Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Eblaster


  • Please log in to reply
32 replies to this topic

#1 ltlua

ltlua

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 21 November 2006 - 07:43 PM

I followed the directions for removing eBlaster does everything look ok now? :thumbsup:


Logfile of HijackThis v1.99.1
Scan saved at 7:36:05 PM, on 11/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Movielink\MovielinkManager\Movielink User.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ALEXMA~1\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/mpfplus/en-us/mp...ystempopup=true
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [LoadMSvcmm] "C:\Program Files\Movielink\MovielinkManager\Movielink User.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MPSExe] "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" /embedding
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,9...pdatePortal.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02b.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126229325578
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {871AA60B-D425-4784-AD09-6C2E63342CAD} (vzDLinkRouterUpgrade Class) - http://download.verizon.net/sfp/Cabs/dlink.../FrmUpDLink.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: Logehvga - {FF2C4AC2-1293-497F-999A-EE77A9C902DE} - C:\WINDOWS\system32\3dihsrv.dll
O21 - SSODL: Conexart - {FC688A8C-FC4D-4D43-9536-CD5BBACB455C} - C:\WINDOWS\system32\mp3ixbio.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Movielink Core Service - Movielink LLC - C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

BC AdBot (Login to Remove)

 


#2 logreeval

logreeval

  • Members
  • 351 posts
  • OFFLINE
  •  
  • Location:Petaluma, California
  • Local time:05:32 PM

Posted 22 November 2006 - 09:17 PM

Hello ltlua and Welcome to BleepingComputer!

I am logreeval and will be helping you clean your computer. I am currently reviewing your log, I will post as soon as I can.

logreeval

Are you infected?, if you need help, go here!
Do you want to learn how you got infected, and how to prevent it? Try looking here!
For some free malware removal/prevention tools, and some malware prevention advice, check out my site!

Please don't PM me asking for help, post on the forums instead.

Am I helping you and haven't replied in a few days?, Go ahead and send me a polite PM.

Posted Image


#3 logreeval

logreeval

  • Members
  • 351 posts
  • OFFLINE
  •  
  • Location:Petaluma, California
  • Local time:05:32 PM

Posted 23 November 2006 - 01:17 AM

Hello Again ltlua!

I need to see another HijackThis log, but you need to extract (unzip) HijackThis first. Otherwise the backups made when items are fixed won't be secure. The easiest way to accomplish this is to reinstall and delete any copies of HijackThis.zip you have saved.

Please download the self-extracting version of HijackThis from here:

HijackThis_sfx download

Save HijackThis_sfx to your desktop.

Double-click the file then click the Unzip button. Then close the Self-Extractor window.

Using My Computer/Windows Explorer, navigate to C:\Program Files\HijackThis and double click on HijackThis.exe to run it. If you would like to make a shortcut for your Desktop so it's more easily accessable, right click HijackThis.exe and choose Send To > Desktop (create shortcut).

Please run the extracted HijackThis.exe from now on. Delete any copies of HijackThis.zip that you have saved.

-------------------

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02b.cab

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

-------------------

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

-------------------

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
-------------------

So, in the next reply:

-Fresh HijackThis Log
-Kaspersky Log
-Uninstall List

logreeval

Are you infected?, if you need help, go here!
Do you want to learn how you got infected, and how to prevent it? Try looking here!
For some free malware removal/prevention tools, and some malware prevention advice, check out my site!

Please don't PM me asking for help, post on the forums instead.

Am I helping you and haven't replied in a few days?, Go ahead and send me a polite PM.

Posted Image


#4 ltlua

ltlua
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 28 November 2006 - 07:57 PM

Here is the results of the list u asked for.
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0.5
Adobe Reader 7.0.8
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
ALPS Touch Pad Driver
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
ATI Control Panel
ATI Display Driver
Broadcom Management Programs 2
Conexant D110 MDC V.9x Modem
Dell Digital Jukebox Driver
Dell Media Experience
Dell Picture Studio v3.0
Dell Support 5.0.0 (630)
Digital Line Detect
EarthLink setup files
GdiplusUpgrade
Google Earth
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Photo & Imaging 3.1
HP PSC & OfficeJet 3.0
HP Software Update
Intel® PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
iPod for Windows 2005-09-23
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
Macromedia Flash Player
Macromedia Flash Player 8
McAfee Personal Firewall Plus
McAfee Privacy Service
McAfee SecurityCenter
McAfee VirusScan
mCore
mDrWiFi
Memories Disc Creator 2.0
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Movielink Manager
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
mToolkit
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mXML
mZConfig
NetWaiting
overland
PowerDVD 5.3
QuickBooks Simple Start Special Edition
QuickSet
RealPlayer Basic
Security Task Manager 1.7
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Spy Sweeper
SpyHunter
TurboTax Basic 2005
TurboTax ItsDeductible 2005
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Verizon Broadband Toolbar
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WexTech AnswerWorks
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WordPerfect Office 12
Yahoo! Toolbar

#5 ltlua

ltlua
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 28 November 2006 - 11:09 PM

here is the HJT log: (the kaspersky scan sight was not working at this time) will try tomorrow!!!!
Logfile of HijackThis v1.99.1
Scan saved at 7:56:13 PM, on 11/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Movielink\MovielinkManager\Movielink User.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/mpfplus/en-us/mp...ystempopup=true
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [LoadMSvcmm] "C:\Program Files\Movielink\MovielinkManager\Movielink User.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MPSExe] "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" /embedding
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,9...pdatePortal.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126229325578
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {871AA60B-D425-4784-AD09-6C2E63342CAD} (vzDLinkRouterUpgrade Class) - http://download.verizon.net/sfp/Cabs/dlink.../FrmUpDLink.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: Logehvga - {FF2C4AC2-1293-497F-999A-EE77A9C902DE} - C:\WINDOWS\system32\3dihsrv.dll
O21 - SSODL: Conexart - {FC688A8C-FC4D-4D43-9536-CD5BBACB455C} - C:\WINDOWS\system32\mp3ixbio.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Movielink Core Service - Movielink LLC - C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Edited by ltlua, 28 November 2006 - 11:19 PM.


