Unsolved
This post is more than 5 years old
27 Posts
0
2151
HiJackThis
HI i got the Hijackthis because my computer was running extremely slow, had massive amount of popups, backround changed to warning your computer has been infected with spyware, and my task manager has been delted by my administrator, i tried methods i searched for to get rid of it but it wont work and i got this site. Well heres what i got on HIjackthis.
thank you,
Don
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:46 PM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ZG9uYWxk\command.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\bbjanmo.exe
C:\WINDOWS\system32\lpcywinp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\bbjanmoA.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\system32\slk8x2peu.exe
C:\windows\system32\qldsregj.exe
C:\Program Files\Mzcqq\Seel.exe
C:\WINDOWS\ms04049582-937.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\mmwq\mmwqm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
c:\program files\mcafee.com\vso\mcmnhdlr.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\WINDOWS\system32\PdeSrv2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\COMMON~1\mmwq\mmwqa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8TMNOHI5\KillBox[1].exe
C:\Documents and Settings\Owner\My Documents\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\lpcywinp.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: egmulhxk.msdn_hlp - {477840F3-BA52-44D9-8E41-38D61CAA010F} - C:\WINDOWS\system32\egmulhxk.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\system32\w9seq.dll
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard6.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad6.exe
O4 - HKLM\..\Run: [bbjanmoA] C:\WINDOWS\bbjanmoA.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [q8lg] "C:\WINDOWS\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [{5C-C2-21-12-ZN}] C:\windows\system32\qldsregj.exe CORN001
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [Fifgnzt] C:\Program Files\Mzcqq\Seel.exe
O4 - HKLM\..\Run: [ms04049582-937] C:\WINDOWS\ms04049582-937.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname6.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\fsyskmiz.exe CORN001
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [mmwq] C:\PROGRA~1\COMMON~1\mmwq\mmwqm.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [qwmm] C:\Program Files\InetGet2\stub_109_4_0_4_0.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\fsyskmiz.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\ckyqbgbc.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://click.mirarsearch.com/CABUPDATES/winwcd.cab
O18 - Filter hijack: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\k280lclm1fqa.dll (file missing)
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\t48u0el9ehq.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\ZG9uYWxk\command.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\bbjanmo.exe
--
End of file - 14095 bytes
sjb07
106 Posts
0
February 11th, 2008 22:00
Thank you for your patience. I will be helping you deal with the issues raised in your log from this point onwards
Before we start jumping into things, here is a quick basic note which I mention to everyone. The fix which I have provided for you is for this computer only, it should not be used on any other computer. Each fix is tailor made for the specific task in hand. If for some reason you have system restore disabled, then please re-enable it before proceeding, an infected restore is better than none. Please read through the fix first and set enough time aside to complete the task in one session. If there is anything you feel needs clarification then please ask - do not guess! Thanks.
If this is a business machine then please make sure that you have both the authority and full administration rights to the computer system.
To aid clarity all external links are in bold, blue and underlined where possible as follows -> www.example-link.com
On with the fix.....
Important! - Please follow these directions in the order they are set out for you.
You have quite a few infections there which will take several post to clear up.
We'll begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure that combofix is saved to (and run from) your desktop
When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
don_kane0042
27 Posts
0
February 12th, 2008 00:00
Well alright it looks a lot better already but heres the HijackThis thank you so much for all the help your giving ill put the combofix on my next post.
Don
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:44 PM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Mzcqq\Seel.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
c:\windows\system32\dwdsregt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\PdeSrv2.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Documents and Settings\Owner\My Documents\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [{5C-C2-21-12-ZN}] c:\windows\system32\dwdsregt.exe CORN001
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [Fifgnzt] C:\Program Files\Mzcqq\Seel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [qwmm] C:\Program Files\InetGet2\stub_109_4_0_4_0.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\ckyqbgbc.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://click.mirarsearch.com/CABUPDATES/winwcd.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
--
End of file - 9498 bytes
don_kane0042
27 Posts
0
February 12th, 2008 00:00
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\cmdService
-------\Network Monitor
-------\Windows Overlay Components
((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 00:29 --------- d-----w C:\Program Files\Network
2008-02-12 00:14 18,432 ----a-w C:\WINDOWS\fkwggshm.exe
2008-02-11 22:09 --------- d-----w C:\Program Files\Viewpoint
2008-02-11 22:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-05 04:54 --------- d-----w C:\Program Files\World of Warcraft
