Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant Remove Sursidekick After Using Guides


  • This topic is locked This topic is locked
5 replies to this topic

#1 scyros420

scyros420

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 28 August 2006 - 04:49 PM

i dont know whats up with this surfsidekick but it is ridiculous, ive read a lot of guides on how to remove it, including the one listed on this site, plz help it is killing my new dual core. when i try to remove it using hijackthis, the program has some error and stops
here is the hijackthis log
thankyou in advance
Logfile of HijackThis v1.99.1
Scan saved at 2:47:34 PM, on 8/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DISC\DISCover.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\outlook\outlook.exe
C:\WINDOWS\system32\lotlldps.exe
C:\WINDOWS\system32\wfxqhv.exe
C:\WINDOWS\system32\n9nyb.exe
C:\WINDOWS\system32\ghynf.exe
C:\WINDOWS\system32\zqskw.exe
C:\WINDOWS\tdkzrzhA.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\iiiu\iiium.exe
C:\Program Files\PSLister\PSLister.exe
C:\Program Files\CMFibula\CMFibula.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\install.exe
C:\Program Files\DISC\DiscStreamHub.exe
c:\nwnmff_14.exe
C:\WINDOWS\IA\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\cmd.exe
c:\dfndrff_14.exe
c:\kybrdff_14.exe
C:\WINDOWS\system32\cvn0.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\WINDOWS\system32\ghixwuxd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Documents and Settings\HP_Administrator\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R3 - URLSearchHook: (no name) - _{A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\benir.exe
F2 - REG:system.ini: UserInit=userinit.exe,myumcqv.exe
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469F-83B8-BD2AE6D9FA2E} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-83B8-BD2AE6D9FA2E} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\system32\cvn0.exe
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [ms069996177206] C:\WINDOWS\ms069996177206.exe
O4 - HKLM\..\Run: [tdkzrzhA] C:\WINDOWS\tdkzrzhA.exe
O4 - HKLM\..\Run: [afl97639] RUNDLL32.EXE w0726a96.dll,n 00397636000000030726a96
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Scbu] "C:\DOCUME~1\HP_ADM~1\APPLIC~1\MANTEC~1\wucrtupd.exe" -vt yazr
O4 - HKCU\..\Run: [Pxznjg] C:\Program Files\F?nts\m?iexec.exe
O4 - HKCU\..\Run: [iiiu] C:\PROGRA~1\COMMON~1\iiiu\iiium.exe
O4 - HKCU\..\Run: [PSLister] "C:\Program Files\PSLister\PSLister.exe"
O4 - HKCU\..\Run: [CMFibula] "C:\Program Files\CMFibula\CMFibula.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FAE89E2-9CAA-45A7-B4DE-430971615821}: NameServer = 192.168.0.1,192.168.0.2
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
O20 - AppInit_DLLs: repairs303169590.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

BC AdBot (Login to Remove)

 


#2 scyros420

scyros420
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 28 August 2006 - 07:24 PM

it is getting worse as i speak, i know u guys are busy, and i appreciate the help u give others, when u can i need ur help, im desperate

#3 scyros420

scyros420
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 29 August 2006 - 04:20 PM

i was able to get rid of the biggies like sursidekick and some other trojans but i still have something, when i run ad-aware and spybot they find about 20 (way better than the 150 it was finding before)
any help would be greatly appreciated here is the combofix log, followed by the hijackthis log in the next post
HP_Administrator - 06-08-29 14:13:14.46
ComboFix 06.08.27BT - Running from: C:\Documents and Settings\HP_Administrator\Desktop

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\zqskw.exe

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\HP_Administrator\Application Data\MANTEC~1
C:\QooBox\Purity\Documents and Settings\HP_Administrator\Application Data\MANTEC~1\MANTEC~1
C:\QooBox\Purity\Documents and Settings\HP_Administrator\My Documents\FNTS~1
C:\QooBox\Purity\Program Files\FNTS~1
C:\QooBox\Purity\Program Files\MCROSO~1.NET
C:\QooBox\Purity\Program Files\Common Files\STEM~1
C:\QooBox\Purity\WINDOWS\CROSOF~1
C:\QooBox\Purity\WINDOWS\system32\SEMBLY~1