#6 ltlua

ltlua
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 29 November 2006 - 06:57 PM

Here is the kasperspy report:

KASPERSKY ONLINE SCANNER REPORT
Wednesday, November 29, 2006 6:52:54 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 29/11/2006
Kaspersky Anti-Virus database records: 246779


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 81264
Number of viruses found 1
Number of infected objects 6 / 0
Number of suspicious objects 0
Duration of the scan process 01:41:06

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Alex Martinez\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped

C:\Documents and Settings\Alex Martinez\Application Data\Webroot\Spy Sweeper\Logs\061129072018.ses Object is locked skipped

C:\Documents and Settings\Alex Martinez\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Alex Martinez\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped

C:\Documents and Settings\Alex Martinez\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Alex Martinez\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Alex Martinez\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Alex Martinez\Local Settings\History\History.IE5\MSHist012006112920061130\index.dat Object is locked skipped

C:\Documents and Settings\Alex Martinez\Local Settings\Temp\qdiagd.log Object is locked skipped

C:\Documents and Settings\Alex Martinez\Local Settings\Temp\verizon_Broadband_Toolbar.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.MegaSearch.b skipped

C:\Documents and Settings\Alex Martinez\Local Settings\Temp\verizon_Broadband_Toolbar.exe/stream Infected: not-a-virus:AdWare.Win32.MegaSearch.b skipped

C:\Documents and Settings\Alex Martinez\Local Settings\Temp\verizon_Broadband_Toolbar.exe NSIS: infected - 2 skipped

C:\Documents and Settings\Alex Martinez\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Alex Martinez\ntuser.dat Object is locked skipped

C:\Documents and Settings\Alex Martinez\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd002.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\175916c20fe639e5fd0a011ec6a26346_6a8e5f10-7922-4e71-8079-4a2bd9b79961 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped

C:\Documents and Settings\Lisa Martinez\Local Settings\Temp\verizon_Broadband_Toolbar.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.MegaSearch.b skipped

C:\Documents and Settings\Lisa Martinez\Local Settings\Temp\verizon_Broadband_Toolbar.exe/stream Infected: not-a-virus:AdWare.Win32.MegaSearch.b skipped

C:\Documents and Settings\Lisa Martinez\Local Settings\Temp\verizon_Broadband_Toolbar.exe NSIS: infected - 2 skipped

