Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

One Last Try Before The Ol' Format-c-colon


  • Please log in to reply
17 replies to this topic

#1 TCDaniels

TCDaniels

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 24 December 2006 - 01:34 PM

Hi folks,
New guy here... My name is Tom and - like most people here - I have computer issues... BIG issues.

My computer has gotten COMPLETELY infested... Like I can't really do anything with it (in fact - I'm using my wife's laptop to type this post...)

I have an older computer with Windows 2000 that used to be protected by Norton, but evidently something went awry with that, and it got to the point where I couldn't even load it up anymore... And - as mentioned - I got infected.

So I took Norton off the computer (because it wasn't running) and loaded up McAffee IS Suite. I was able to run a virus scan once or twice, and it found stuff and fixed SOME of it, but some stuff remained...

I also ran AdAware and Spybot... Same thing: Some stuff went, some stayed.

Now I'm having troube even running any of them. Things have just kept getting worse and worse.

I was able to (through MANY trials and failures) to grab the newer version of HijackThis, and ran a log. I was hoping someone here might be able to read this and get me to a point where I can start to download the other items I'll need to start to clean this thing up!

Without further ado (oh - except to say "my apologies - I'm really not much of a computer guy... I may be a bit clueless when it comes time to doing stuff - please bear with me!") :



Logfile of HijackThis v1.99.1
Scan saved at 12:46:58 PM, on 12/24/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
c:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\WINNT\system32\taskmgr.exe
C:\WINNT\system32\ISHOST.EXE
C:\WINNT\system32\ismini.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINNT\Fonts\xacahi.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\explorer.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.extremeaccess.info/?rid=3
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,wpyjmde.exe
O2 - BHO: AssistantLibrary - {04CDB16C-AB38-43CD-A86A-6FEB90290939} - C:\Program Files\PadsysAssistant\AssistantLibrary.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7411F8BA-29A3-3216-9DE7-024AC0AAB9F6} - C:\WINNT\system32\viyjhai.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8EDC0567-F903-4383-8836-CED00BB19FD5} - C:\WINNT\system32\ddcaa.dll (file missing)
O2 - BHO: (no name) - {9B0C7A02-A17A-4C81-BD7D-30A622701C36} - C:\WINNT\system32\gebcdbc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C1A137E8-FC23-D8AE-7001-F21A74CD0BB5} - C:\WINNT\system32\ljfuel.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{38FE3~1\Bar888.dll
O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - C:\WINNT\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {F953329A-4E14-4863-9F74-5E0C370DB071} - \
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Safety Bar - {18668683-731c-48fa-b1b9-ad013748fb00} - C:\Program Files\Safety Bar\SafetyBar.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{38FE3~1\Bar888.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [DVDBitSet] C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe /NOUI
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HPWITOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe "-i"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [rjfwlp.dll] C:\WINNT\system32\rundll32.exe "C:\Documents and Settings\Administrator\Local Settings\Application Data\rjfwlp.dll",gbfbahg
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINNT\system32\drvbib.dll,startup
O4 - HKLM\..\Run: [{E3-37-7B-B4-ZN}] c:\winnt\system32\nndsregq.exe SED001
O4 - HKLM\..\Run: [frsvabb.dll] C:\WINNT\system32\rundll32.exe C:\WINNT\system32\frsvabb.dll,mhomdtd
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [xacahi] C:\WINNT\Fonts\xacahi.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [Spam Bully for Outlook Express] "C:\Program Files\Axaware\Spam Bully 2 for OE\oespambully.exe" install
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [Rtac] "C:\WINNT\CURITY~1\notepad.exe" -vt yazb
O4 - HKCU\..\Run: [ifqq] C:\PROGRA~1\COMMON~1\ifqq\ifqqm.exe
O4 - Startup: TA_Start.lnk = C:\WINNT\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINNT\system32\nwinooeg.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.contentdiscount.info
O15 - Trusted Zone: http://www.extremeaccess.info
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: ddcaa - C:\WINNT\system32\ddcaa.dll (file missing)
O20 - Winlogon Notify: ddcccbx - ddcccbx.dll (file missing)
O20 - Winlogon Notify: gebcdbc - C:\WINNT\SYSTEM32\gebcdbc.dll
O20 - Winlogon Notify: rpcc - C:\WINNT\system32\rpcc.dll
O20 - Winlogon Notify: winbyr32 - winbyr32.dll (file missing)
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINNT\system32\Gejnllhi.dll (file missing)
O21 - SSODL: tHUcO - {28FE37B5-8254-9D1F-DE07-1C7A5E151EAC} - C:\WINNT\system32\kbw.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 24 December 2006 - 01:47 PM