2008-01-19 21:24 --------- d-----w C:\Program Files\Google
2008-01-10 03:38 --------- d-----w C:\Program Files\LimeWire
2008-01-04 03:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-04 03:41 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-04 03:41 --------- d-----w C:\Program Files\AOL Search
2008-01-04 03:41 --------- d-----w C:\Program Files\AIM6
2008-01-04 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-30 19:20 8,711 ----a-w C:\Uxtb.exe
2007-12-28 23:24 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-12-28 21:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSNInstaller
2007-12-25 06:15 8,711 ----a-w C:\info.exe
2005-03-09 19:49 81,920 ----a-w C:\WINDOWS\Media\LimeWire\LimeWire.exe
2005-03-09 19:49 32,768 ----a-w C:\WINDOWS\Media\LimeWire\LimeWire20.dll
2005-03-09 19:49 12,808 ----a-w C:\WINDOWS\Media\LimeWire\WindowsV5PlusUtils.dll
2005-03-09 19:49 12,279 ----a-w C:\WINDOWS\Media\LimeWire\GenericWindowsUtils.dll
1989-12-12 15:10 1,306,240 --sh--r C:\WINDOWS\bbjanmo.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}]
2005-04-02 23:40 376832 --a------ C:\WINDOWS\bxxs5.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2007-12-18 14:27 111968 --a------ C:\Program Files\AOL Search\AOLSearch.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}]
2006-03-16 20:28 63232 --a------ C:\WINDOWS\wsem303.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46C4-B683-905236F6F655}
{5AA06644-BC46-4220-A460-47A6EB47C96D}
{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
{DE9C389F-3316-41A7-809B-AA305ED9D922}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
[HKEY_CLASSES_ROOT\clsid\{5aa06644-bc46-4220-a460-47a6eb47c96d}]
[HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj]
[HKEY_CLASSES_ROOT\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}]
[HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{5AA06644-BC46-4220-A460-47A6EB47C96D}"= C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll [2005-04-28 17:04 331776]
"{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}"= C:\WINDOWS\system32\WinNB57.dll [2006-03-13 08:00 303104]
[HKEY_CLASSES_ROOT\clsid\{5aa06644-bc46-4220-a460-47a6eb47c96d}]
[HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj]
[HKEY_CLASSES_ROOT\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}]
[HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"SFP"="C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.exe" [2003-09-05 15:30 561152]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2004-10-15 16:03 4886528]
"ares"="C:\Program Files\Ares\Ares.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-12-18 14:04 50528]
"qwmm"="C:\Program Files\InetGet2\stub_109_4_0_4_0.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-19 16:24 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 09:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 09:31 126976]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 00:04 114741]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 00:01 155648]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-03-02 18:19 143360]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 19:28 196608]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-04-05 13:41 950272]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-10-06 09:34 8192]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-08 20:35 155648]
"Internet Optimizer"="C:\Program Files\Internet Optimizer\optimize.exe" [ ]
"{5C-C2-21-12-ZN}"="c:\windows\system32\dwdsregt.exe" [ ]
"bxxs5"="C:\WINDOWS\bxxs5.dll" [2005-04-02 23:40 376832]
"Fifgnzt"="C:\Program Files\Mzcqq\Seel.exe" [2006-03-16 20:28 37512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Script execution time was exceeded on script "C:\ComboFix[1]\lnkread.vbs".
Script execution was terminated.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
.
Contents of the 'Scheduled Tasks' folder
"2005-01-27 23:36:28 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1098902900.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 19:39:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\PdeSrv2.exe
C:\Program Files\AIM6\anotify.exe
.
**************************************************************************
.
Completion time: 2008-02-11 19:44:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-12 00:44:49
.
2008-01-11 08:02:10 --- E O F ---
don_kane0042
27 Posts
0
February 12th, 2008 00:00
sorry about that i didnt know i was suppsoed to keep it in this one.
don_kane0042
27 Posts
0
February 12th, 2008 00:00
ComboFix 08-02-12.1 - Owner 2008-02-11 19:28:14.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7ACZ7PC1\ComboFix[1].exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Common Files\mmwq\mmwqa.lck
C:\Program Files\Common Files\mmwq\mmwqd\class-barrel
C:\Program Files\Common Files\mmwq\mmwqm.lck
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Owner\Application Data\Sskcwrd.dll
C:\Documents and Settings\Owner\Application Data\Sskdmns.dll
C:\Documents and Settings\Owner\Application Data\Sskknwrd.dll
C:\Documents and Settings\Owner\Application Data\Sskuknwrd.dll
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\think-adz.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\z_start.lnk
C:\drsmartload1.exe
C:\gimmysmileys1.exe
C:\gimmysmileys2.exe
C:\keyboard1.exe
C:\keyboard2.exe
C:\krw1dn.exe
C:\mousepad1.exe
C:\mousepad2.exe
C:\mte3ndi6odoxng.exe
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\Common Files\inetget
C:\Program Files\Common Files\inetget\mc-110-12-0000137.exe
C:\Program Files\Common Files\mmwq\mmwqa.exe
C:\Program Files\Common Files\mmwq\mmwqa.lck
C:\Program Files\Common Files\mmwq\mmwqd\class-barrel
C:\Program Files\Common Files\mmwq\mmwqd\mmwqc.dll
C:\Program Files\Common Files\mmwq\mmwqd\vocabulary
C:\Program Files\Common Files\mmwq\mmwqh
C:\Program Files\Common Files\mmwq\mmwql.exe
C:\Program Files\Common Files\mmwq\mmwql.lck
C:\Program Files\Common Files\mmwq\mmwqm.exe
C:\Program Files\Common Files\mmwq\mmwqm.lck
C:\Program Files\Common Files\mmwq\mmwqp.exe