C:\Documents and Settings\Lisa Martinez\Local Settings\Temporary Internet Files\AntiPhishing\6729BBF9-D54C-48CB-A4D7-AD400339D808.dat Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS006F4994-7AF0-4B09-8147-DAE586C774CE.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS02888B5A-6AA0-4E36-B5B0-FB33D7380A5E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0520DF12-5896-4841-A83D-8D4B5335CB23.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS079C05A3-6E43-4C1B-8B29-03281F38036D.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS07B11369-BC13-4E3A-9C75-059584892200.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0A36E16E-2D29-4AFC-B144-CF90CAC680AF.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0AB1B4F1-3B58-4A9C-9570-AAB626C714C7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0F3FA2FB-89D0-4956-A6DD-FA5C3AC201E1.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS19530B3F-7D59-4927-9077-EBB7E19A6094.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS195FCD4C-AE9D-4AF3-9238-F39BD8D22163.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2117439A-E2FF-4F5B-9656-B8679CA0A296.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2228C4D0-7756-4823-BCB6-B52CD3A8148C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS283C91D3-CBB4-4F0A-9E0D-6EA0965A4758.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2EC4FC97-F985-4D8C-A3DE-E7DB7ACE7CFA.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS339CC96F-ADB3-4358-9DFB-62828F6472AE.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS39CE3F1B-4574-4861-8C99-C326CFBD3963.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3B18256D-0408-4AAC-BDBA-C170D3C6F662.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3C70C0B0-398B-4E76-A96F-55F01A1C278E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3DB5ACB3-244C-460D-A18E-BB334BDF7F56.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3FFC78B0-E5E5-4985-B4EE-D26B0FC01B54.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS489360DA-092A-4513-A470-CD08A80E32D7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS49A1CE07-58E8-460C-BE1E-76544644A726.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4B6645BB-7504-43D1-B522-61669CD6789C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4CC7B08D-D705-4412-AB45-E12A167BAC38.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4FA64EF8-BA9C-4F76-838D-F190D9DE34B2.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS51DBF031-74F4-46AB-AB1F-FCEB4FC4CCE5.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS523DA88C-793D-47D7-A4DB-E917AE675A24.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5654AEFF-BB52-43C3-9E1B-4751E3F7730A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6247E7FF-2E47-41E6-966B-23628FCAF086.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS648122E5-E21A-4CAF-ACCD-495B047E0648.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS64EF3005-6AAC-40B1-A739-06B6E22C84CB.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS68D07517-1F23-4EDF-8EE0-84F97C47DBBD.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS68ED2D8B-69BC-4DCC-A64C-A0D5FA318801.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6B2FC74D-B624-4406-8C93-7755DA97E0F8.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6B43C1FF-FF76-4BDB-B4DD-365880A785F5.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6D2CE234-F4F4-44B0-8E6B-A3403E37A0E2.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS711777E0-589B-47C6-A25B-D95BF2934F7A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS796FDC29-AF98-4203-A79C-C8A929906380.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS79F09E8B-CB98-4FC8-9B62-3562F4DD51A4.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7C667B22-D207-4F45-AA84-86E6B98E13A8.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8300B341-A107-4AE8-9D5C-78F0734D2DFE.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS83FBE522-5078-4AE8-A1CA-9CD313732A68.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS84880493-5028-448F-B6E4-F22A9E674008.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8645C1C2-3BC3-48C9-8E2A-39C57F2DA8C2.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS883253AA-9289-4D71-9358-15A1D15E2393.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8A554EC8-799F-4AED-8F8C-AD5042D10EC1.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8B1CF1CB-5146-426A-8FB9-150A14C4E3E0.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8B29BAF4-5CFD-49DF-862F-B91904FBF3DF.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8ED225DF-E56C-44F9-9F58-C241355CAB6C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9265F124-42F1-46EC-83CD-6A2E8B0EDC3B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS93392FB2-CA0F-4C06-A300-D470FDB2706B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS95647CCB-7E17-4387-BE3A-CEBADBA480AA.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS967DF1FA-44A8-424D-987B-1FDE7AFA8D14.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS99D4222E-FB9E-4B2E-88E5-5E820DE045AB.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA01EDDAE-FC6C-42F0-AD1D-ADB2174BF0D7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA8CA8560-8A72-443A-A262-165885952F0E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAA3C6E7A-1680-4D92-8F66-B023368E522B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAA8C0E4B-4F16-4192-B348-A1827DFDB371.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAB840C1D-6F20-4076-8AE7-8B820F356075.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAF652B2A-7942-42CD-A437-04C6EEDC6AD9.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB0352B65-C31B-4ECC-9973-079019B8D039.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB4DBBF10-2033-45BB-8286-8808901DC2CF.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBA5C799C-EE52-4738-AB56-10AD772B6B12.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC109D908-7B47-46FB-B7CE-BD7B1BCF14FE.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC1807C93-14EB-4288-80C7-3C8E8D577C28.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC59686A6-3598-4E64-84A4-2B8A355601FA.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC8CC32F4-F41D-47ED-B0D5-E243A432A3BF.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC99A02CF-476E-4866-B1E6-CB66A2373A4C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC0EC7D2-E601-4118-ACE7-A8F613E5A3CB.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD090E274-14A8-44D9-B540-70CD90E5F9AA.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD3A94209-083C-416E-B83B-EC94F76DFCAA.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD4D89FC9-9E31-44DE-9B4E-30D3B0EEBA3F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDA22B3B8-9D0D-4435-862C-15865475F194.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDA4E8B8C-D176-46BA-B29D-1AD989433521.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDB1A463E-014E-44AA-88B0-DDF582C8875C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDE67FAEA-D501-40C5-B4B5-74ADBF6A9FCA.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE22E7D26-DDBB-4FAA-BC85-71689006F161.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE5334F32-68EE-42C7-A3D2-EDC1404F0784.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE61ED4AD-7FCE-441C-8307-BEC2007A2D24.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE7CA0B12-6168-4DC9-A10E-81BED2862FDC.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE7F83BCB-22E0-4B07-B677-DFB94351D232.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEA3BABCA-8AC2-45CF-8A5D-6ACEF7AE2C3D.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEBA8F8E2-87D2-4F4E-9565-EB2A18FBC2BD.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEF30FA21-C4D7-4669-A445-8C140A50C708.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF09EE22A-CDFB-4214-A88F-57DBC7E8290C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF3E3924C-6A4E-4DE8-AEA1-A11176817F9B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF7159D66-9545-421A-A4A8-8DFC7E5AEE6A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF7DD311C-84A9-4123-A0E6-EA35980E0F3E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFCB28F96-982B-4B25-A2DF-3665D52D0C11.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFE68B01C-8691-4545-8E16-AFD103603D70.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFEC62A62-2B0C-4B9C-876B-2B09962E8F26.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP319\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{F95D6F41-B5E4-4094-8E57-C42E2199BA86}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\3dihsrv.dll Object is locked skipped

C:\WINDOWS\system32\avilamid.dll Object is locked skipped

C:\WINDOWS\system32\camocmin.dll Object is locked skipped

C:\WINDOWS\system32\cateppol.dll Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\ctleptab32.dll Object is locked skipped

