 22:33:42 233472 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-06-30 22:27:31 10240 --a------ C:\WINDOWS\system32\beep.sys
2008-06-30 22:24:26 0 d-------- C:\Documents and Settings\Michael DiBiase\Application Data\rhcn4dj0e13e
2008-06-30 22:23:53 0 d-------- C:\Program Files\rhcn4dj0e13e
2008-06-30 22:23:28 109056 --a------ C:\WINDOWS\system32\lphcj4dj0e13e.exe
2008-06-30 21:11:08 0 d-------- C:\Program Files\Diablo II +++
2008-06-23 11:26:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-07-01 12:21:19 0 d-------- C:\Program Files\Common Files
2008-06-30 23:43:24 0 d-------- C:\Program Files\x264
2008-06-30 22:07:42 21840 --a----ct C:\WINDOWS\system32\SIntfNT.dll
2008-06-30 22:07:42 17212 --a----ct C:\WINDOWS\system32\SIntf32.dll
2008-06-30 22:07:42 12067 --a----ct C:\WINDOWS\system32\SIntf16.dll
2008-06-30 21:25:03 0 d-------- C:\Program Files\Ruckus Player
2008-06-30 21:25:03 0 d-------- C:\Program Files\MSN Encarta Plus
2008-06-30 21:25:02 0 d-------- C:\Program Files\Messenger
2008-06-30 20:33:03 0 d-------- C:\Program Files\DivX
2008-06-30 20:33:02 0 d-------- C:\Program Files\Apoint2K
2008-06-30 20:33:01 0 d-------- C:\Program Files\AIM
2008-06-30 18:40:28 0 d-------- C:\Program Files\Java
2008-06-23 11:26:11 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-23 11:24:31 0 d-------- C:\Documents and Settings\Michael DiBiase\Application Data\AdobeUM
2008-06-01 23:28:14 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-30 18:27:10 0 d-------- C:\Documents and Settings\Michael DiBiase\Application Data\Ruckus Network
2008-04-06 13:42:19 45056 --a------ C:\WINDOWS\NCUNINST.EXE <Not Verified; Northern Codeworks; Uninstall>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/01/2008 03:21 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7A7BEBE-10D3-4D4F-8300-6854DE4D8CDC}]
C:\WINDOWS\system32\iifecyvW.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/01/2008 03:21 PM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.exe" [07/08/2003 03:00 AM]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [08/18/2004 09:00 AM]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [10/07/2003 10:48 AM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/17/2005 02:11 AM]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [03/29/2005 05:45 PM]
"@"="" []
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [12/16/2002 04:51 PM]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [03/31/2003 07:28 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [07/31/2007 01:13 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" []
"MtdAcqu"="C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [4/7/2008 6:45:05 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispScrSavPage"=1 (0x1)
"NoDispBackgroundPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\iifecyvW

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5c209a97]
rundll32.exe "C:\WINDOWS\system32\ilpftjbe.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
"C:\Program Files\Apoint2K\Apoint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1143498087\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
C:\WINDOWS\system32\hphmon04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
"C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
"C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcj4dj0e13e]
C:\WINDOWS\system32\lphcj4dj0e13e.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
"C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
"C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcn4dj0e13e]
"C:\Program Files\rhcn4dj0e13e\rhcn4dj0e13e.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMshcl4dj0e13e]
C:\Program Files\shcl4dj0e13e\shcl4dj0e13e.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f206fe64-a1bb-11db-b8e0-000f66458533}]
AutoRun\command- E:\setupSNK.exe

*Newly Created Service* - ENTDRV51



-- End of Deckard's System Scanner: finished at 2008-07-03 20:21:11 ------------

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:56 PM

Posted 04 July 2008 - 07:44 AM

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 mld338

mld338
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 04 July 2008 - 09:07 AM

Eureka! My computer is running much better now. I have my desktop back, and I now have functioning internet. You are the greatest! Here is my Combofix Log and HiJack This Log in case anything else needs to be cleaned up.

Thank you so much!

