Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Pc With Msb Pop Up And Failing To Shut Down


  • Please log in to reply
5 replies to this topic

#1 malinboy

malinboy

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 09 May 2007 - 05:41 AM

My PC is running very slow. I keep getting a pop up from MBS aswell. I have an account set up but there are other simpler accounts set up too which I cant find or delete. This account also will not log off it just freezes on a blank screen and does the same if you try to turn off the PC in this account

Hijack this log below

Logfile of HijackThis v1.99.1
Scan saved at 11:31:34, on 09/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Oxigen\bin\Oxigen.exe
C:\Program Files\Oxigen\bin\OxiTray.exe
C:\WINDOWS\system32\mbssm32.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
c:\windows\system32\mbsrm32.exe
C:\Program Files\KService\KService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn3\YTBSDK.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Compaq_Owner\Desktop\Unused Desktop Shortcuts\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.rd.yahoo.com/customize/ycomp/def...m/info/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skybroadband.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Sky Broadband
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [OxigenClientAdmin] C:\Program Files\Oxigen\bin\Oxigen.exe
O4 - HKLM\..\Run: [OxigenTrayIcon] C:\Program Files\Oxigen\bin\OxiTray.exe
O4 - HKLM\..\Run: [OxigenDesktopPanel] C:\Program Files\Oxigen\bin\OxiPanel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mbssm32] C:\WINDOWS\system32\mbssm32.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177674008343
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 09 May 2007 - 05:58 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum malinboy :thumbsup:

First please delete:
C:\Documents and Settings\Compaq_Owner\Desktop\Unused Desktop Shortcuts\HijackThis.exe

Now download and install Hijackthis.
This is a self-extracting version which will automatically install HJT to C:\Program Files\Hijackthis by default.
A desktop shortcut can be created during install under 'Select Additional Tasks'.

***************************

Download Killbox by Option^Explicit:
http://download.bleepingcomputer.com/spyware/KillBox.zip
Save it to your desktop.
Please double-click Killbox.exe to run it.
Select: 'Delete on Reboot'.
Then Click on the 'All Files' button.
Please copy ALL the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\mbssm32.exe
C:\WINDOWS\system32\mbsrm32.exe


Return to Killbox,go to the File menu,and choose 'Paste from Clipboard'.
Click the red-and-white Delete File button.
Click 'Yes' at the 'Delete on Reboot' prompt.
Click OK at any 'PendingFileRenameOperations' prompt.
If your computer does not restart automatically,please restart it manually.


After rebooting, open up Killbox again.
Click 'File'>'Logs'>'Actions History Log'.
Post this log in your next reply.

**************************

Please download Combofix and save to your desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


Restart your pc,post the contents of the Actions History Log from Killbox,the contents of C:\ComboFix.txt,and a new Hijackthis log into your next reply.
Posted Image
Posted Image

#3 malinboy

malinboy
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 09 May 2007 - 06:30 AM

Hijack log

Logfile of HijackThis v1.99.1
Scan saved at 12:23, on 2007-05-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\KService\KService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Oxigen\bin\Oxigen.exe
C:\Program Files\Oxigen\bin\OxiTray.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn3\YTBSDK.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skybroadband.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [OxigenClientAdmin] C:\Program Files\Oxigen\bin\Oxigen.exe
O4 - HKLM\..\Run: [OxigenTrayIcon] C:\Program Files\Oxigen\bin\OxiTray.exe
O4 - HKLM\..\Run: [OxigenDesktopPanel] C:\Program Files\Oxigen\bin\OxiPanel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mbssm32] C:\WINDOWS\system32\mbssm32.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177674008343
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Combofix log

"Compaq_Owner" - 07-05-09 12:17:02 Service Pack 2
ComboFix 07-04-12.Vik - Running from: C:\Documents and Settings\Compaq_Owner\Desktop\Unused Desktop Shortcuts\


((((((((((((((((((((((((((((((( Files Created from 2007-04-09 to 2007-05-09 ))))))))))))))))))))))))))))))))))