C:\WINDOWS\system32\getitsub\004FF6E0AB906D893C8E71878C757CF674CA77A6.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\0487E22278C8D0E205171C75BF6BFB5D099387C6.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\0630D4E70D93AD072790B21CF2CED3D5FA62FFA0.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\09BB46649B4E4D5C39E537986A02EBCD494A822A.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\0B776527859E4E33B8F2B362528FE9D0B6A6DE54.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\0B948E5A6FF02EB88F68B7F9133EADAF6989A6F2.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\0BEF33340201EBCC06E3DD3837ED48F47E92BCE0.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\0C06FE532618C9A33A3B1AF50F0FD2E3B75EDC05.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\0DA0B82FB3489E005DBA84A22ECE874136E43009.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\0E1C9B6B1AAD9E3383DC283B471DAF71D42BE05F.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\119A66FB4C4DB2C93EABE95BDE3B9C0CCA807316.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\13082034DDE46FC68050C34871913CD60EEC8293.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\131B8B5C940590F67B917F2C259B2C04EDEE3D50.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\13F56A1E0F607DD51C1E9B2FACDFCB8825E910C5.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\148F3CE7C50C3C3D36C5208D6C1327135AC5D92E.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\14F1ABD126030D77C8E2F66E985AFB4DB8B7B77F.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\165E116AF566BB74F4E48C327D5A9AFA7B97290C.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\1AFEBA87CF82931806C8F17894CA96F8987EFEBE.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\1B2867B1F6A0707C5FF7F850143872E69864E936.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\1C703029FDD4385D7ABCD1C0B14B279B17455E66.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\200F57F0B84DE7CF206A5EDF174C09C7BC2F5932.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\2216FC36C826EFAA851135A20E485D8A11A84089.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\227CC11741C2725B251CC833E1F8E8F04997549B.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\2288FD0FCA631F4FFC8752C893466DC99CBDEE8B.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\23781B1B36CC87A65CF8E770362134DF404437DB.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\237D595FC79F39A2A0F629E7B5EB0C112BBE0673.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\24805B7078082DC81D4266719073F74D6C892171.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\26ED9C6401E350929C964065767B0D3007795FAD.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\28D1EE5A4C87791C1256502D2AA6098EEFBA51EE.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\37063693999407906423843F3EEAA3E1A2A28737.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\381CA523CDE8F89044F6C393B26B4C9E942BC9EF.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\38C7B2F3B2E8BCD19B1589AE192E3CD823D6A828.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\395531CFCB95BE5C184A1BF9998137103E2CF5DA.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\3976C1E59AEBE40E13BD1854B6D0F0A367640587.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\3AE7B9B4C43A175934E35F61EDDD59D557AAA85C.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\3CF25355BB8A42DC2C16486C7ACA0C7AEDF60F4E.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\3F9E4EA6B9999F59D1EE6DE384DCEFDBE554C926.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\441E7C319BF84F9B01033479A14FA05E707A09B6.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\4534285F145730816A7E8E7FD5141FC055CC961C.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\4672DDE4F9C062F11C7A19889635138D33E2E7F5.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\47371F1A8DE51240D31357AE3CEB47BCED105DF1.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\4C9B333FDFA4BB19D5B1A33406693A0E4D37E1DF.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\4F0A9A87F1B50CBFEEC5A20072FCAB55150ED00A.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\502919853148268B8DE2FA2412F1763D30352FCC.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\510247082B3489B84C506C24D772A53C09705ABB.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\51831B801449B17DB33D31BE6A67FEFE2EA53793.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\5195E7EB467C122408B8DF20936905F1E3887683.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\5406F0C33716A488F3E47CC1BADF7FA1F507F78C.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\548176510444D0F46B17B7F82CDC4403B74333AE.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\54BBA14CE27005417ADBBC32C667E4C32C788EA9.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\55AC81129A79D7B3D48053A04E79B8DBD63CD725.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\55D25D4D5657EFDDCCB820FEA7DE8F8FFC08CDAB.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\569B6928E08933291141D1A180055B265BC34B67.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\5814EEB7F2FE56ABC67916EF2F45ABEEBA416BD5.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\595F7B0DD147F076C90D1D4F147E4EF6AF09D7B8.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\59D7009CF52A376FBE654536397EE8CEE50A0DC3.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\5AC7D117F09E967A38BCBF8065CE37FAB0C7685A.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\5BBCE6D00DE4A8822ACF1CC0115E7878BD02E669.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\5BD7108F3339410DBE441B0BFEEBC2B3E5EE4334.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\615F291403D3B95EA1503D76AC208442F96FE273.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\61E3A9285F53FACC558DB3539735E501CE625D1F.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\62A4AC9B79E6DC7730E0C4D46B24441F6259DB05.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\62E26A77E1A2D247A0FEA1C5D88B9D9A76A72920.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\648BCE103E9B00EB52131AAA8CE5BDD9E7377F9E.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\6657F902C8771D8440D43153074F2FDBE6570ABB.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\67082933CA8B058167AF9226FFDEF59A7EF2E9F5.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\67CAD988E5F10FF2EBF045100FC14A65887F1AB7.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\68FA1B7162431BC81AD1C2A02CCCC22603DB8F30.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\6A6C050450C0A62FE901D2AE09777D41B9F1751A.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\6B3FE1BFC426CC1896F2AECCC3CC076333636403.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\6EC53DA61585BB8DD6C43B0BBBE7C000F7580D76.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\7192C158342428BFB1AEB77505E88E07E7E9512A.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\73316C8D42EDC6A392FF2BC35AEDEEAF48F374CA.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\733FA0B907FEBA64FCE561D527DF532BDC86DB99.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\7638847E58A88882D3C9ACC36A2163BBF81413DD.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\7744314C2FB2ABC0E5378F2EB41DCCE6D45B408C.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\79430CB8548160BC205E0968EFD4030416E653D4.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\79A4373C40FF6E56829F728F5AE42B577070BAFC.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\7A1F51D2D9B6DE6638F8CB01FAAAC1556BCE555F.