((((((((((((((((((((((((((((((( Files Created from 2006-07-29 to 2006-08-29 ))))))))))))))))))))))))))))))))))


2006-08-28 20:33 13,844 --a------ C:\WINDOWS\system32\doouyliv.exe
2006-08-28 16:36 13,844 --a------ C:\WINDOWS\system32\uphkmjbm.exe
2006-08-28 16:10 13,844 --a------ C:\WINDOWS\system32\meiuwaco.exe
2006-08-28 15:55 13,844 --a------ C:\WINDOWS\system32\hdgxjhfm.exe
2006-08-28 15:10 13,844 --a------ C:\WINDOWS\system32\lydvyqmg.exe
2006-08-28 14:49 13,844 --a------ C:\WINDOWS\system32\teiysgdu.exe
2006-08-28 14:13 13,844 --a------ C:\WINDOWS\system32\ghixwuxd.exe
2006-08-28 14:11 13,844 --a------ C:\WINDOWS\system32\lotlldps.exe
2006-08-27 23:37 13,844 --a------ C:\WINDOWS\system32\lqomxyxg.exe
2006-08-27 23:04 13,844 --a------ C:\WINDOWS\system32\dtoarxvo.exe
2006-08-27 21:28 13,844 --a------ C:\WINDOWS\system32\bcbjxxkq.exe
2006-08-27 19:48 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2006-08-27 19:48 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2006-08-27 19:39 13,844 --a------ C:\WINDOWS\system32\lmgykdhh.exe
2006-08-27 13:16 13,844 --a------ C:\WINDOWS\system32\wbhqmxfq.exe
2006-08-27 12:37 13,844 --a------ C:\WINDOWS\system32\wtxkjvcu.exe
2006-08-27 12:37 13,844 --a------ C:\WINDOWS\system32\blhocotg.exe
2006-08-27 12:36 13,844 --a------ C:\WINDOWS\system32\wwbasrnf.exe
2006-08-27 12:35 25 --a------ C:\WINDOWS\win320799617720692006.exe
2006-08-27 02:01 13,844 --a------ C:\WINDOWS\system32\dtjxhwhx.exe
2006-08-27 01:14 13,844 --a------ C:\WINDOWS\system32\onunsobg.exe
2006-08-26 22:13 349,760 -ra------ C:\WINDOWS\system32\mcinsctl.dll
2006-08-26 22:13 288,320 -ra------ C:\WINDOWS\system32\mcgdmgr.dll
2006-08-26 16:20 13,844 --a------ C:\WINDOWS\system32\adyescpq.exe
2006-08-26 15:55 13,844 --a------ C:\WINDOWS\system32\nojcamvn.exe
2006-08-26 15:53 964,676 ---hs---- C:\WINDOWS\system32\nqtwa.ini2
2006-08-26 15:39 61,952 --a------ C:\WINDOWS\system32\afl97639.dll
2006-08-26 15:39 45,056 --a------ C:\WINDOWS\system32\fufudc.exe
2006-08-26 15:39 24,576 --a------ C:\WINDOWS\system32ha3f.exe
2006-08-26 15:39 24,576 --a------ C:\WINDOWS\system32\ha3f.exe
2006-08-26 15:39 13,844 --a------ C:\WINDOWS\system32\xeqjnlqy.exe
2006-08-26 15:39 1,233 --a------ C:\WINDOWS\system32\afl97639.sys
2006-08-26 15:39 0 --a------ C:\WINDOWS\system32fufudc.exe
2006-08-26 15:38 544,816 -r-hs---- C:\WINDOWS\tdkzrzhA.exe
2006-08-26 15:38 494 --a------ C:\WINDOWS\jpeli.dll
2006-08-26 15:38 493,728 -r-hs---- C:\WINDOWS\tdkzrzh.exe
2006-08-26 15:38 21,504 --a------ C:\WINDOWS\offun.exe
2006-08-26 15:38 186,223 --a------ C:\WINDOWS\srvpatbbwy.exe
2006-08-26 15:38 13,844 --a------ C:\WINDOWS\system32\ksppbdoe.exe
2006-08-26 15:36 28,672 --a------ C:\WINDOWS\system32\iqqr.exe
2006-08-26 14:27 13,844 --a------ C:\WINDOWS\system32\eafncuyb.exe
2006-08-26 13:43 13,844 --a------ C:\WINDOWS\system32\wqapnalq.exe
2006-08-26 13:35 13,844 --a------ C:\WINDOWS\system32\rubuahxp.exe
2006-08-21 13:48 53,248 --a------ C:\WINDOWS\uni_ehhhh.exe
2006-08-18 00:07 13,844 --a------ C:\WINDOWS\system32\vqqylljk.exe
2006-08-17 23:44 13,844 --a------ C:\WINDOWS\system32\oclawhha.exe
2006-08-16 23:43 12,820 --a------ C:\WINDOWS\system32\xncslury.exe
2006-08-16 23:43 12,308 --a------ C:\WINDOWS\system32\ampgggho.exe
2006-08-16 23:43 1,024,356 ---hs---- C:\WINDOWS\system32\nqtwa.bak1
2006-08-15 23:43 960,756 ---hs---- C:\WINDOWS\system32\nqtwa.bak2
2006-08-13 11:49 69,632 --a------ C:\WINDOWS\system32\compstuig.dll
2006-08-10 03:47 70,656 --a------ C:\WINDOWS\system32\btpanuib.dll
2006-08-10 03:47 66,048 --a------ C:\WINDOWS\system32\clbcatix.dll
2006-08-08 23:13 0 --a------ C:\WINDOWS\system32\loaded.exe
2006-08-07 20:38 573,492 ---hs---- C:\WINDOWS\system32\awtqn.dll
2006-08-07 20:03 2 --a------ C:\WINDOWS\system32\wnsinttr.exe
2006-08-07 08:17 61,440 --a------ C:\WINDOWS\system32\BattyRun2.dll