1. Download this file :

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall
===========================

Follow these instructions

http://www.bleepingcomputer.com/forums/t/66364/how-to-remove-deluxecommunications-uninstall-instructions/

======================

Download Superantispyware

http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.
Please paste that information here for me with a new HijackThis log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 TCDaniels

TCDaniels
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 24 December 2006 - 02:12 PM

I'm about to move on to the other items in your response, but wanted to post these up:

ComboFix Log

Administrator - Sun 2006-12-24 13:49:51.59 Service Pack 4
ComboFix 06.11.27 - Running from: "C:\"

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINNT\system32\dxclib303562752.dll
C:\Documents and Settings\Administrator\Application Data\Dxcknwrd.dll
C:\Documents and Settings\Administrator\Application Data\Dxcuknwrd.dll
C:\WINNT\system32\bkd.exe
C:\Program Files\DeluxeCommunications\DxcBho.dll
C:\Program Files\DeluxeCommunications\Dxc.exe


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


C:\WINNT\system32\dxclib303562752.dll
C:\WINNT\system32\bkd.exe
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINNT\system32\ishost.exe
C:\WINNT\system32\ismini.exe
C:\WINNT\system32\issearch.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Documents and Settings\Default User\Application Data\NetMon
C:\Program Files\Safety Bar
C:\WINNT\system32\components
C:\Program Files\Common Files\{28FE37B4-05D7-1033-0523-010401190001}
C:\Program Files\Common Files\{38FE37B4-05D7-1033-0523-010401190001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\WINNT\CURITY~1
C:\QooBox\Purity\WINNT\CURITY~1\?ystem


((((((((((((((((((((((((((((((( Files Created from 2006-11-24 to 2006-12-24 ))))))))))))))))))))))))))))))))))