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\7CF81F36639420452054165837EC387F8D8081BC.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\7E60816E0EDF4A4A2B38A94BE76E6521B474BC66.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\808CF0A08C9F4912EDC26F9A6CF00D97F0726DBE.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\80F9CEA04524FB2D2EA5DF8833EA249F89B79DC4.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\823F4CD8130CB9127E281F37BA3CC6505CFFB004.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\83FD15ED38F8E794C7909F0C13A447B035CEBA29.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\85AFFCF19CBDEB161C4AC5AEA056653583591E09.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\864DD9B25B17A75B23A9B4E7EA2B43F048276CFB.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\8880424425D30F323E0DB05C48DD13483278430B.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\8AC58F86A37A25E7E9A84291EF6115CD606AC85F.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\8B288246F13CA486E8ABC2FFD2657DE95D547CA8.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\8CBFC67CC7BFA1A35B7D8C2A1094CBF5A80C6D2B.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\8D4E614B18DEE13D44D12EE012FEA28DED6948D8.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\9520C7D054AEB0BFD7170D57AE6E46CD061DD444.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\966EEF6AAB7B0F0328A1EC490C6A1ED63B1CAC11.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\968875B5AEFCF5A8152DBE9AF479DE791A8A1253.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\97A16D4F94A7C0347F6DB32AE0E9DAB35B24D0DB.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\9B0A7AF3066E0107A1276883EF4525E3DCC94782.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\9B42666F784565680783E70FC6BC8627230D252C.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\9C384E9B093B80D544F81406588F51B95E56139E.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\9CDFFD70F4DFD2F3695A500CD7CD6CD405A82FC4.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\9D7B5988EFD91256C5DCFF88166402537DCF1386.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\9E27666C64C4AE744901E6B5B31A0FFAE2CC7651.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\9EEEED6054088896A12F6C93AF8725C87F7B9618.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\9FBBA2747F01E45AB37159D471FC1E3C4C9DFE26.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\A1DBC766AE32C58D481FBEF176C0D185D2C4CD9D.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\A2597A2713DC5DE9A2D8100DBC0A4E861A0D81FC.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\A7119BEC6E2955A308AB9F021A3D4B5A85F906DF.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\A80FA85FE1E80C22423E42BC7697C58E8EA43D7C.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\A8AE455315976C346AB7A08CFFC4702CD1735091.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\A8FF29D25E73CF828199AFBDB4E6DE9C8493EEBC.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\A98A5146700EFC59430727BC23B8FA1E7F9213C4.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\AB057632100493616AD359D107A87B82CDEF706E.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\AC253FB71EC2975DB898BDD848881957F90CAFAC.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\AD4D951DB9D2053333A3A7BB18E7D96B8F6447F4.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\ADEA7AF8BFC31B3343EB0CE2CF005A6FB46C8F36.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\AEF4C765390B8BAB16C0E1BA5D41842894CEB8B5.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\AF0C050539B4C4BCD9AC4FAED80BDDB22DCCFCE1.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\B24D4B0F8B81D9E1A64D0B342A5AEE6925B8978C.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\B2EE04EAC9AA9FEDD8082CFB0856A5C505D411E5.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\B48F3EF89A6710DB647D3F1CC269ABEEF0F28AF7.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\B5E5CE97D15CE61E1C4A4E21F18786D94DA707DE.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\B6916563CFCF91CC24C5AD791433E560953BF541.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\B79A11B0DFF3659DC93C10D89E94914CCCD44FBB.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\B8BCA4E132797A6A60C77683677D94505E124C82.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\B966246797FB59BC0A8CDED308F171E8B3F8C300.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\B97CD689A480661D6DA4FD72B2F07F27EDEA073D.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\BA3C0DA441350C6BBD8F8A4E651D016795FB7559.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\BAAF738E5CDA28DB758A8A75ECBB0AC1183F98AC.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\C2AA2C294228846F6B87F0F80EFA5B4414EDBCDA.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\C3A45CA5931D75D710B84F59C18F64F81501F6ED.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\C46DA03E583A63EF4D0A3A07D4A0BA11826A20CD.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\C5D67193864FFAFEF4C1AA15D8D9BB9C43CEB2CD.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\C80D595FC890AAD07127F91B6008251337DF67B5.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\CFA54E9B5C9932F38747D6E3D86E58AA5B1B399D.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\D59B040ED7A4B0C3CE2BE9CDC31BB03BDD61C46A.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\D603BFFB79310874BD0BE8C90DDBD5E0F49B57EE.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\D6566EFC123135D57054FFDBE3862382053ACC17.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\D67C6B8F07E728F0959DD2A4E41003D1E8E0550B.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\D9019CCAA456AF4FA817B230932FCF64FFAD7391.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\DA8624BEF668B557136A9B598805B4E90958EFBD.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\DD3C810F988E9D17820AB5C796CF9F1E7F33B070.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\DD9C901C98800B4F6F15E7F75AAF7B7414DB8CCF.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\E3D214D99035C40213EEFACB7B7FD000E09B5997.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\E477C94B32CC37631A8458AFBFDD7D10062E30AC.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\E67305AC4C37609ACC665C77D632745CE6B8A662.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\ED29824EFBC3768F64A8CA25C6BE86522646E374.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\F0FAA238132C0FC1894ADE8486DC91723EB73A81.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\F392E43C8A1AA999D25253E609423FC22D712034.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\F47C01816B0420B33A6111A1402C60EF6688C072.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\F5A84DA8032269A927EFDD92B259176BFE112118.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\F5CA45F194EAE0E1BB915E165184137B7E36E9CD.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\F738150F5F333BE224788B4E67F08CA53840609C.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\F8C9599A819B1038503F760CCD75B216C1428A51.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\F91AAAEEE6F94851A88D524B6B3DFA6492D110DE.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\FC202679010E42A1B5CA96B651FF27DCD92015C4.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\FD774E6E46D9E2AC17F5FEDB54233B6263351D3C.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\FFFB405A03AED552F2B3E24910C4E18AC6AB1AF8.mbv Object is locked skipped