2007-05-09 12:14 64 --a------ C:\ComboFix.txt.bat
2007-05-09 12:03 <DIR> d-------- C:\!KillBox
2007-05-09 10:04 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\.housecall6.6
2007-05-09 09:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-06 10:52 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-05-06 10:52 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-05-06 10:52 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-05-06 10:52 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-05-06 10:52 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-05-06 10:52 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-05-06 10:52 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-05-06 10:52 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-05-06 10:49 61,440 --a------ C:\WINDOWS\system32\csnpstd3.dll
2007-05-06 10:49 53,248 --a------ C:\WINDOWS\system32\rsnpstd3.dll
2007-05-06 10:49 53,248 --a------ C:\WINDOWS\system32\dsnpstd3.dll
2007-05-06 10:49 5,512,192 --a------ C:\WINDOWS\system32\drivers\snpstd3.sys
2007-05-06 10:49 36,864 --a------ C:\WINDOWS\system32\vsnpstd3.dll
2007-05-06 08:16 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-05-06 08:14 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-05-06 08:14 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-05-06 08:14 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-05-06 08:14 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-05-06 08:14 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-05-06 08:14 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-05-06 08:14 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-04-30 23:01 <DIR> d-------- C:\DOCUME~1\HAYLEY~1.MAL\APPLIC~1\Apple Computer
2007-04-30 22:59 <DIR> d-------- C:\Program Files\Apple Software Update
2007-04-30 20:25 84,512 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
2007-04-30 20:25 6,080 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
2007-04-30 20:25 6,080 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
2007-04-30 20:25 6,064 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
2007-04-30 20:25 52,384 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
2007-04-30 20:25 5,744 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
2007-04-30 20:25 5,744 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
2007-04-30 20:25 <DIR> d-------- C:\WINDOWS\system32\Samsung
2007-04-30 20:24 <DIR> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
2007-04-30 17:51 <DIR> d-------- C:\DOCUME~1\HAYLEY~1.MAL\APPLIC~1\Image Zone Express
2007-04-29 17:01 <DIR> d-------- C:\Program Files\OxigenInstall
2007-04-29 15:03 <DIR> d-------- C:\DOCUME~1\HAYLEY~1.MAL\APPLIC~1\BitTorrent
2007-04-28 16:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-04-28 16:04 <DIR> d-------- C:\DOCUME~1\HAYLEY~1.MAL\Contacts
2007-04-28 01:49 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-04-28 00:13 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-04-28 00:13 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2007-04-28 00:13 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-04-28 00:13 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-04-28 00:12 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-04-28 00:12 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-04-28 00:12 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-04-28 00:12 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-04-28 00:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-04-28 00:12 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-04-27 22:50 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-04-27 15:00 90,112 --a------ C:\WINDOWS\system32\mcrtl32.dll
2007-04-27 15:00 32,768 --a------ C:\WINDOWS\system32\instlsp.exe
2007-04-27 15:00 131,072 --a------ C:\WINDOWS\system32\mclsp.dll
2007-04-27 15:00 11,264 --a------ C:\WINDOWS\system32\sporder.dll
2007-04-27 14:25 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-04-27 13:11 349,760 -ra------ C:\WINDOWS\system32\mcinsctl.dll
2007-04-27 13:11 288,320 -ra------ C:\WINDOWS\system32\mcgdmgr.dll
2007-04-27 12:44 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-27 12:40 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-04-27 12:40 <DIR> d--hs---- C:\DOCUME~1\HAYLEY~1.MAL\UserData
2007-04-27 12:40 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-27 12:18 <DIR> d-------- C:\DOCUME~1\HAYLEY~1.MAL\APPLIC~1\Google
2007-04-27 12:11 1,835,008 --ah----- C:\DOCUME~1\HAYLEY~1.MAL\NTUSER.DAT
2007-04-27 12:11 <DIR> d-------- C:\DOCUME~1\HAYLEY~1.MAL\WINDOWS
2007-04-27 12:11 <DIR> d-------- C:\DOCUME~1\HAYLEY~1.MAL\APPLIC~1\Symantec
2007-04-27 12:11 <DIR> d-------- C:\DOCUME~1\HAYLEY~1.MAL\APPLIC~1\Real
2007-04-27 11:44 <DIR> dr-hs---- C:\cmdcons
2007-04-27 11:44 <DIR> d-------- C:\WINDOWS\setupupd
2007-04-27 10:16 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-04-27 10:14 2,359,296 --a------ C:\DOCUME~1\COMPAQ~1\NTUSER.DAT
2007-04-27 10:14 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\WINDOWS
2007-04-27 10:14 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Symantec
2007-04-27 10:14 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Real
2007-04-27 10:13 262,144 --a------ C:\DOCUME~1\APPLIC~1\NTUSER.DAT
2007-04-26 17:51 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-04-25 18:41 <DIR> d-------- C:\Program Files\Sateira
2007-04-25 15:51 <DIR> d-------- C:\Program Files\Common Files\Astonsoft
2007-04-25 15:51 <DIR> d-------- C:\Program Files\Astonsoft
2007-04-25 15:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Astonsoft
2007-04-25 12:56 <DIR> d-------- C:\Program Files\HT AVI TO DVD Trial
2007-04-25 11:32 <DIR> d-------- C:\boilsoft_tmp
2007-04-25 09:32 <DIR> d-------- C:\my dvd
2007-04-25 09:31 <DIR> d-------- C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD
2007-04-25 09:19 <DIR> d-------- C:\Program Files\Plato DVD to AVI Converter
2007-04-25 08:52 <DIR> d-------- C:\ConverterOutput
2007-04-25 08:47 <DIR> d-------- C:\Program Files\Cucusoft
2007-04-25 08:47 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-04-23 13:17 <DIR> d-------- C:\Program Files\Windows Media Components
2007-04-23 10:50 286,720 --a------ C:\WINDOWS\vsnpstd3.exe
2007-04-23 10:50 20,480 --a------ C:\WINDOWS\usnpstd3.exe
2007-04-23 10:50 <DIR> d-------- C:\Program Files\Common Files\snpstd3
2007-04-23 10:20 <DIR> d-------- C:\Cyclops
2007-04-23 10:15 <DIR> d-------- C:\Program Files\ORITE
2007-04-23 10:14 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-04-23 10:14 <DIR> d-------- C:\Program Files\Webcam-DVR
2007-04-21 13:14 <DIR> d-------- C:\Program Files\Kontiki
2007-04-20 09:26 <DIR> d-------- C:\DOCUME~1\Hayley\APPLIC~1\Kontiki
2007-04-20 09:15 <DIR> d-------- C:\Program Files\MTV Networks
2007-04-19 14:26 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Media Player Classic
2007-04-16 17:22 <DIR> d-------- C:\Program Files\Sky
2007-04-16 17:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\sky
2007-04-12 19:37 <DIR> d-------- C:\Program Files\BitComet
2007-04-12 14:41 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\DoctorWeb
2007-04-12 14:02 <DIR> d-------- C:\HJT
2007-04-12 12:07 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-04-12 11:47 <DIR> d-------- C:\Program Files\Windows Defender
2007-04-11 13:50 <DIR> d-------- C:\Program Files\GameShadow
2007-04-11 13:47 <DIR> d-------- C:\Program Files\Championship Manager 2007
2007-04-11 13:41 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-04-10 21:34 <DIR> d-------- C:\Program Files\Empire Interactive