C:\Program Files\Common Files\mmwq\mmwqp.lck
C:\Program Files\Common Files\vcclient
C:\Program Files\Common Files\vcclient\ClientUpdater.bat
C:\Program Files\Common Files\vcclient\ICSharpCode.SharpZipLib.dll
C:\Program Files\Common Files\vcclient\SS1001.exe
C:\Program Files\Common Files\vcclient\temp.txt
C:\Program Files\Common Files\vcclient\VCClient.exe
C:\Program Files\Common Files\vcclient\VCClient.exe.config
C:\Program Files\Common Files\vcclient\VCMain.exe
C:\Program Files\Common Files\vcclient\VCUpdate.exe
C:\Program Files\Common Files\vcclient\VCUpdate.exe.config
C:\Program Files\Common Files\vcclient\Version.txt
C:\Program Files\Common Files\windows
C:\Program Files\Common Files\windows\AutoIt3.exe
C:\Program Files\Common Files\windows\mc-110-12-0000137.exe
C:\Program Files\Common Files\windows\psapi.dll
C:\Program Files\Common Files\windows\services32.exe
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\inetget2
C:\Program Files\inetget2\direct.exe
C:\Program Files\inetget2\gimmysmileysB.exe
C:\Program Files\internet optimizer\actalert.exe
C:\Program Files\internet optimizer\optimize.exe
C:\Program Files\internet optimizer\update\actalert.exe
C:\Program Files\internet optimizer\update\rogue.exe
C:\Program Files\msmovies
C:\Program Files\msmovies\p.zip
C:\Program Files\msmovies\v.tmp
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\network\ipnetwork.exe
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\setup.exe
C:\stub_113_4_0_4_0.exe
C:\ucmoreiex.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\bbjanmoA.exe
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\gimmygames.dat
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\keyboard11.dat
C:\WINDOWS\keyboard21.dat
C:\WINDOWS\keyboard6.exe
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\libbz2.dll
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\mmwq
C:\WINDOWS\mmwq\mmwq.dat
C:\WINDOWS\mmwq\wu.exe
C:\WINDOWS\mousepad6.exe
C:\WINDOWS\ms04049582-937.exe
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\NDNuninstall7_22.exe
C:\WINDOWS\newname.dat
C:\WINDOWS\newname6.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\offun.exe
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\pf78.exe
C:\WINDOWS\pms111x.exe
C:\WINDOWS\rk.exe
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\sysc00.exe
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\bang-006.ico
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\cv3wanv28.exe
C:\WINDOWS\system32\din.ip
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\egmulhxk.dll
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\faotvpap7.exe
C:\WINDOWS\system32\lpcywinp.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\nt68rrtc12.sys
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\setup.exe.tmp
C:\WINDOWS\system32\slk8x2peu.exe
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\sznf.ascii
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\w9seq.dll
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\teller2.chk
C:\WINDOWS\uni_eh.exe
C:\WINDOWS\unin101.exe
C:\WINDOWS\uninst2.htm
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\unist1.htm
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
C:\WINDOWS\ZG9uYWxk\
C:\WINDOWS\ZG9uYWxk\\asappsrv.dll
C:\WINDOWS\ZG9uYWxk\\command.exe
C:\WINDOWS\ZG9uYWxk\\t36RsqU4.vbs
C:\WINDOWS\ZG9uYWxk\command.exe
C:\zicorn001.exe
sjb07
106 Posts
0
February 12th, 2008 07:00
Open up HJT and select the second entry - Do a system scan only
Place a checkmark next to these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O4 - HKLM\..\Run: {5C-C2-21-12-ZN}> c:\windows\system32\dwdsregt.exe CORN001
O4 - HKLM\..\Run: RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: C:\Program Files\Mzcqq\Seel.exe
O4 - HKCU\..\Run: C:\Program Files\InetGet2\stub_109_4_0_4_0.exe
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\ckyqbgbc.exe
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
Make sure all browser and open windows/programs are closed and select "Fix checked"
Go to start menu - Select Run and in the command box type in notepad
Next copy/paste the red text below into it:
File::
C:\WINDOWS\fkwggshm.exe
C:\Uxtb.exe
C:\info.exe
C:\WINDOWS\bbjanmo.exe
C:\WINDOWS\bxxs5.dll
C:\WINDOWS\wsem303.dll
C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
C:\WINDOWS\system32\WinNB57.dll
C:\WINDOWS\bxxs5.dll
c:\windows\system32\dwdsregt.exe
C:\Program Files\Internet Explorer\ckyqbgbc.exe
Folder::
C:\Program Files\InetGet2
C:\Program Files\Mzcqq
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{5AA06644-BC46-4220-A460-47A6EB47C96D}"=-
"{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}"=-
[-HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[-HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj]
[-HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}]
- Save this to your desktop as CFScript.txt
- Drag the CFScript.txt over onto Combofix.exe and release.
Combofix will then fix the entry and then rescan your computer
Combofix will then execute the script and produce a fresh log, once complete
If your computer does not reboot on completion then reboot it now and generate and fresh HJT log
Please post back with:
The log from combofix
A fresh HJT log
Thanks
don_kane0042
27 Posts
0
February 12th, 2008 15:00
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:33 PM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PdeSrv2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\hijackthis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll (file missing)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [qwmm] C:\Program Files\InetGet2\stub_109_4_0_4_0.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\ckyqbgbc.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://click.mirarsearch.com/CABUPDATES/winwcd.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
--
End of file - 7652 bytes
don_kane0042
27 Posts
0
February 12th, 2008 15:00
alright here are the newest logs, thanks so much again.