C:\WINDOWS\system32\getitsub\regupdel.ocx Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\ipomcmp.dll Object is locked skipped

C:\WINDOWS\system32\micohsub.dll Object is locked skipped

C:\WINDOWS\system32\mp3ixbio.dll Object is locked skipped

C:\WINDOWS\system32\mp4okbi.exe Object is locked skipped

C:\WINDOWS\system32\srvipkey32.dll Object is locked skipped

C:\WINDOWS\system32\v32ebchk.exe Object is locked skipped

C:\WINDOWS\system32\verilcer\keruvvga.dll Object is locked skipped

C:\WINDOWS\system32\verilcer\msbgra32.iro Object is locked skipped

C:\WINDOWS\system32\verilcer\msbgra32.mri Object is locked skipped

C:\WINDOWS\system32\verilcer\mspcvq32.iro Object is locked skipped

C:\WINDOWS\system32\verilcer\mspcvq32.mri Object is locked skipped

C:\WINDOWS\system32\verilcer\msquxfwin.iro Object is locked skipped

C:\WINDOWS\system32\verilcer\msquxfwin.mri Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#7 logreeval

logreeval

  • Members
  • 351 posts
  • OFFLINE
  •  
  • Location:Petaluma, California
  • Local time:05:32 PM

Posted 01 December 2006 - 12:32 AM

hello again ltlula,

lets see what we can do here...

Please download Killbox . Save it to your desktop, but DO NOT run it yet!

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O21 - SSODL: Logehvga - {FF2C4AC2-1293-497F-999A-EE77A9C902DE} - C:\WINDOWS\system32\3dihsrv.dll
O21 - SSODL: Conexart - {FC688A8C-FC4D-4D43-9536-CD5BBACB455C} - C:\WINDOWS\system32\mp3ixbio.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Viewpoint Media Player
SpyHunter
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8


Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\Viewpoint
C:\Program Files\SpyHunter


Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\Documents and Settings\Alex Martinez\Local Settings\Temp\verizon_Broadband_Toolbar.exe

Now,
  • Time for Killbox...
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\3dihsrv.dll
    C:\WINDOWS\system32\mp3ixbio.dll



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

========================

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

========================

Please tell me how those instructions went and post a fresh HijackThis log.

logreeval

Are you infected?, if you need help, go here!
Do you want to learn how you got infected, and how to prevent it? Try looking here!
For some free malware removal/prevention tools, and some malware prevention advice, check out my site!

Please don't PM me asking for help, post on the forums instead.

Am I helping you and haven't replied in a few days?, Go ahead and send me a polite PM.

Posted Image


#8 ltlua

ltlua
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 09 December 2006 - 04:21 PM

I did as instructed and did not recieve any error messages. here is a new copy of HJT, P.S. thankx for your help thus far.

Logfile of HijackThis v1.99.1
Scan saved at 4:12:07 PM, on 12/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Movielink\MovielinkManager\Movielink User.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/mpfplus/en-us/mp...ystempopup=true
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [LoadMSvcmm] "C:\Program Files\Movielink\MovielinkManager\Movielink User.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MPSExe] "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" /embedding
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,9...pdatePortal.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126229325578
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {871AA60B-D425-4784-AD09-6C2E63342CAD} (vzDLinkRouterUpgrade Class) - http://download.verizon.net/sfp/Cabs/dlink.../FrmUpDLink.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Movielink Core Service - Movielink LLC - C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#9 logreeval

logreeval

  • Members
  • 351 posts
  • OFFLINE
  •  
  • Location:Petaluma, California
  • Local time:05:32 PM

Posted 10 December 2006 - 11:22 AM

Hello ltula

just one task here...

Download Silent Runners.zip and extract it to a new folder on your Desktop.
  • Run the Silent Runners.vbs file.
  • You will receive a prompt: "Do you want to skip supplementary searches?" - click "NO."
  • If your antivirus has a script blocker, you will get a warning asking if you want to allow Silent Runners.vbs to run.
  • This script is not malicious so please allow it.
  • A text file will appear in the folder - it's not done, let it run. (It won't appear to be doing anything!)
  • Once the "All Done!" prompt flashes up, open the text file, and copy & paste it in your next reply.
logreeval

Are you infected?, if you need help, go here!
Do you want to learn how you got infected, and how to prevent it? Try looking here!
For some free malware removal/prevention tools, and some malware prevention advice, check out my site!

Please don't PM me asking for help, post on the forums instead.

