Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

D

don_kane0042

27 Posts

2151

February 11th, 2008 21:00

HiJackThis

​HI i got the Hijackthis because my computer was running extremely slow, had massive amount of popups, backround changed to warning your computer has been infected with spyware, and my task manager has been delted by my administrator, i tried methods i searched for to get rid of it but it wont work and i got this site. Well heres what i got on HIjackthis.​

​thank you,​

​Don​

​ ​

​Logfile of Trend Micro HijackThis v2.0.2​
​Scan saved at 5:14:46 PM, on 2/11/2008​
​Platform: Windows XP SP2 (WinNT 5.01.2600)​
​MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)​
​Boot mode: Normal​

​Running processes:​
​C:\WINDOWS\System32\smss.exe​
​C:\WINDOWS\system32\winlogon.exe​
​C:\WINDOWS\system32\services.exe​
​C:\WINDOWS\system32\lsass.exe​
​C:\WINDOWS\system32\svchost.exe​
​C:\WINDOWS\System32\svchost.exe​
​C:\WINDOWS\system32\spoolsv.exe​
​C:\WINDOWS\ZG9uYWxk\command.exe​
​c:\program files\mcafee.com\agent\mcdetect.exe​
​c:\PROGRA~1\mcafee.com\agent\mctskshd.exe​
​C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe​
​C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe​
​C:\Program Files\Network Monitor\netmon.exe​
​C:\WINDOWS\System32\svchost.exe​
​C:\WINDOWS\bbjanmo.exe​
​C:\WINDOWS\system32\lpcywinp.exe​
​C:\WINDOWS\Explorer.EXE​
​C:\WINDOWS\system32\hkcmd.exe​
​C:\WINDOWS\system32\dla\tfswctrl.exe​
​C:\PROGRA~1\mcafee.com\agent\mcagent.exe​
​C:\WINDOWS\BCMSMMSG.exe​
​C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe​
​C:\Program Files\iTunes\iTunesHelper.exe​
​C:\WINDOWS\bbjanmoA.exe​
​C:\Program Files\Internet Optimizer\optimize.exe​
​C:\WINDOWS\SYSC00.exe​
​C:\WINDOWS\system32\slk8x2peu.exe​
​C:\windows\system32\qldsregj.exe​
​C:\Program Files\Mzcqq\Seel.exe​
​C:\WINDOWS\ms04049582-937.exe​
​C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe​
​C:\Program Files\MSN Messenger\MsnMsgr.Exe​
​C:\Program Files\Messenger\msmsgs.exe​
​C:\PROGRA~1\COMMON~1\mmwq\mmwqm.exe​
​C:\Program Files\iPod\bin\iPodService.exe​
​C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe​
​C:\WINDOWS\System32\svchost.exe​
​C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe​
​C:\Program Files\Internet Optimizer\actalert.exe​
​C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe​
​c:\program files\mcafee.com\vso\mcmnhdlr.exe​
​C:\Program Files\Common Files\Windows\services32.exe​
​C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe​
​C:\WINDOWS\system32\PdeSrv2.exe​
​C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe​
​c:\program files\aol\aim toolbar 5.0\AolTbServer.exe​
​C:\Program Files\AIM6\aolsoftware.exe​
​C:\Program Files\AIM6\aim6.exe​
​C:\PROGRA~1\COMMON~1\mmwq\mmwqa.exe​
​C:\Program Files\Internet Explorer\iexplore.exe​
​C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8TMNOHI5\KillBox[1].exe​
​C:\Documents and Settings\Owner\My Documents\hijackthis.exe​