2006-12-24 13:48 381,390 --a------ C:\combofix.exe
2006-12-17 15:30 <DIR> d-------- C:\FOUND.014
2006-12-16 11:13 258,123 --a------ C:\WINNT\system32\pmkii.dll
2006-12-15 04:18 9,216 --a------ C:\WINNT\system32\MpfApi.dll
2006-12-15 04:18 80,640 --a------ C:\WINNT\system32\drivers\MpFirewall.sys
2006-12-15 04:10 <DIR> d-------- C:\FOUND.013
2006-12-14 19:16 <DIR> d-------- C:\WINNT\Favorites
2006-12-14 13:12 <DIR> d-------- C:\DrWatson
2006-12-13 16:13 43,062 --a------ C:\WINNT\SeedC-pid30.exe
2006-12-13 16:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\McAfee.com Personal Firewall
2006-12-13 15:56 <DIR> d-------- C:\Program Files\McAfee
2006-12-13 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2006-12-13 15:55 <DIR> d-------- C:\WINNT\system32\mclsphlr
2006-12-13 15:54 94,208 --a------ C:\WINNT\system32\mclsp.dll
2006-12-13 15:54 90,112 --a------ C:\WINNT\system32\mcrtl32.dll
2006-12-13 15:54 32,768 --a------ C:\WINNT\system32\instlsp.exe
2006-12-13 15:54 17,408 --a------ C:\WINNT\system32\psapi.dll
2006-12-13 15:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2006-12-13 15:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2006-12-13 15:51 114,464 --a------ C:\WINNT\system32\drivers\naiavf5x.sys
2006-12-13 15:24 59,392 --a------ C:\WINNT\system32\ljfuel.dll
2006-12-13 15:21 349,760 --a------ C:\WINNT\system32\mcinsctl.dll
2006-12-13 15:21 288,320 -ra------ C:\WINNT\system32\mcgdmgr.dll
2006-12-13 15:21 <DIR> d-------- C:\Program Files\McAfee.com
2006-12-13 13:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\WholeSecurity
2006-12-13 13:13 40,973 ---hs---- C:\WINNT\system32\khfghee.dll
2006-12-13 13:13 32,179 ---hs---- C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
2006-12-13 13:10 <DIR> d-------- C:\FOUND.012
2006-12-12 22:10 870,226 ---hs---- C:\WINNT\system32\aacdd.bak2
2006-12-12 19:55 40,973 ---hs---- C:\WINNT\system32\gebcdbc.dll
2006-12-12 19:04 <DIR> d-------- C:\FOUND.009
2006-12-12 18:03 <DIR> d-------- C:\WINNT\ifqq
2006-12-12 18:03 <DIR> d-------- C:\Program Files\Common Files\ifqq
2006-12-12 17:52 88,340 --a------ C:\WINNT\system32\dcmtuotu.exe
2006-12-12 17:52 826,269 ---hs---- C:\WINNT\system32\aacdd.bak1
2006-12-12 17:52 <DIR> d-------- C:\Program Files\VSAdd-in
2006-12-12 17:45 72,704 --a------ C:\WINNT\system32\drvbib.dll
2006-12-12 17:45 40,973 ---hs---- C:\WINNT\system32\ssqpmml.dll
2006-12-12 17:43 107,614 --a------ C:\WINNT\AtxPID30.exe
2006-12-12 17:12 2 --a------ C:\WINNT\system32\wnsintsu.exe
2006-12-12 17:03 19,456 --a------ C:\WINNT\system32\olnohdw.dll
2006-12-12 17:01 93,696 --a------ C:\WINNT\system32\frsvabb.dll
2006-12-12 17:01 71,680 --a------ C:\WINNT\system32\viyjhai.dll
2006-12-12 16:56 89,088 --a------ C:\WINNT\system32\qfyqakn.dll
2006-12-12 16:54 <DIR> d-------- C:\FOUND.008
2006-12-12 08:07 13,502 --a------ C:\WINNT\system32\vxga8me6.exe
2006-12-12 08:06 54,367 --a------ C:\WINNT\system32\google.png.exe
2006-12-12 08:05 92,672 --a------ C:\WINNT\system32\rjfwlp.dll
2006-12-12 08:02 7,637 --a------ C:\WINNT\system32\dlh9jkd1q7.exe
2006-12-12 08:02 7,125 --a------ C:\WINNT\system32\dlh9jkd1q6.exe
2006-12-12 08:02 6,199 --a------ C:\WINNT\system32\vxg4am1et2.exe
2006-12-12 08:02 18,901 --a------ C:\WINNT\system32\dlh9jkd1q2.exe
2006-12-12 08:02 15 --a------ C:\WINNT\system32\dlh9jkd1q8.exe
2006-12-12 08:00 69,632 --a------ C:\WINNT\system32\nlbajfon.dll
2006-12-12 07:58 96,768 --------- C:\WINNT\system32\dxclib303562752.dll
2006-12-12 07:58 930 --a------ C:\WINNT\system32\winpfz32.sys
2006-12-12 07:58 365,568 --------- C:\WINNT\system32\bkd.exe
2006-12-12 07:58 275,456 --a------ C:\WINNT\system32\qhuemkgzxo.exe
2006-12-12 07:58 107,610 --a------ C:\WINNT\AtxPID29.exe
2006-12-12 07:58 <DIR> dr------- C:\Program Files\PadsysAssistant
2006-12-12 07:57 8,464 --a------ C:\WINNT\system32\sporder.dll
2006-12-12 07:57 5,120 --a------ C:\explorer1.exe
2006-12-12 07:57 43,059 --a------ C:\WINNT\acdt-pid29.exe
2006-12-12 07:57 29,696 --a------ C:\WINNT\system32\rpcc.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-13 16:39 1080 --a------ C:\WINNT\AUTOLNCH.REG
2006-12-02 20:05 2522 --a------ C:\Program Files\func.js
2006-12-02 16:20 142 --a------ C:\Program Files\page.html
2006-11-25 02:57 482 --a------ C:\Program Files\Del.js