Am I helping you and haven't replied in a few days?, Go ahead and send me a polite PM.

Posted Image


#10 ltlua

ltlua
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 12 December 2006 - 05:43 PM

Here is the silent runner file:

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"DellSupport" = ""C:\Program Files\Dell Support\DSAgnt.exe" /startup" ["Gteko Ltd."]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"updateMgr" = ""C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8" ["Adobe Systems Incorporated"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Apoint" = ""C:\Program Files\Apoint\Apoint.exe"" ["Alps Electric Co., Ltd."]
"IntelWireless" = ""C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless" ["Intel Corporation"]
"ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
"PCMService" = ""C:\Program Files\Dell\Media Experience\PCMService.exe"" ["CyberLink Corp."]
"Dell QuickSet" = ""C:\Program Files\Dell\QuickSet\quickset.exe"" [empty string]
"DVDLauncher" = ""C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"" ["CyberLink Corp."]
"UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"]
"MCUpdateExe" = "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" ["McAfee, Inc"]
"mmtask" = ""C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"" ["Musicmatch Inc."]
"MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"]
"LoadMSvcmm" = ""C:\Program Files\Movielink\MovielinkManager\Movielink User.exe"" ["Movielink LLC"]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"HP Software Update" = ""C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Co."]
"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
"MPSExe" = ""c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" /embedding" ["McAfee, Inc."]
"VSOCheckTask" = ""C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask" ["McAfee, Inc."]
"VirusScan Online" = ""C:\Program Files\McAfee.com\VSO\mcvsshld.exe"" ["McAfee, Inc."]
"OASClnt" = ""C:\Program Files\McAfee.com\VSO\oasclnt.exe"" ["McAfee, Inc."]
"KernelFaultCheck" = "%systemroot%\system32\dumprep 0 -k" [MS]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"SpySweeper" = ""C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray" ["Webroot Software, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "McBrwHelper Class"
\InProcServer32\(Default) = "c:\program files\mcafee.com\mps\mcbrhlpr.dll" ["McAfee, Inc."]
{3EC8255F-E043-4cae-8B3B-B191550C2A22}\(Default) = "McAfee PopupKiller"
-> {HKLM...CLSID} = "McAfee Privacy Service Popup Blocker"
\InProcServer32\(Default) = "c:\program files\mcafee.com\mps\popupkiller.dll" ["McAfee, Inc."]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided)
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {HKLM...CLSID} = "RecordNow! SendToExt"
\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data]
"{7D5C4BDD-B015-4401-8731-1507B87DE297}" = "QBVersionTool"
-> {HKLM...CLSID} = "VersionShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll" ["Intuit, Inc."]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"SsiEfr.e" [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> IntelWireless\DLLName = "C:\Program Files\Intel\Wireless\Bin\LgNotify.dll" ["Intel Corporation"]
<<!>> WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoCDBurning" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Alex Martinez\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


Startup items in "Alex Martinez" & "All Users" startup folders:
---------------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"America Online 9.0 Tray Icon" -> shortcut to: "C:\Program Files\America Online 9.0\aoltray.exe -check" ["America Online, Inc."]
"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
"QuickBooks Update Agent" -> shortcut to: "C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe" ["Intuit, Inc."]


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]
"McAfee.com Scan for Viruses - My Computer (ALEXANDLISA-Alex Martinez)" -> launches: "c:\program files\mcafee.com\vso\mcmnhdlr.exe /runtask:0" ["McAfee, Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\mclsp.dll ["McAfee, Inc."], 01 - 15, 31
%SystemRoot%\system32\mswsock.dll [MS], 16 - 18, 21 - 30
%SystemRoot%\system32\rsvpsp.dll [MS], 19 - 20


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
-> {HKLM...CLSID} = "&Links"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BA52B914-B692-46C4-B683-905236F6F655}" = "McAfee VirusScan"
-> {HKLM...CLSID} = "McAfee VirusScan"
\InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" ["McAfee, Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.4.2_03"
\InProcServer32\(Default) = "C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll" ["JavaSoft / Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{D81CA86B-EF63-42AF-BEE3-4502D9A03C2D}\
"ButtonText" = "MUSICMATCH MX Web Player"
"Script" = "http://wwws.musicmatch.com/mmz/openWebRadio.html" [file not found]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe" ["America Online, Inc."]
EvtEng, EvtEng, "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe" ["Intel Corporation"]
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]
McAfee Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe" ["McAfee Corporation"]
McAfee Task Scheduler, McTskshd.exe, "c:\PROGRA~1\mcafee.com\agent\mctskshd.exe" ["McAfee, Inc"]
McAfee WSC Integration, McDetect.exe, "c:\program files\mcafee.com\agent\mcdetect.exe" ["McAfee, Inc"]
McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["McAfee Inc."]
Movielink Core Service, Movielink Core Service, ""C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE"" ["Movielink LLC"]
NICCONFIGSVC, NICCONFIGSVC, "C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe" ["Dell Inc."]
Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" ["HP"]
RegSrvc, RegSrvc, "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"]
Spectrum24 Event Monitor, S24EventMonitor, "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe" ["Intel Corporation "]
Webroot Spy Sweeper Engine, WebrootSpySweeperService, ""C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"" ["Webroot Software, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
WLANKEEPER, WLANKEEPER, "C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe" ["Intel® Corporation"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt09\Driver = "hpzsnt09.dll" ["HP"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 65 seconds.
---------- (total run time: 113 seconds)