2006-08-04 11:51 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-07-31 09:25 24,576 --a------ C:\WINDOWS\system32\ewxcksr.exe
2006-07-31 09:25 1,142,784 --a------ C:\WINDOWS\system32\kcnzrop6.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-29 14:13 -------- d-------- C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2006-08-29 13:34 -------- d-------- C:\Program Files\DISC
2006-08-28 20:30 -------- d-------- C:\Program Files\Common Files
2006-08-27 20:00 -------- d-------- C:\Documents and Settings\HP_Administrator\Application Data\HP
2006-08-27 15:11 -------- d-------- C:\Program Files\Lavasoft
2006-08-27 15:11 -------- d-------- C:\Documents and Settings\HP_Administrator\Application Data\Lavasoft
2006-08-27 12:30 -------- d-------- C:\Program Files\Common Files\iiiu
2006-08-26 22:14 -------- d-------- C:\Program Files\McAfee.com
2006-08-26 16:19 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-26 15:56 -------- d-------- C:\Program Files\Movie Maker
2006-08-26 15:56 -------- d-------- C:\Program Files\Messenger
2006-08-26 15:39 -------- d-------- C:\Program Files\CMFibula
2006-08-26 15:39 -------- d-------- C:\Program Files\Batty2
2006-08-26 13:34 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-08-26 00:42 -------- d-------- C:\Program Files\Warcraft III
2006-08-23 11:56 7978428 --a------ C:\Program Files\Winamp.zip
2006-08-19 14:07 -------- d-------- C:\Documents and Settings\HP_Administrator\Application Data\FrostWire
2006-08-18 21:32 -------- d-------- C:\Program Files\DAEMON Tools
2006-08-17 20:48 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-17 20:43 -------- d-------- C:\Program Files\Ubisoft
2006-08-16 16:50 -------- d-------- C:\Program Files\Adobe
2006-08-15 18:13 -------- d-------- C:\Program Files\Anti-Blaxx
2006-08-15 17:57 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-08-15 17:43 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-08-15 17:40 -------- d-------- C:\Program Files\Firaxis Games
2006-08-15 17:38 -------- d-------- C:\Program Files\Alcohol Soft
2006-08-15 17:16 -------- d-------- C:\Program Files\Microsoft Games
2006-08-15 17:13 -------- d-------- C:\Program Files\Common Files\WhenU
2006-08-15 17:13 -------- d-------- C:\Documents and Settings\HP_Administrator\Application Data\WhenU
2006-08-15 17:12 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2006-08-15 17:07 96256 --a------ C:\WINDOWS\system32\drivers\sptd6061.sys
2006-08-15 17:07 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-08-14 22:34 -------- d-------- C:\Program Files\utorrent
2006-08-14 19:44 -------- d-------- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2006-08-13 00:49 -------- d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2006-08-12 03:01 -------- d-------- C:\Program Files\Internet Explorer
2006-08-08 20:16 -------- d-------- C:\Program Files\Yahoo!
2006-08-08 20:15 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-08 20:15 -------- d-------- C:\Documents and Settings\HP_Administrator\Application Data\Shareaza
2006-08-07 02:08 -------- d-------- C:\Program Files\iTunes
2006-08-07 02:08 -------- d-------- C:\Program Files\iPod
2006-08-06 16:55 -------- d-------- C:\Program Files\Common Files\Hewlett-Packard
2006-08-04 15:11 -------- d-------- C:\Documents and Settings\HP_Administrator\Application Data\funkitron
2006-08-04 11:54 -------- d-------- C:\Program Files\Common Files\Autodesk Shared
2006-08-04 11:54 -------- d-------- C:\Program Files\Autodesk
2006-08-03 19:38 -------- d-------- C:\Program Files\Winamp
2006-08-03 17:57 -------- d-------- C:\Program Files\FrostWire
2006-08-02 20:45 -------- d-------- C:\Documents and Settings\HP_Administrator\Application Data\.BitTornado
2006-08-01 15:29 -------- d-------- C:\Program Files\QuickTime