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"PopUpStopperFreeEdition"="\"C:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFREE.EXE\""
"Spam Bully for Outlook Express"="\"C:\\Program Files\\Axaware\\Spam Bully 2 for OE\\oespambully.exe\" install"
"Rtac"="\"C:\\WINNT\\CURITY~1\\notepad.exe\" -vt yazb"
"ifqq"="C:\\PROGRA~1\\COMMON~1\\ifqq\\ifqqm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"3c1807pd"="C:\\WINNT\\SYSTEM32\\3cmlink.exe RunServices \\Device\\3cpipe-3c1807pd"
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smtray.exe"
"AtiPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"DIGStream"="C:\\Program Files\\DIGStream\\digstream.exe"
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""
"DVDTray"="C:\\Program Files\\HP DVD\\Umbrella\\DVDTray.exe"
"DVDBitSet"="C:\\Program Files\\HP DVD\\Umbrella\\DVDBitSet.exe /NOUI"
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"HPWITOOLBOX"="C:\\Program Files\\Hewlett-Packard\\hp deskjet 9600 series\\Toolbox\\HPWITBX.exe \"-i\""
"MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"qhuemkgzxo"="c:\\winnt\\system32\\qhuemkgzxo.exe qhuemkgzxo"
"rjfwlp.dll"="C:\\WINNT\\system32\\rundll32.exe \"C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\rjfwlp.dll\",gbfbahg"
"CTDrive"="rundll32.exe C:\\WINNT\\system32\\drvbib.dll,startup"
"{E3-37-7B-B4-ZN}"="c:\\winnt\\system32\\nndsregq.exe SED001"
"frsvabb.dll"="C:\\WINNT\\system32\\rundll32.exe C:\\WINNT\\system32\\frsvabb.dll,mhomdtd"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"MPSExe"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"xacahi"="C:\\WINNT\\Fonts\\xacahi.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,44,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}"="astral"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{04CDB16C-AB38-43CD-A86A-6FEB90290939}"=""
"{9B0C7A02-A17A-4C81-BD7D-30A622701C36}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"CDRAutoRun"=dword:00000000
"NoActiveDesktop"=dword:00000000
"ClassicShell"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ntdll.dll"="ISHOST.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"Internet Explorer"="{F28A40D7-AD0E-034A-C651-5F0ED76232E6}"
"tHUcO"="{28FE37B5-8254-9D1F-DE07-1C7A5E151EAC}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcaa
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcccbx
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcdbc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rpcc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbyr32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20041108-234820-140
O4 - Startup: PowerReg Scheduler.exe
backup-20041108-234820-472
O4 - HKCU\..\Run: [ao7mRUdtS] eudui.exe
backup-20041108-234820-205
O4 - HKLM\..\Run: [rFog38R] eqnrhook.exe
backup-20041108-234820-383
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
backup-20041108-234820-568
O4 - HKLM\..\Run: [winupdtl] C:\WINNT\system32\winupdtl.exe
backup-20041108-234820-395
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\CxtPls.dll
backup-20041108-234820-881
R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file)
backup-20041108-234820-230
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20041024-144438-181
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
backup-20041024-133605-289
O4 - HKLM\..\Run: [fzhg] C:\WINNT\iwxgl.exe
backup-20041024-133605-353
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
backup-20041024-133605-360
O4 - HKCU\..\Run: [ao7mRUdtS] dsntsrv.exe
backup-20041024-133605-691
O4 - HKCU\..\Run: [pgtaff] C:\WINNT\pgtaff.exe
backup-20041024-133605-824
R3 - Default URLSearchHook is missing
backup-20041024-133605-199
O4 - HKLM\..\Run: [msqodc] C:\WINNT\system32\msqodc.exe
backup-20041024-133605-385
O4 - HKLM\..\Run: [pgtaff] C:\WINNT\pgtaff.exe
backup-20041024-133605-990
O2 - BHO: SDWin32 Class - {B7A8923F-B04E-4175-A2F1-DF625EC0058B} - C:\WINNT\system32\msqod.dll (file missing)
backup-20041024-133605-741
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINNT\Helper100.dll (file missing)
Completion time: Sun 2006-12-24 13:54:39.80
C:\ComboFix.txt ... 06-12-24 13:54


HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 1:59:14 PM, on 12/24/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe
C:\WINNT\Fonts\xacahi.exe
C:\WINNT\system32\taskmgr.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINNT\explorer.exe
C:\Program Files\HP DVD\Umbrella\DVDCheck.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.extremeaccess.info/?rid=3
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,wpyjmde.exe
O2 - BHO: AssistantLibrary - {04CDB16C-AB38-43CD-A86A-6FEB90290939} - C:\Program Files\PadsysAssistant\AssistantLibrary.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7411F8BA-29A3-3216-9DE7-024AC0AAB9F6} - C:\WINNT\system32\viyjhai.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8EDC0567-F903-4383-8836-CED00BB19FD5} - C:\WINNT\system32\ddcaa.dll (file missing)
O2 - BHO: (no name) - {9B0C7A02-A17A-4C81-BD7D-30A622701C36} - C:\WINNT\system32\gebcdbc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C1A137E8-FC23-D8AE-7001-F21A74CD0BB5} - C:\WINNT\system32\ljfuel.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{38FE3~1\Bar888.dll (file missing)
O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - C:\WINNT\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {F953329A-4E14-4863-9F74-5E0C370DB071} - \
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Safety Bar - {18668683-731c-48fa-b1b9-ad013748fb00} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{38FE3~1\Bar888.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [DVDBitSet] C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe /NOUI
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HPWITOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe "-i"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [rjfwlp.dll] C:\WINNT\system32\rundll32.exe "C:\Documents and Settings\Administrator\Local Settings\Application Data\rjfwlp.dll",gbfbahg
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINNT\system32\drvbib.dll,startup
O4 - HKLM\..\Run: [{E3-37-7B-B4-ZN}] c:\winnt\system32\nndsregq.exe SED001
O4 - HKLM\..\Run: [frsvabb.dll] C:\WINNT\system32\rundll32.exe C:\WINNT\system32\frsvabb.dll,mhomdtd
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [xacahi] C:\WINNT\Fonts\xacahi.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [Spam Bully for Outlook Express] "C:\Program Files\Axaware\Spam Bully 2 for OE\oespambully.exe" install
O4 - HKCU\..\Run: [Rtac] "C:\WINNT\CURITY~1\notepad.exe" -vt yazb
O4 - HKCU\..\Run: [ifqq] C:\PROGRA~1\COMMON~1\ifqq\ifqqm.exe
O4 - Startup: TA_Start.lnk = C:\WINNT\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINNT\system32\nwinooeg.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.contentdiscount.info
O15 - Trusted Zone: http://www.extremeaccess.info
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: ddcaa - C:\WINNT\system32\ddcaa.dll (file missing)
O20 - Winlogon Notify: ddcccbx - ddcccbx.dll (file missing)
O20 - Winlogon Notify: gebcdbc - C:\WINNT\SYSTEM32\gebcdbc.dll
O20 - Winlogon Notify: rpcc - C:\WINNT\system32\rpcc.dll
O20 - Winlogon Notify: winbyr32 - winbyr32.dll (file missing)
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINNT\system32\Gejnllhi.dll (file missing)
O21 - SSODL: tHUcO - {28FE37B5-8254-9D1F-DE07-1C7A5E151EAC} - C:\WINNT\system32\kbw.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 24 December 2006 - 02:22 PM

Run this also - post the logs when all is done

Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Edited by MFDnSC, 24 December 2006 - 02:22 PM.

"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 TCDaniels

TCDaniels
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 24 December 2006 - 02:27 PM

before I move on to those things - I'd tried opening into "safe mode" previously, and Windows just wouldn't load in Safe Mode... I got to the loading page, and it just stayed there... (for about 10 minutes last time I tried - before I just shut it down...)

Should I give it another go? I've tried probably 5 or 6 times to start it in Safe Mode with no luck...

#6 TCDaniels

TCDaniels
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 24 December 2006 - 02:43 PM

OK - It didn't find DeluxeCommunications to run it... (or uninstall it, as the case may be)

SuperAntiSpyware is taking forever and a day to begin to run... I thought it wasn't going to run, but it appears to just be taking an EXTREMELY long time to start up... Oh - wait... Nope.

Shoot - I have to shut down my system

#7 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 24 December 2006 - 02:50 PM

Skip safe mode for now - you have so much infection

SuperAnti will take a while with what you have
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#8 TCDaniels

TCDaniels
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 24 December 2006 - 02:52 PM

LOL - well now THAT'S comforting...

OK - restarting normally...

#9 TCDaniels

TCDaniels
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 24 December 2006 - 02:56 PM

quick question while this thing is starting up... SHould I run SuperAnti first, or the SDFix thing first... I've already put SDFix onto the Desktop and unloaded it...

#10 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 24 December 2006 - 02:59 PM

Do SD first
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#11 TCDaniels

TCDaniels
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 24 December 2006 - 03:05 PM

when I run the SDFix, because I can't open Windows in Safe Mode, it offers me 2 options:

1) Downlaod/Run SAV32CLI (Sophos - 9.75MB)
2) Downlaod/Run a-squared (EMSI Software - 10.5MB)
E) Exit

#12 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 24 December 2006 - 03:11 PM

keep going - skip sd
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#13 TCDaniels

TCDaniels
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 24 December 2006 - 03:14 PM

OK - I'm scanning with SuperAnti... Will let you know what I get

#14 TCDaniels

TCDaniels
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 24 December 2006 - 03:15 PM

So tell me the truth... Am I better off just doing the ol Format-C-Colon?

#15 TCDaniels

TCDaniels
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 24 December 2006 - 03:26 PM

Sorry - 1 more question, just because I'm unfamiliar with SuperAntiSpyware...

When it's scanning, it's not showing any files or anything as having been scanned... Like when you run AdAware or SpyBot or any of those, as the clock chugs along, you see the scanned files count going up...

Here I've been scanning for a few minutes (well - actually - 6:15), but everything (memory items scanned, Registry Items Scanned, File Items Scanned) - all read "0"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users