Combofix Log:

ComboFix 08-07-03.5 - Michael DiBiase 2008-07-04 9:40:34.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1533 [GMT -4:00]
Running from: C:\Documents and Settings\Michael DiBiase\Desktop\Caught.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008.lnk
C:\Documents and Settings\Michael DiBiase\Application Data\rhcn4dj0e13e
C:\Documents and Settings\Michael DiBiase\Application Data\shcl4dj0e13e
C:\Program Files\rhcn4dj0e13e
C:\Program Files\shcl4dj0e13e
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\2.tmp
C:\WINDOWS\system32\3.tmp
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\system32\A.tmp
C:\WINDOWS\system32\akktvihk.dll
C:\WINDOWS\system32\B.tmp
C:\WINDOWS\system32\blphcj4dj0e13e.scr.vir
C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\ebjtfpli.ini
C:\WINDOWS\system32\Hphc3204.dll
C:\WINDOWS\system32\ilpftjbe.dll
C:\WINDOWS\system32\jjliqbkw.ini
C:\WINDOWS\system32\khivtkka.ini
C:\WINDOWS\system32\lphcj4dj0e13e.exe
C:\WINDOWS\system32\phcj4dj0e13e.bmp
C:\WINDOWS\system32\wkbqiljj.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER


((((((((((((((((((((((((( Files Created from 2008-06-04 to 2008-07-04 )))))))))))))))))))))))))))))))
.