2006-07-27 06:24 679424 --------- C:\WINDOWS\system32\inetcomm.dll
2006-07-26 15:24 -------- d-------- C:\Program Files\WinAce
2006-07-26 13:48 -------- d-------- C:\Documents and Settings\HP_Administrator\Application Data\Real
2006-07-22 01:18 -------- d-------- C:\Documents and Settings\HP_Administrator\Application Data\Sun
2006-07-21 01:24 72704 --------- C:\WINDOWS\system32\hlink.dll
2006-07-20 13:24 -------- d---s---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2006-07-15 23:53 -------- d-------- C:\Program Files\InterActual
2006-07-09 15:12 -------- d-------- C:\Program Files\Google
2006-07-09 15:12 -------- d-------- C:\Program Files\DivX
2006-07-09 15:12 -------- d-------- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
2006-07-04 21:48 -------- d-------- C:\Program Files\WildTangent
2006-07-04 21:35 -------- d-------- C:\Program Files\Microsoft Office
2006-07-04 21:35 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-07-04 21:34 -------- d-------- C:\Program Files\Snapshot Viewer
2006-07-04 21:34 -------- d-------- C:\Program Files\Common Files\System
2006-07-04 21:29 -------- d-------- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft Web Folders
2006-07-03 13:07 -------- d-------- C:\Program Files\Windows Media Player
2006-07-03 13:04 -------- d-------- C:\Program Files\Outlook Express
2006-07-02 21:56 -------- d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2006-07-02 18:28 2829 --a------ C:\WINDOWS\War3Unin.pif
2006-07-02 18:28 139264 --a------ C:\WINDOWS\War3Unin.exe
2006-07-02 18:12 -------- d-------- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
2006-07-02 18:11 -------- d-------- C:\Documents and Settings\HP_Administrator\Application Data\HPQ
2006-06-15 14:55 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-06-15 14:55 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-06-15 14:55 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-06-15 14:55 620180 --a------ C:\WINDOWS\system32\DivX.dll
2006-06-14 10:49 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-06-12 12:22 520192 --a------ C:\WINDOWS\system32\DivXsm.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"AlwaysReady Power Message APP"="ARPWRMSG.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"RTHDCPL"="RTHDCPL.EXE"
"HPHUPD08"="c:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"DISCover"="C:\\Program Files\\DISC\\DISCover.exe"
"DiscUpdateManager"="C:\\Program Files\\DISC\\DiscUpdateMgr.exe"
"DMAScheduler"="c:\\Program Files\\Sonic\\DigitalMedia Plus\\DigitalMedia Archive\\DMAScheduler.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
@=""
"PCDrProfiler"=""
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
48,50,5c,48,50,20,53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,\
75,53,63,68,64,32,2e,65,78,65,00
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Anti-Blaxx Manager"="C:\\Program Files\\Anti-Blaxx\\Anti-Blaxx.exe"
"k6mmN5IOU"="\"C:\\WINDOWS\\system32\\wfxqhv.exe\""
"ACTX1"="C:\\WINDOWS\\v1201.exe"
"ms069996177206"="C:\\WINDOWS\\ms069996177206.exe"
"tdkzrzhA"="C:\\WINDOWS\\tdkzrzhA.exe"
"afl97639"="RUNDLL32.EXE w0726a96.dll,n 00397636000000030726a96"
"McRegWiz"="C:\\PROGRA~1\\mcafee.com\\agent\\mcregwiz.exe /autorun"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Scbu"="\"C:\\DOCUME~1\\HP_ADM~1\\APPLIC~1\\MANTEC~1\\wucrtupd.exe\" -vt yazr"
"Pxznjg"="C:\\Program Files\\F?nts\\m?iexec.exe"
"iiiu"="C:\\PROGRA~1\\COMMON~1\\iiiu\\iiium.exe"
"PSLister"="\"C:\\Program Files\\PSLister\\PSLister.exe\""
"CMFibula"="\"C:\\Program Files\\CMFibula\\CMFibula.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Movie Maker\\pomoko.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\Messenger\\mekehexe.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\clbcatex
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwil32