Don
ComboFix 08-02-13.1 - Owner 2008-02-12 12:23:34.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\info.exe
C:\Program Files\Internet Explorer\ckyqbgbc.exe
C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
C:\Uxtb.exe
C:\WINDOWS\bbjanmo.exe
C:\WINDOWS\bxxs5.dll
C:\WINDOWS\fkwggshm.exe
c:\windows\system32\dwdsregt.exe
C:\WINDOWS\system32\WinNB57.dll
C:\WINDOWS\wsem303.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\info.exe
C:\Program Files\Mzcqq
C:\Program Files\Mzcqq\Seel.exe
C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
C:\Uxtb.exe
C:\WINDOWS\bbjanmo.exe
C:\WINDOWS\bxxs5.dll
C:\WINDOWS\fkwggshm.exe
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\WinNB57.dll
C:\WINDOWS\wsem303.dll
.
((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.
2008-02-12 12:22 . 2008-02-13 12:40 53,248 --a------ C:\WINDOWS\PSEXESVC.EXE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 17:39 --------- d-----w C:\Program Files\NavExcel Search Toolbar
2008-02-12 00:29 --------- d-----w C:\Program Files\Network
2008-02-11 22:09 --------- d-----w C:\Program Files\Viewpoint
2008-02-11 22:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-05 04:54 --------- d-----w C:\Program Files\World of Warcraft
2008-01-19 21:24 --------- d-----w C:\Program Files\Google
2008-01-10 03:38 --------- d-----w C:\Program Files\LimeWire
2008-01-04 03:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-04 03:41 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-04 03:41 --------- d-----w C:\Program Files\AOL Search
2008-01-04 03:41 --------- d-----w C:\Program Files\AIM6
2008-01-04 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-28 23:24 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-12-28 21:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSNInstaller
2007-12-18 21:58 45,056 ----a-w C:\WINDOWS\system32\fsyskmiz.exe
2005-03-09 19:49 81,920 ----a-w C:\WINDOWS\Media\LimeWire\LimeWire.exe
2005-03-09 19:49 32,768 ----a-w C:\WINDOWS\Media\LimeWire\LimeWire20.dll
2005-03-09 19:49 12,808 ----a-w C:\WINDOWS\Media\LimeWire\WindowsV5PlusUtils.dll
2005-03-09 19:49 12,279 ----a-w C:\WINDOWS\Media\LimeWire\GenericWindowsUtils.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2007-12-18 14:27 111968 --a------ C:\Program Files\AOL Search\AOLSearch.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46C4-B683-905236F6F655}
{5AA06644-BC46-4220-A460-47A6EB47C96D}
{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
{DE9C389F-3316-41A7-809B-AA305ED9D922}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
[HKEY_CLASSES_ROOT\clsid\{5aa06644-bc46-4220-a460-47a6eb47c96d}]
[HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj]
[HKEY_CLASSES_ROOT\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}]
[HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"SFP"="C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.exe" [2003-09-05 15:30 561152]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2004-10-15 16:03 4886528]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-12-18 14:04 50528]
"qwmm"="C:\Program Files\InetGet2\stub_109_4_0_4_0.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-19 16:24 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 09:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 09:31 126976]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 00:04 114741]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 00:01 155648]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-03-02 18:19 143360]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 19:28 196608]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-04-05 13:41 950272]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-10-06 09:34 8192]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-08 20:35 155648]
"Internet Optimizer"="C:\Program Files\Internet Optimizer\optimize.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
.
Contents of the 'Scheduled Tasks' folder
"2005-01-27 23:36:28 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1098902900.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 12:40:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-13 12:42:04
ComboFix-quarantined-files.txt 2008-02-13 17:41:56
ComboFix2.txt 2008-02-12 00:44:52
.
2008-01-11 08:02:10 --- E O F ---
sjb07
106 Posts
0
February 13th, 2008 07:00
Great work so far - just a couple of files that refused to go first time aorund
Open up HJT and select the second entry - Do a system scan only
Place a checkmark next to these entries:
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll (file missing)
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\ckyqbgbc.exe
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://click.mirarsearch.com/CABUPDATES/winwcd.cab
Make sure all browser and open windows/programs are closed and select "Fix checked"
Go to start menu - Select Run and in the command box type in notepad
Next copy/paste the red text below into it:
File::
C:\Program Files\InetGet2\stub_109_4_0_4_0.exe
C:\WINDOWS\PSEXESVC.EXE
C:\WINDOWS\system32\fsyskmiz.exe
C:\Program Files\Internet Explorer\ckyqbgbc.exe
Registry::
[-HKEY_CLASSES_ROOT\clsid\{5aa06644-bc46-4220-a460-47a6eb47c96d}]
[-HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj.1]
[-HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[-HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj]
[-HKEY_CLASSES_ROOT\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}]
[-HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"qwmm"=-
- Save this to your desktop as CFScript.txt
- Drag the CFScript.txt over onto Combofix.exe and release.
Combofix will then fix the entry and then rescan your computer
Combofix will then execute the script and produce a fresh log, once complete
If your computer does not reboot on completion then reboot it now
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
Under Main choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Download and scan with SUPERAntiSpyware Free for Home Users
Once done reboot your computer once more and generate a fresh HJT log
Please post back with...