2008-07-03 20:07 . 2008-07-03 20:07 <DIR> d-------- C:\Deckard
2008-07-03 00:41 . 2008-07-03 16:00 <DIR> d-------- C:\Documents and Settings\Michael DiBiase\Application Data\SUPERAntiSpyware.com
2008-07-02 23:05 . 2008-07-02 23:05 <DIR> d-------- C:\VundoFix Backups
2008-07-02 21:22 . 2008-07-02 21:22 <DIR> d-------- C:\Documents and Settings\Administrator.MIKE\Application Data\SUPERAntiSpyware.com
2008-07-02 17:58 . 2008-07-02 17:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-02 17:57 . 2008-07-03 16:00 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-02 16:53 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-02 16:53 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-02 16:53 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-02 16:53 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-02 16:53 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-02 16:53 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-02 16:53 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-02 16:53 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-02 16:53 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-02 16:42 . 2008-07-02 16:42 <DIR> d-------- C:\KAV
2008-07-02 00:23 . 2008-07-02 00:23 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-01 22:34 . 2008-07-02 17:06 3,632 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-01 22:07 . 2008-07-01 21:44 1,477,906 --a------ C:\SmitfraudFix.exe
2008-07-01 21:47 . 2008-07-01 21:47 0 --a------ C:\WINDOWS\system32\4.tmp
2008-07-01 18:14 . 2008-07-01 18:26 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-07-01 18:14 . 2008-07-01 18:14 <DIR> d-------- C:\Documents and Settings\Michael DiBiase\Application Data\PC Tools
2008-07-01 18:14 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-07-01 18:14 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-07-01 18:14 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-07-01 18:14 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-07-01 15:27 . 2008-07-01 15:27 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-01 15:22 . 2008-07-01 15:22 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-01 15:22 . 2008-07-01 15:22 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-01 15:21 . 2008-07-03 15:34 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-01 15:21 . 2008-07-01 15:21 <DIR> d-------- C:\Program Files\AVG
2008-07-01 14:31 . 2008-07-01 14:31 <DIR> d-------- C:\Documents and Settings\Administrator.MIKE\Application Data\AVGTOOLBAR
2008-07-01 12:57 . 2008-07-03 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-07-01 12:48 . 2008-07-01 12:48 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-01 12:48 . 2008-07-01 12:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-01 12:42 . 2008-07-01 13:08 94,208 --a------ C:\WINDOWS\system32\15.tmp
2008-07-01 12:29 . 2008-07-01 12:29 0 --a------ C:\WINDOWS\system32\C.tmp
2008-07-01 12:21 . 2008-07-01 12:21 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-07-01 12:21 . 2007-08-01 13:10 250,544 --a------ C:\WINDOWS\system32\KeyHelp.ocx
2008-07-01 12:20 . 2008-07-01 12:36 <DIR> d-------- C:\Program Files\CA
2008-07-01 12:20 . 2008-07-01 12:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-07-01 12:14 . 2008-07-01 12:14 <DIR> d-------- C:\Documents and Settings\ADMINI~1~MIK\LOCALS~1
2008-07-01 12:14 . 2008-07-01 12:14 <DIR> d-------- C:\Documents and Settings\ADMINI~1~MIK
2008-07-01 11:17 . 2008-07-01 23:59 <DIR> d-------- C:\Documents and Settings\Michael DiBiase\Application Data\AVGTOOLBAR
2008-07-01 11:00 . 2008-07-01 11:00 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-01 11:00 . 2008-07-03 16:22 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-01 11:00 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-07-01 01:00 . 2008-07-02 00:22 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-01 00:31 . 2008-07-01 00:31 94,208 --a------ C:\WINDOWS\system32\13.tmp
2008-07-01 00:12 . 2008-07-01 00:12 0 --a------ C:\WINDOWS\system32\14.tmp
2008-07-01 00:04 . 2008-07-03 16:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-30 23:59 . 2008-07-02 16:29 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-06-30 23:06 . 2005-08-18 07:40 <DIR> d-------- C:\Documents and Settings\Administrator.MIKE\Application Data\Symantec
2008-06-30 23:06 . 2005-08-18 07:37 <DIR> d-------- C:\Documents and Settings\Administrator.MIKE\Application Data\Apple Computer
2008-06-30 23:06 . 2008-07-01 12:57 <DIR> d-------- C:\Documents and Settings\Administrator.MIKE
2008-06-30 22:52 . 2008-06-30 22:58 <DIR> d---s---- C:\Documents and Settings\Administrator
2008-06-30 22:27 . 2008-06-30 22:27 10,240 --a------ C:\WINDOWS\system32\beep.sys
2008-06-30 22:25 . 2008-06-30 23:22 94,208 --a------ C:\WINDOWS\system32\12.tmp
2008-06-30 22:25 . 2008-06-30 23:22 94,208 --a------ C:\WINDOWS\system32\11.tmp
2008-06-30 21:11 . 2008-06-30 22:20 <DIR> d-------- C:\Program Files\Diablo II +++
2008-06-11 11:50 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 11:50 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 03:43 --------- d-----w C:\Program Files\x264
2008-07-01 01:25 --------- d-----w C:\Program Files\Ruckus Player
2008-07-01 01:25 --------- d-----w C:\Program Files\MSN Encarta Plus
2008-07-01 00:33 --------- d-----w C:\Program Files\DivX
2008-07-01 00:33 --------- d-----w C:\Program Files\Apoint2K
2008-07-01 00:33 --------- d-----w C:\Program Files\AIM
2008-06-30 22:40 --------- d-----w C:\Program Files\Java
2008-06-23 15:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-23 15:24 --------- d-----w C:\Documents and Settings\Michael DiBiase\Application Data\AdobeUM
2008-05-30 22:27 --------- d-----w C:\Documents and Settings\Michael DiBiase\Application Data\Ruckus Network
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-06 17:42 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2006-10-11 02:50 3,134 -c--a-w C:\Documents and Settings\Michael DiBiase\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 03:00 99840]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 09:00 94208]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 10:48 147514]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11 49152]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-03-29 17:45 233534]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 19:28 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-07-31 13:13 181512]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2008-04-07 18:45:05 36864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2005-08-05 15:08 67160 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2005-02-08 12:38 159744 C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-06-21 00:15 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2008-07-01 15:21 1177368 C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2006-01-06 15:07 188416 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
--a------ 2006-01-06 15:07 348160 C:\WINDOWS\system32\hphmon04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2005-05-04 13:59 794624 C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2004-10-13 19:04 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a--c--- 2004-10-14 16:54 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
--a--c--- 2005-11-09 15:32 91136 C:\WINDOWS\system32\M-AudioTaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
--a------ 2006-11-17 04:06 136768 C:\Program Files\Network Associates\Common Framework\UdaterUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a--c--- 2005-04-13 06:12 88209 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a--c--- 2005-07-23 00:25 28160 C:\WINDOWS\KHALMNPR.Exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Ruckus Player\\Ruckus.exe"=
"C:\\Program Files\\SPSSInc\\SPSS16GP\\spss.exe"=
"C:\\Program Files\\SPSSInc\\SPSS16GP\\SPSSWinWrapIDE.exe"=
"C:\\Program Files\\SPSSInc\\SPSS16GP\\spss.com"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-01 15:22]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-01 15:21]
R2 MobilePreInstallerService;MobilePre Installer;C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe [2005-06-15 14:00]
R2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 13:29]
R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]
R3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" [2007-08-01 13:10]
S3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2006-02-25 17:01]
S3 iLokDrvr;iLok;C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys [2005-12-21 16:59]
S3 ma763004;M-Audio MobilePre USB;C:\WINDOWS\system32\drivers\MA763004.sys [2005-11-09 17:00]
S3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;C:\WINDOWS\system32\DRIVERS\wg511nd5.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f206fe64-a1bb-11db-b8e0-000f66458533}]
\Shell\AutoRun\command - E:\setupSNK.exe