​R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ​​http://searchbar.findthewebsiteyouneed.com​
​R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank​
​R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank​
​R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ​​http://searchbar.findthewebsiteyouneed.com​
​R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank​
​R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online​
​R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1​
​R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll​
​R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll​
​R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)​
​F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\lpcywinp.exe,C:\WINDOWS\system32\userinit.exe​
​O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)​
​O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)​
​O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll​
​O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)​
​O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)​
​O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)​
​O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)​
​O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)​
​O2 - BHO: egmulhxk.msdn_hlp - {477840F3-BA52-44D9-8E41-38D61CAA010F} - C:\WINDOWS\system32\egmulhxk.dll​
​O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)​
​O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)​
​O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)​
​O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll​
​O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)​
​O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)​
​O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll​
​O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll​
​O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll​
​O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)​
​O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)​
​O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll​
​O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)​
​O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)​
​O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)​
​O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)​
​O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)​
​O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)​
​O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)​
​O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\system32\w9seq.dll​
​O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)​
​O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)​
​O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll​
​O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll​
​O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll​
​O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll​
​O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll​
​O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe​
​O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe​
​O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe​
​O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r​
​O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask​
​O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"​
​O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe​
​O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe​
​O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe​
​O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe​
​O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe​
​O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"​
​O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime​
​O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard6.exe​
​O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad6.exe​
​O4 - HKLM\..\Run: [bbjanmoA] C:\WINDOWS\bbjanmoA.exe​
​O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"​
​O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe​
​O4 - HKLM\..\Run: [q8lg] "C:\WINDOWS\system32\slk8x2peu.exe"​
​O4 - HKLM\..\Run: [{5C-C2-21-12-ZN}] C:\windows\system32\qldsregj.exe CORN001​
​O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun​
​O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe​
​O4 - HKLM\..\Run: [Fifgnzt] C:\Program Files\Mzcqq\Seel.exe​
​O4 - HKLM\..\Run: [ms04049582-937] C:\WINDOWS\ms04049582-937.exe​
​O4 - HKLM\..\Run: [newname] C:\windows\newname6.exe​
​O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\fsyskmiz.exe CORN001​
​O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe​
​O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s​
​O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background​
​O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h​
​O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background​
​O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe​
​O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe​
​O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe​
​O4 - HKCU\..\Run: [mmwq] C:\PROGRA~1\COMMON~1\mmwq\mmwqm.exe​
​O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp​
​O4 - HKCU\..\Run: [qwmm] C:\Program Files\InetGet2\stub_109_4_0_4_0.exe​
​O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe​
​O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\fsyskmiz.exe​
​O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe​
​O4 - Global Startup: hp psc 1000 series.lnk = ?​
​O4 - Global Startup: hpoddt01.exe.lnk = ?​
​O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm​
​O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html​
​O8 - Extra context menu item: &Search - ​​http://ka.bar.need2find.com/KA/menusearch.html?p=KA
​O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll​
​O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll​
​O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll​
​O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)​
​O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)​
​O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe​
​O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe​
​O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)​
​O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll​
​O15 - Trusted Zone: *.05p.com​
​O15 - Trusted Zone: *.scoobidoo.com​
​O15 - Trusted Zone: *.05p.com (HKLM)​
​O15 - Trusted Zone: ​​http://click.getmirar.com​​ (HKLM)​
​O15 - Trusted Zone: ​​http://click.mirarsearch.com​​ (HKLM)​
​O15 - Trusted Zone: ​​http://redirect.mirarsearch.com​​ (HKLM)​
​O15 - Trusted Zone: ​​http://awbeta.net-nucleus.com​​ (HKLM)​
​O15 - Trusted Zone: *.scoobidoo.com (HKLM)​
​O15 - Trusted IP range: 206.161.125.149​
​O15 - Trusted IP range: 206.161.125.149 (HKLM)​
​O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)​
​O16 - DPF: {10000000-1000-0000-1000-000000000000} - ​​file://C:\Program​​ Files\Internet Explorer\ckyqbgbc.exe​
​O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - ​​http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab​
​O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - ​​http://cabs.elitemediagroup.net/cabs/mediaview.cab​
​O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - ​​http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab​
​O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - ​​http://click.mirarsearch.com/CABUPDATES/winwcd.cab​
​O18 - Filter hijack: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll​
​O20 - Winlogon Notify: policies - C:\WINDOWS\system32\k280lclm1fqa.dll (file missing)​
​O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\t48u0el9ehq.dll (file missing)​
​O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\ZG9uYWxk\command.exe​
​O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe​
​O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe​
​O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe​
​O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe​
​O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe​
​O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe​
​O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe​
​O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe​
​O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe​
​O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe​
​O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe​
​O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\bbjanmo.exe​

​--​
​End of file - 14095 bytes​

sjb07

106 Posts

February 11th, 2008 22:00

Howdy don_kane0042 and welcome to DCF forums

Thank you for your patience. I will be helping you deal with the issues raised in your log from this point onwards

Before we start jumping into things, here is a quick basic note which I mention to everyone. The fix which I have provided for you is for this computer only, it should not be used on any other computer. Each fix is tailor made for the specific task in hand. If for some reason you have system restore disabled, then please re-enable it before proceeding, an infected restore is better than none. Please read through the fix first and set enough time aside to complete the task in one session. If there is anything you feel needs clarification then please ask - do not guess! Thanks.