>> The new combofix results
>> The SUPERAntiSpyware scan results
>> A fresh HJT log
Thanks
don_kane0042
27 Posts
0
February 13th, 2008 19:00
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/14/2008 at 02:13 PM
Application Version : 3.9.1008
Core Rules Database Version : 3401
Trace Rules Database Version: 1393
Scan type : Complete Scan
Total Scan Time : 02:21:04
Memory items scanned : 461
Memory threats detected : 0
Registry items scanned : 4366
Registry threats detected : 156
File items scanned : 59032
File threats detected : 184
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}\InprocServer32
HKCR\CLSID\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}\Programmable
HKCR\CLSID\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}\TypeLib
C:\PROGRAM FILES\NEED2FIND\BAR\1.BIN\ND2FNBAR.DLL
HKLM\Software\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\InprocServer32
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\Programmable
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\TypeLib
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\BACKUPS\BACKUP-20080211-191507-921.DLL
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\W9SEQ.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\ZG9UYWXK\COMMAND.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP709\A0069181.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069251.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069340.EXE
Adware.Mirar/NetNucleus
HKLM\Software\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32
HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32#ThreadingModel
HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\TypeLib
C:\WINDOWS\SYSTEM32\WINNB57.DLL
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid32
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib#Version
HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}
HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\ProxyStubClsid
HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\ProxyStubClsid32
HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\TypeLib
HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\TypeLib#Version
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid32
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib#Version
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid32
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib#Version
HKCR\NN_Bar_Dummy.NN_BarDummy
HKCR\NN_Bar_Dummy.NN_BarDummy\CLSID
HKCR\NN_Bar_Dummy.NN_BarDummy\CurVer
HKCR\NN_Bar_Dummy.NN_BarDummy.1
HKCR\NN_Bar_Dummy.NN_BarDummy.1\CLSID
HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1
HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1\CLSID
HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1\CurVer
HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1.1
HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1.1\CLSID
HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}
HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0
HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\0
HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\0\win32
HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\FLAGS
HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\HELPDIR
HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InprocServer32
HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InprocServer32#ThreadingModel
HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\ProgID
HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Programmable
HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\TypeLib
HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\VersionIndependentProgID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}#UninstallString
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\BACKUPS\BACKUP-20080214-112928-911.DLL
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WINNB57.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP711\A0069422.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP712\A0069501.DLL
C:\WINDOWS\876056.EXE
C:\WINDOWS\SYSTEM32\WINATS.DLL
C:\WINDOWS\SYSTEM32\WINDMY.DLL
NavExcel/NavHelper BHO
HKLM\Software\Classes\CLSID\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}
HKCR\CLSID\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}
HKCR\CLSID\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}
HKCR\CLSID\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}#AppID
HKCR\CLSID\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}\InprocServer32
HKCR\CLSID\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}\InprocServer32#ThreadingModel
HKCR\CLSID\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}\ProgID
HKCR\CLSID\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}\Programmable
HKCR\CLSID\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}\TypeLib
HKCR\CLSID\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}\VersionIndependentProgID
C:\PROGRAM FILES\NAVEXCEL\NAVHELPER\V2.0.4B\NHELPER.DLL
NavExcel/NavHelper Adware Toolbar and Browser Helper Object
HKLM\Software\Classes\CLSID\{D80C4E21-C346-4E21-8E64-20746AA20AEB}
HKCR\CLSID\{D80C4E21-C346-4E21-8E64-20746AA20AEB}
HKCR\CLSID\{D80C4E21-C346-4E21-8E64-20746AA20AEB}
HKCR\CLSID\{D80C4E21-C346-4E21-8E64-20746AA20AEB}\InprocServer32
HKCR\CLSID\{D80C4E21-C346-4E21-8E64-20746AA20AEB}\InprocServer32#ThreadingModel
HKCR\CLSID\{D80C4E21-C346-4E21-8E64-20746AA20AEB}\ProgID
HKCR\CLSID\{D80C4E21-C346-4E21-8E64-20746AA20AEB}\Programmable
HKCR\CLSID\{D80C4E21-C346-4E21-8E64-20746AA20AEB}\TypeLib
HKCR\CLSID\{D80C4E21-C346-4E21-8E64-20746AA20AEB}\VersionIndependentProgID
C:\PROGRAM FILES\NAVEXCEL SEARCH TOOLBAR\NAVEXCELBAR.DLL
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\NAVEXCEL SEARCH TOOLBAR\NAVEXCELBAR.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP711\A0069417.DLL
Browser Hijacker.Internet Explorer Zone Hijack
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click#https
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click#https
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect#https
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta#https
Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@html[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
C:\Documents and Settings\Owner\Cookies\owner@http.edge.vru4[2].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
Adware.BookedSpace
C:\WINDOWS\bsx32\ASI2.bsx
C:\WINDOWS\bsx32\ASI5AFF.bsx
C:\WINDOWS\bsx32\ASISSRE.bsx
C:\WINDOWS\bsx32\bspace.html
C:\WINDOWS\bsx32\EECH1.bsx
C:\WINDOWS\bsx32\MYGEEK.bsx
C:\WINDOWS\bsx32\SPZ4.bsx