#11 logreeval

logreeval

  • Members
  • 351 posts
  • OFFLINE
  •  
  • Location:Petaluma, California
  • Local time:05:32 PM

Posted 13 December 2006 - 01:23 PM

Hi again

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\getitsub
    C:\WINDOWS\system32\h323log.txt
    C:\WINDOWS\system32\ipomcmp.dll
    C:\WINDOWS\system32\micohsub.dll
    C:\WINDOWS\system32\mp3ixbio.dll
    C:\WINDOWS\system32\mp4okbi.exe
    C:\WINDOWS\system32\srvipkey32.dll
    C:\WINDOWS\system32\v32ebchk.exe
    C:\WINDOWS\system32\verilcer



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

==========

When done with that, post a fresh HijackThis log and tell me how things are running :thumbsup:

logreeval

Are you infected?, if you need help, go here!
Do you want to learn how you got infected, and how to prevent it? Try looking here!
For some free malware removal/prevention tools, and some malware prevention advice, check out my site!

Please don't PM me asking for help, post on the forums instead.

Am I helping you and haven't replied in a few days?, Go ahead and send me a polite PM.

Posted Image


#12 ltlua

ltlua
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 13 December 2006 - 05:01 PM

I did not get any message and computer seems to being running pretty good. Is there anything I can do to speed up the boot up process? I know macafee takes up alot this when I restart but I didn't know if there was something else I could look for.

Logfile of HijackThis v1.99.1
Scan saved at 4:58:14 PM, on 12/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Movielink\MovielinkManager\Movielink User.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/mpfplus/en-us/mp...ystempopup=true
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [LoadMSvcmm] "C:\Program Files\Movielink\MovielinkManager\Movielink User.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MPSExe] "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" /embedding
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,9...pdatePortal.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126229325578
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {871AA60B-D425-4784-AD09-6C2E63342CAD} (vzDLinkRouterUpgrade Class) - http://download.verizon.net/sfp/Cabs/dlink.../FrmUpDLink.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Movielink Core Service - Movielink LLC - C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#13 logreeval

logreeval

  • Members
  • 351 posts
  • OFFLINE
  •  
  • Location:Petaluma, California
  • Local time:05:32 PM

Posted 17 December 2006 - 12:50 PM

A few last things...

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "C:\!Killbox"
  • Put a link to this Bleeping Computer topic in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:
    • C:\!Killbox\h323log.txt
      C:\!Killbox\ipomcmp.dll
      C:\!Killbox\micohsub.dll
      C:\!Killbox\mp3ixbio.dll
      C:\!Killbox\mp4okbi.exe
      C:\!Killbox\srvipkey32.dll
      C:\!Killbox\v32ebchk.exe
      C:\!Killbox\verilcer
      C:\!Killbox\getitsub
  • Click Open.
  • Click Post.
Thank you!

==========

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Next post:
1)Fresh HijackThis log
2)F-Secure Log

logreeval

Are you infected?, if you need help, go here!
Do you want to learn how you got infected, and how to prevent it? Try looking here!
For some free malware removal/prevention tools, and some malware prevention advice, check out my site!

Please don't PM me asking for help, post on the forums instead.

Am I helping you and haven't replied in a few days?, Go ahead and send me a polite PM.

Posted Image


#14 ltlua

ltlua
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 21 December 2006 - 10:00 PM

Here are the results:

Result: 21 malware found
MegaSearch Toolbar (spyware)
System (Disinfected)
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 30430
System: 5497
Not scanned: 4
Actions:
Disinfected: 2
Renamed: 0
Deleted: 0
None: 19
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\175916C20FE639E5FD0A011EC6A26346_6A8E5F10-7922-4E71-8079-4A2BD9B79961

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2006-12-21
F-Secure AVP: 7.0.171, 2006-12-21
F-Secure Orion: 1.2.37, 2006-12-21
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Draco: 1.0.35, 2006-12-12
F-Secure Pegasus: 1.19.0, 2006-11-19
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics


Logfile of HijackThis v1.99.1
Scan saved at 9:54:47 PM, on 12/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Movielink\MovielinkManager\Movielink User.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ALEXMA~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\ALEXMA~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/mpfplus/en-us/mp...ystempopup=true
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [LoadMSvcmm] "C:\Program Files\Movielink\MovielinkManager\Movielink User.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MPSExe] "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" /embedding
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,9...pdatePortal.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126229325578
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {871AA60B-D425-4784-AD09-6C2E63342CAD} (vzDLinkRouterUpgrade Class) - http://download.verizon.net/sfp/Cabs/dlink.../FrmUpDLink.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Movielink Core Service - Movielink LLC - C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#15 logreeval

logreeval

  • Members
  • 351 posts
  • OFFLINE
  •  
  • Location:Petaluma, California
  • Local time:05:32 PM

Posted 24 December 2006 - 05:21 PM

Sorry for the delay, its Christmas time and I am awaiting the guidance of a more advanced professional. I will reply as soon as I can.

Happy Holidays :thumbsup:

Are you infected?, if you need help, go here!
Do you want to learn how you got infected, and how to prevent it? Try looking here!
For some free malware removal/prevention tools, and some malware prevention advice, check out my site!

Please don't PM me asking for help, post on the forums instead.

Am I helping you and haven't replied in a few days?, Go ahead and send me a polite PM.

Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users