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-06 08:18 -------- d-------- C:\Program Files\mcafee.com
2007-05-06 08:18 -------- d-------- C:\Program Files\mcafee
2007-05-05 01:42 -------- d-------- C:\Program Files\Common Files\real
2007-05-02 09:34 828 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\wklnhst.dat
2007-04-29 17:02 -------- d-------- C:\Program Files\oxigen
2007-04-28 20:34 -------- d-------- C:\Program Files\hp
2007-04-28 20:34 -------- d-------- C:\Program Files\hewlett-packard
2007-04-28 20:19 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll
2007-04-28 16:10 -------- d-------- C:\Program Files\yahoo!
2007-04-28 01:49 -------- d-------- C:\Program Files\msn messenger
2007-04-28 00:29 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-04-28 00:27 112858 --a------ C:\WINDOWS\hpoins07.dat
2007-04-27 18:02 -------- d-------- C:\Program Files\windows nt
2007-04-27 18:02 -------- d-------- C:\Program Files\movie maker
2007-04-27 18:02 -------- d-------- C:\Program Files\messenger
2007-04-27 14:53 -------- d-------- C:\Program Files\symantec
2007-04-27 12:49 -------- d-------- C:\Program Files\java
2007-04-27 12:46 -------- d-------- C:\Program Files\google
2007-04-12 19:58 -------- d-------- C:\Program Files\bittorrent
2007-04-12 16:48 -------- d-------- C:\Program Files\Common Files\sandlot shared
2007-04-04 13:13 -------- d-------- C:\Program Files\myspace
2007-04-03 21:23 -------- d-------- C:\Program Files\netscape
2007-04-03 21:22 -------- d-------- C:\Program Files\error expert
2007-04-02 16:57 -------- d-------- C:\Program Files\egames
2007-03-29 21:50 -------- d-------- C:\Program Files\colorbook2
2007-03-28 16:17 -------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\mcafee
2007-03-24 00:54 -------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\kontiki
2007-03-23 23:30 -------- d-------- C:\Program Files\kservice
2007-03-23 17:01 9375 --a------ C:\WINDOWS\mozver.dat
2007-03-23 16:03 -------- d-------- C:\Program Files\sky broadband
2007-03-22 17:20 -------- d-------- C:\Program Files\Common Files\nullsoft
2007-03-22 17:20 -------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\you've got pictures screensaver
2007-03-22 17:18 335 --a------ C:\WINDOWS\nsreg.dat
2007-03-20 18:43 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-03-17 14:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 16:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 16:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 16:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 14:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"AlcxMonitor"="ALCXMNTR.EXE"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"PCDrProfiler"=""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"OxigenClientAdmin"="C:\\Program Files\\Oxigen\\bin\\Oxigen.exe"
"OxigenTrayIcon"="C:\\Program Files\\Oxigen\\bin\\OxiTray.exe"
"OxigenDesktopPanel"="C:\\Program Files\\Oxigen\\bin\\OxiPanel.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"mbssm32"="C:\\WINDOWS\\system32\\mbssm32.exe"
"snpstd3"="C:\\WINDOWS\\vsnpstd3.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Symantec NetDetect.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-05-09 12:19:54
C:\ComboFix-quarantined-files.txt ... 07-05-09 12:19
C:\ComboFix2.txt ... 07-04-12 16:59