C:\WINDOWS\bsx32
C:\WINDOWS\bsx32.ini
HKLM\software\bookedspace
HKLM\software\bookedspace\adware
HKLM\software\bookedspace\adware#Version
HKLM\software\bookedspace\adware#Referer
HKLM\software\bookedspace\adware#Unique
HKLM\software\bookedspace\adware#Stamp-Spawn
HKLM\software\bookedspace\adware#Stamp-Update
HKLM\software\bookedspace\adware#Count-Update
HKLM\software\bookedspace\adware#Delay-Update
HKLM\software\bookedspace\adware#Delay-MYGEEK
HKLM\software\bookedspace\adware#Delay-SPZ4
HKLM\software\bookedspace\adware#Delay-EECH1
HKLM\software\bookedspace\adware#Delay-ASI5AFF
HKLM\software\bookedspace\adware#Delay-ASISS3
HKLM\software\bookedspace\adware#Delay-ASI2
HKLM\software\bookedspace\adware#Campaigns
HKLM\software\bookedspace\adware#Receipt-ASI2
HKLM\software\bookedspace\adware#Data-ASI2
HKLM\software\bookedspace\adware#Receipt-EECH1
HKLM\software\bookedspace\adware#Data-EECH1
HKLM\software\bookedspace\adware#Receipt-ASISSRE
HKLM\software\bookedspace\adware#Data-ASISSRE
HKLM\software\bookedspace\adware#Receipt-ASI5AFF
HKLM\software\bookedspace\adware#Data-ASI5AFF
HKLM\software\bookedspace\adware#Receipt-RK1
HKLM\software\bookedspace\adware#Receipt-BBI2
HKLM\software\bookedspace\adware#Receipt-MRR1
HKLM\software\bookedspace\adware#Receipt-SPZ4
HKLM\software\bookedspace\adware#Data-SPZ4
HKLM\software\bookedspace\adware#Receipt-VENTFE17
HKLM\software\bookedspace\adware#Receipt-MYGEEK
HKLM\software\bookedspace\adware#Data-MYGEEK
HKLM\software\bookedspace\adware#Stamp-SPZ4
HKLM\software\bookedspace\adware#Count-SPZ4
HKLM\software\bookedspace\adware#Override
HKLM\software\bookedspace\adware#Stamp-EECH1
HKLM\software\bookedspace\adware#Count-EECH1
HKLM\software\bookedspace\adware#Stamp-ASI2
HKLM\software\bookedspace\adware#Count-ASI2
HKLM\software\bookedspace\adware#Stamp-MYGEEK
HKLM\software\bookedspace\adware#Count-MYGEEK
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\BACKUPS\BACKUP-20080211-191507-565.DLL
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\BACKUPS\BACKUP-20080212-122052-345.DLL
C:\QOOBOX\QUARANTINE\C\WINDOWS\BXXS5.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP711\A0069420.DLL
C:\WINDOWS\HVUTAHOW.DLL
C:\WINDOWS\OFFZBESP.DLL
Adware.QuickLinks
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\JGAf
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\JGAf#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\JGAf#UninstallString
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SLK8X2PEU.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069245.EXE
don_kane0042
27 Posts
0
February 13th, 2008 19:00
alright heres the hijack this just to let you know im willing to get rid of everything i dont need for this computer to run when i restart it i get all this verizon stuff and i dont even have it anymore ill delete every single thing just to get this thing to run better. thank again
Don
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:25 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\PdeSrv2.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
--
End of file - 7156 bytes
don_kane0042
27 Posts
0
February 13th, 2008 19:00
Adware.GAIN/Gator
HKLM\Software\Gator.com
HKLM\Software\Gator.com\AppInfo
HKLM\Software\Gator.com\CMEII
HKLM\Software\Gator.com\CMEII#AppHist
HKLM\Software\Gator.com\CMEII#numInst
HKLM\Software\Gator.com\Gator
HKLM\Software\Gator.com\Gator\dyn
HKLM\Software\Gator.com\Gator\dyn\GCH
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#StartTime
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#OldestTime
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#121-200
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#121-bytes
Adware.Director
HKU\S-1-5-21-1957994488-2139871995-839522115-1003\Software\Director
Adware.Toolbar888
HKU\S-1-5-21-1957994488-2139871995-839522115-1003\Software\XBTB04715
Browser Hijacker.Internet Explorer Settings Hijack
HKU\S-1-5-21-1957994488-2139871995-839522115-1003\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ]
Adware.Avenue Media
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\BACKUPS\BACKUP-20080211-191507-390.DLL
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\BACKUPS\BACKUP-20080212-122052-117.DLL
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\INTERNET OPTIMIZER\ACTALERT.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\INTERNET OPTIMIZER\UPDATE\ACTALERT.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\MZCQQ\SEEL.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\WSEM303.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069225.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069226.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069227.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP711\A0069414.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP711\A0069423.DLL
C:\WINDOWS\PF79.EXE
Adware.NicTech Networks
C:\INSTALLER.EXE
C:\WINDOWS\ICONU.EXE
C:\WINDOWS\SYSTEM32\DN2M01F1E.DLL
C:\WINDOWS\SYSTEM32\FPJ0031ME.DLL
C:\WINDOWS\SYSTEM32\GUARD.TMP
C:\WINDOWS\SYSTEM32\KTN4L75Q1.DLL
C:\WINDOWS\SYSTEM32\M082LALO1DQC.DLL
C:\WINDOWS\SYSTEM32\N2R20C9OEF.DLL
C:\WINDOWS\SYSTEM32\WQIDX.DLL
Trojan.NewDotNet
C:\NNSCAA638.EXE
C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL6_38.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL7_22.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069330.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069331.EXE
Trojan.WINLOGI
C:\OO.EXE
InstaFinderK BHO
C:\PROGRAM FILES\INSTAFINK\INSTAFINK.DLL
Adware.Need2Find
C:\PROGRAM FILES\NEED2FIND\BAR\1.BIN\N2PLUGIN.DLL
C:\PROGRAM FILES\NEED2FIND\BAR\1.BIN\NPND2FN.DLL
Trojan.GimmySmilies
C:\QOOBOX\QUARANTINE\C\GIMMYSMILEYS1.EXE.VIR
C:\QOOBOX\QUARANTINE\C\GIMMYSMILEYS2.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\NEWNAME6.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069320.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069322.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069323.EXE
Rogue.Unclassified/Loader
C:\QOOBOX\QUARANTINE\C\INFO.EXE.VIR
C:\QOOBOX\QUARANTINE\C\UXTB.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP711\A0069416.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP711\A0069418.EXE
Trojan.WinSysBan
C:\QOOBOX\QUARANTINE\C\KEYBOARD1.EXE.VIR
C:\QOOBOX\QUARANTINE\C\KEYBOARD2.EXE.VIR
C:\QOOBOX\QUARANTINE\C\MOUSEPAD1.EXE.VIR
C:\QOOBOX\QUARANTINE\C\MOUSEPAD2.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\KEYBOARD6.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\MOUSEPAD6.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069324.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069325.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069326.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069327.EXE
Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\KRW1DN.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\MMWQ\MMWQA.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\MMWQ\MMWQL.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\MMWQ\MMWQM.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\PF78.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BANG-006.ICO.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FAOTVPAP7.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\TELLER2.CHK.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINST2.HTM.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINSTALL_NMON.VBS.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\UNIST1.HTM.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\ZG9UYWXK\T36RSQU4.VBS.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069234.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069239.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069254.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069264.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069332.VBS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069341.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069342.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069344.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069350.VBS
C:\VENTFE1.EXE
Trojan.CmdService
C:\QOOBOX\QUARANTINE\C\MTE3NDI6ODOXNG.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069255.EXE
Trojan.MC Downloader Variant
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\INETGET\MC-110-12-0000137.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\WINDOWS\MC-110-12-0000137.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069198.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069208.EXE
Adware.Unknown Origin
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\MMWQ\MMWQD\CLASS-BARREL.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\MMWQ\MMWQD\VOCABULARY.VIR
C:\WINDOWS\SYSTEM32\MKSAWRTAL.AMF
Unclassified.Unknown Origin/System
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\MMWQ\MMWQD\MMWQC.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSC00.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069267.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069347.DLL
Trojan.Downloader-Gen
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\MMWQ\MMWQP.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069345.EXE
C:\WINDOWS\SYSTEM32\WINPFG32.SYS
Adware.SurfSideKick
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\VCCLIENT\SS1001.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\VCCLIENT\VCCLIENT.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\VCCLIENT\VCMAIN.EXE.VIR
C:\SS1001.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069201.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069202.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069204.EXE
Adware.Avenue Media/Internet Optimizer
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\INTERNET OPTIMIZER\UPDATE\ROGUE.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069228.EXE
Trojan.MsMovies
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\MSMOVIES\V.TMP.VIR
Trojan.NetMon/DNSChange
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\NETWORK MONITOR\NETMON.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069229.EXE
Adware.TargetSavers
C:\QOOBOX\QUARANTINE\C\STUB_113_4_0_4_0.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069328.EXE
Adware.UCMore/The Search Accelerator
C:\QOOBOX\QUARANTINE\C\UCMOREIEX.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069257.EXE
Trojan.Downloader-SysMon
C:\QOOBOX\QUARANTINE\C\WINDOWS\BBJANMO.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP711\A0069419.EXE
Adware.SysMon
C:\QOOBOX\QUARANTINE\C\WINDOWS\BBJANMOA.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069338.EXE
C:\VISFX500.EXE
Trojan.YourEnhancement
C:\QOOBOX\QUARANTINE\C\WINDOWS\MS04049582-937.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\PMS111X.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\UNIN101.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069265.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069269.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069337.EXE
Trojan.Downloader-VisFX
C:\QOOBOX\QUARANTINE\C\WINDOWS\OFFUN.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069262.EXE
RelevantKnowledge Spyware Component
C:\QOOBOX\QUARANTINE\C\WINDOWS\RK.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069266.EXE
Trojan.Downloader-PMTLauncher
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CV3WANV28.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069237.EXE
Trojan.Downloader-FakeRX
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\EGMULHXK.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069315.DLL
Adware.ZenoSearch
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FSYSKMIZ.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP713\A0069512.EXE
Trojan.Unclassified/LPCYWINP
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LPCYWINP.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069314.EXE
TargetSaver, Inc. Process
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TSUNINST.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069249.EXE
Trojan.Unclassified/SysOld
C:\QOOBOX\QUARANTINE\C\WINDOWS\UNI_EH.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069268.EXE
Adware.Adservs
C:\QOOBOX\QUARANTINE\C\WINDOWS\ZG9UYWXK\ASAPPSRV.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069349.DLL
Trojan.ZenoSearch
C:\QOOBOX\QUARANTINE\C\ZICORN001.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069238.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069258.EXE
C:\WINDOWS\SYSTEM32\OWINMRAG.EXE
C:\WINDOWS\SYSTEM32\OWINMREH.EXE
C:\WINDOWS\SYSTEM32\OWINMRES.EXE
C:\WINDOWS\SYSTEM32\QLDSREGJ.EXE
Trojan.Downloader-Small/Project
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069318.EXE
Trojan.Override
C:\WINDOWS\XYEVFEKQ.EXE
don_kane0042
27 Posts
0
February 13th, 2008 19:00
ComboFix 08-02-13.1 - Owner 2008-02-14 11:32:46.3 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\Program Files\InetGet2\stub_109_4_0_4_0.exe
C:\Program Files\Internet Explorer\ckyqbgbc.exe
C:\WINDOWS\PSEXESVC.EXE
C:\WINDOWS\system32\fsyskmiz.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\PSEXESVC.EXE
C:\WINDOWS\system32\fsyskmiz.exe
.