*Newly Created Service* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder
"2008-07-01 17:38:40 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Michael DiBiase at 12 38 PM.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
"2008-06-17 04:40:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-12-10 05:40:28 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{B7A7BEBE-10D3-4D4F-8300-6854DE4D8CDC} - C:\WINDOWS\system32\iifecyvW.dll
HKCU-Run-Free Download Manager - C:\Program Files\Free Download Manager\fdm.exe
HKCU-Run-MtdAcqu - C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
MSConfigStartUp-5c209a97 - C:\WINDOWS\system32\ilpftjbe.dll
MSConfigStartUp-HostManager - C:\Program Files\Common Files\AOL\1143498087\ee\AOLSoftware.exe
MSConfigStartUp-HPHUPD04 - C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe
MSConfigStartUp-lphcj4dj0e13e - C:\WINDOWS\system32\lphcj4dj0e13e.exe
MSConfigStartUp-Pando - C:\Program Files\Pando Networks\Pando\Pando.exe
MSConfigStartUp-SMrhcn4dj0e13e - C:\Program Files\rhcn4dj0e13e\rhcn4dj0e13e.exe
MSConfigStartUp-SMshcl4dj0e13e - C:\Program Files\shcl4dj0e13e\shcl4dj0e13e.exe
MSConfigStartUp-SpyHunter Security Suite - C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
MSConfigStartUp-SpySweeper - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
MSConfigStartUp-ymetray - C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-04 09:47:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????Qj?w^k?w?P???? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-07-04 9:51:27 - machine was rebooted [Michael DiBiase]
ComboFix-quarantined-files.txt 2008-07-04 13:51:23

Pre-Run: 80,086,802,432 bytes free
Post-Run: 80,048,730,112 bytes free

275 --- E O F --- 2008-06-20 04:26:34


Updated HiJack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:13 AM, on 7/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
E:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [StatusClient] "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" /auto
O4 - HKLM\..\Run: [TomcatStartup] "C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=laptop
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer...DataManager.CAB
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: MobilePre Installer (MobilePreInstallerService) - M-Audio - C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 8206 bytes

Edited by mld338, 04 July 2008 - 09:08 AM.


#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:56 PM

Posted 04 July 2008 - 09:30 AM

Hi,

Navigate to and delete the following files:

C:\WINDOWS\system32\4.tmp
C:\WINDOWS\system32\15.tmp
C:\WINDOWS\system32\C.tmp
C:\WINDOWS\system32\13.tmp
C:\WINDOWS\system32\14.tmp
C:\WINDOWS\system32\12.tmp
C:\WINDOWS\system32\11.tmp

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Sidenote... I notice from the log that there's more than 1 Antivirus installed. CA Internet Security Suite, AV8 and McAfee.
Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!
The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.
Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown.

So you have to make a decision here and keep the Antivirus you prefer and uninstall the other one.
Then reboot after uninstalling.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 mld338

mld338
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 04 July 2008 - 10:30 AM

I followed all of your directions, and everything is running great! I uninstalled the extra anti-virus programs, and deleted the recommended filed. I really appreciate all of the help you have provided, and will certainly tell all of my friends about this great website!

-Mike

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:56 PM

Posted 04 July 2008 - 10:35 AM

Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:56 PM

Posted 11 July 2008 - 02:52 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users