kb log

Pocket Killbox version 2.0.0.648
Running on Windows XP as Compaq_Owner(Administrator)
was started @ Wednesday, May 09, 2007, 12:03 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\mbssm32.exe


# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\mbsrm32.exe


I Rebooted @ 12:05:41 PM
Killbox Closed(Exit) @ 12:05:45 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Compaq_Owner(Administrator)
was started @ Wednesday, May 09, 2007, 12:11 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\mbssm32.exe


Killbox Closed(Exit) @ 12:12:27 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Compaq_Owner(Administrator)
was started @ Wednesday, May 09, 2007, 12:13 PM

Killbox Closed(Exit) @ 12:13:55 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Compaq_Owner(Administrator)
was started @ Wednesday, May 09, 2007, 12:24 PM

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 09 May 2007 - 06:41 AM

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions very carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Note:
If you have any problems running the update process prior to running the scan,download/install the 'Full Database' from here:
http://download.ewido.net/avgas-signatures-full-current.exe

Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [mbssm32] C:\WINDOWS\system32\mbssm32.exe


Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.

Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

Post the AVG Anti Spyware report and a new Hijackthis log into your next reply.
Let me know how your pc is running now please.
Posted Image
Posted Image

#5 malinboy

malinboy
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 09 May 2007 - 10:04 AM

The PC's speed has improved but I still have the log off/shut down problem. In my account every thing works ok but in my partners account the system will not log off or shut down. It closes windows then just brings up a black screen leaving the PC running. Have you any ideas how I can solve this? The logs are below....

AVG log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:38 2007-05-09

+ Scan result:



C:\Documents and Settings\Compaq_Owner\DoctorWeb\Quarantine\A0058447.exe -> Adware.Trymedia : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@freemusicconnection.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@connextra[4].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-bskyb.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.7:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\default\70y8ppez.slt\cookies.txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP40\A0010865.exe -> Trojan.Agent.afi : Cleaned.


::Report end


Hijack log

Logfile of HijackThis v1.99.1
Scan saved at 15:51, on 2007-05-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Oxigen\bin\Oxigen.exe
C:\Program Files\Oxigen\bin\OxiTray.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\KService\KService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skybroadband.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [OxigenClientAdmin] C:\Program Files\Oxigen\bin\Oxigen.exe
O4 - HKLM\..\Run: [OxigenTrayIcon] C:\Program Files\Oxigen\bin\OxiTray.exe
O4 - HKLM\..\Run: [OxigenDesktopPanel] C:\Program Files\Oxigen\bin\OxiPanel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177674008343
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 09 May 2007 - 10:34 AM

Your log is clean :thumbsup:
If all's ok,please do the following:

Find and delete:
C:\!KillBox
C:\QooBox
C:\ComboFix.txt.bat

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

I still have the log off/shut down problem.
In my account every thing works ok but in my partners account the system will not log off or shut down.
It closes windows then just brings up a black screen leaving the PC running.

You might want to start a new topic here regarding that issue:
Windows XP Home and Professional:
http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/

Edited by RichieUK, 09 May 2007 - 10:35 AM.

Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users