((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
.
2008-02-14 08:22 . 2008-02-14 08:22
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 17:39 --------- d-----w C:\Program Files\NavExcel Search Toolbar
2008-02-12 00:29 --------- d-----w C:\Program Files\Network
2008-02-11 22:09 --------- d-----w C:\Program Files\Viewpoint
2008-02-11 22:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-19 21:24 --------- d-----w C:\Program Files\Google
2008-01-10 03:38 --------- d-----w C:\Program Files\LimeWire
2008-01-04 03:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-04 03:41 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-04 03:41 --------- d-----w C:\Program Files\AOL Search
2008-01-04 03:41 --------- d-----w C:\Program Files\AIM6
2008-01-04 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-28 23:24 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-12-28 21:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSNInstaller
2005-03-09 19:49 81,920 ----a-w C:\WINDOWS\Media\LimeWire\LimeWire.exe
2005-03-09 19:49 32,768 ----a-w C:\WINDOWS\Media\LimeWire\LimeWire20.dll
2005-03-09 19:49 12,808 ----a-w C:\WINDOWS\Media\LimeWire\WindowsV5PlusUtils.dll
2005-03-09 19:49 12,279 ----a-w C:\WINDOWS\Media\LimeWire\GenericWindowsUtils.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2007-12-18 14:27 111968 --a------ C:\Program Files\AOL Search\AOLSearch.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"SFP"="C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.exe" [2003-09-05 15:30 561152]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2004-10-15 16:03 4886528]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-12-18 14:04 50528]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-19 16:24 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 09:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 09:31 126976]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 00:04 114741]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 00:01 155648]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-03-02 18:19 143360]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 19:28 196608]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-04-05 13:41 950272]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-10-06 09:34 8192]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-08 20:35 155648]
"Internet Optimizer"="C:\Program Files\Internet Optimizer\optimize.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 00:17:18 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
.
Contents of the 'Scheduled Tasks' folder
"2005-01-27 23:36:28 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1098902900.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 11:37:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-14 11:37:59
ComboFix-quarantined-files.txt 2008-02-14 16:37:51
ComboFix2.txt 2008-02-13 17:42:05
ComboFix3.txt 2008-02-12 00:44:52
.
2008-01-11 08:02:10 --- E O F ---
sjb07
106 Posts
0
February 13th, 2008 21:00
The SAS scan looks like it has done its job pretty well in seeking and taking out a lot of malicious files and the combofix log is also looking much better now.
>> Regarding verizon have you checked add/remove programs and removing it from there.
If that option is not available then follow the instructions below:
Open up HJT and select the second entry - Do a system scan only
Place a checkmark next to these entries:
O4 - HKCU\..\Run: C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
Make sure all browser and open windows/programs are closed and select "Fix checked"
Now reboot your computer:
Navigate to and delete the following folders if present:
C:\Program Files\Common Files\ Verizon Online
Once done, carry on with the fix from here.....
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
Under Main choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Please perform a scan with Kaspersky Webscan Online Virus Scanner
Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show ' Kaspersky Online Scanner license key was not found!
1. Click the " Kaspersky Online Scanner" button ( NOT "Kaspersky File Scanner").
2. Read the Requirements and Privacy statement, then select " Accept".
3. A new window will appear promting you to install an ActiveX component from Kaspersky - " Do you want to install this software?".
4. Click " Yes" or select " Install" to download the ActiveX controls that allows ActiveScan to run.
5. When the download is complete it will say ready, click " Next".
6. Click " Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
7. Click " Scan Options" and select both " Scan Archives" and " Scan Mail Bases".
8. Click " OK".
9. Under " Select a target to scan", click on " My Computer".
10. When the scan is complete choose to save the results as " Save as Text" named kaspersky.txt to your desktop and post them in your next reply.
Now reboot your computer once more and then generate a fresh HJT log for me
Just a recap on what is needed in your next post
-> The results from the Kaspersky Scan
-> A fresh HJT log
>> Let me know how things are running now......
Thanks
don_kane0042
27 Posts
0
February 13th, 2008 22:00
Man everything was going so smooth i jsut deleted the verizon rebooted my computer and went on to the ATF-Cleaner, but thats where the problems started. I opened it up and then when i went to click main nothing happened, so i manually selected all of the categories hit empty selected. After about 3 or 4 minutes i clicked X on the top right and it said this program is not responding. I rebooted my computer several times and tried the same thing again but i keep getting the this program is not responding. Any more help you have would be great.
Thanks A Lot
Don