Completion time: Tue 08/29/2006 14:14:26.00
ComboFix.txt
ComboFix2.txt

#4 scyros420

scyros420
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 29 August 2006 - 04:21 PM

hijack log.

Logfile of HijackThis v1.99.1
Scan saved at 2:19:51 PM, on 8/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\tdkzrzhA.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\iiiu\iiium.exe
C:\Program Files\CMFibula\CMFibula.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\utorrent\utorrent.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [ms069996177206] C:\WINDOWS\ms069996177206.exe
O4 - HKLM\..\Run: [tdkzrzhA] C:\WINDOWS\tdkzrzhA.exe
O4 - HKLM\..\Run: [afl97639] RUNDLL32.EXE w0726a96.dll,n 00397636000000030726a96
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Scbu] "C:\DOCUME~1\HP_ADM~1\APPLIC~1\MANTEC~1\wucrtupd.exe" -vt yazr
O4 - HKCU\..\Run: [Pxznjg] C:\Program Files\F?nts\m?iexec.exe
O4 - HKCU\..\Run: [iiiu] C:\PROGRA~1\COMMON~1\iiiu\iiium.exe
O4 - HKCU\..\Run: [PSLister] "C:\Program Files\PSLister\PSLister.exe"
O4 - HKCU\..\Run: [CMFibula] "C:\Program Files\CMFibula\CMFibula.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FAE89E2-9CAA-45A7-B4DE-430971615821}: NameServer = 192.168.0.1,192.168.0.2
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:15 PM

Posted 31 August 2006 - 10:55 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

By replying into your own thread several times you've delayed a response because it appears that you are already getting help. Please don't bump your thread.

Please post a new log from Combofix in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:15 PM

Posted 15 September 2006 - 06:11 PM

As there has been no response, and this thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users