If this is a business machine then please make sure that you have both the authority and full administration rights to the computer system.

To aid clarity all external links are in bold, blue and underlined where possible as follows -> www.example-link.com

On with the fix.....

Important! - Please follow these directions in the order they are set out for you.

You have quite a few infections there which will take several post to clear up.

We'll begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure that combofix is saved to (and run from) your desktop

When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

don_kane0042

27 Posts

February 12th, 2008 00:00

Well alright it looks a lot better already but heres the HijackThis  thank you so much for all the help your giving ill put the combofix on my next post.

Don

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:44 PM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Mzcqq\Seel.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
c:\windows\system32\dwdsregt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\PdeSrv2.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Documents and Settings\Owner\My Documents\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [{5C-C2-21-12-ZN}] c:\windows\system32\dwdsregt.exe CORN001
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [Fifgnzt] C:\Program Files\Mzcqq\Seel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [qwmm] C:\Program Files\InetGet2\stub_109_4_0_4_0.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\ckyqbgbc.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://click.mirarsearch.com/CABUPDATES/winwcd.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 9498 bytes

don_kane0042

27 Posts

February 12th, 2008 00:00

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\cmdService
-------\Network Monitor
-------\Windows Overlay Components


(((((((((((((((((((((((((   Files Created from 2008-01-12 to 2008-02-12  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 00:29 --------- d-----w C:\Program Files\Network
2008-02-12 00:14 18,432 ----a-w C:\WINDOWS\fkwggshm.exe
2008-02-11 22:09 --------- d-----w C:\Program Files\Viewpoint
2008-02-11 22:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-05 04:54 --------- d-----w C:\Program Files\World of Warcraft
2008-01-19 21:24 --------- d-----w C:\Program Files\Google
2008-01-10 03:38 --------- d-----w C:\Program Files\LimeWire
2008-01-04 03:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-04 03:41 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-04 03:41 --------- d-----w C:\Program Files\AOL Search
2008-01-04 03:41 --------- d-----w C:\Program Files\AIM6
2008-01-04 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-30 19:20 8,711 ----a-w C:\Uxtb.exe
2007-12-28 23:24 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-12-28 21:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSNInstaller
2007-12-25 06:15 8,711 ----a-w C:\info.exe
2005-03-09 19:49 81,920 ----a-w C:\WINDOWS\Media\LimeWire\LimeWire.exe
2005-03-09 19:49 32,768 ----a-w C:\WINDOWS\Media\LimeWire\LimeWire20.dll
2005-03-09 19:49 12,808 ----a-w C:\WINDOWS\Media\LimeWire\WindowsV5PlusUtils.dll
2005-03-09 19:49 12,279 ----a-w C:\WINDOWS\Media\LimeWire\GenericWindowsUtils.dll
1989-12-12 15:10 1,306,240 --sh--r C:\WINDOWS\bbjanmo.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}]
2005-04-02 23:40 376832 --a------ C:\WINDOWS\bxxs5.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2007-12-18 14:27 111968 --a------ C:\Program Files\AOL Search\AOLSearch.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}]
2006-03-16 20:28 63232 --a------ C:\WINDOWS\wsem303.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46C4-B683-905236F6F655}
{5AA06644-BC46-4220-A460-47A6EB47C96D}
{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
{DE9C389F-3316-41A7-809B-AA305ED9D922}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}

[HKEY_CLASSES_ROOT\clsid\{5aa06644-bc46-4220-a460-47a6eb47c96d}]
[HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj]

[HKEY_CLASSES_ROOT\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}]
[HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{5AA06644-BC46-4220-A460-47A6EB47C96D}"= C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll [2005-04-28 17:04 331776]
"{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}"= C:\WINDOWS\system32\WinNB57.dll [2006-03-13 08:00 303104]

[HKEY_CLASSES_ROOT\clsid\{5aa06644-bc46-4220-a460-47a6eb47c96d}]
[HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj]

[HKEY_CLASSES_ROOT\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}]
[HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"SFP"="C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.exe" [2003-09-05 15:30 561152]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2004-10-15 16:03 4886528]
"ares"="C:\Program Files\Ares\Ares.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-12-18 14:04 50528]
"qwmm"="C:\Program Files\InetGet2\stub_109_4_0_4_0.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-19 16:24 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 09:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 09:31 126976]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 00:04 114741]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 00:01 155648]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-03-02 18:19 143360]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 19:28 196608]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-04-05 13:41 950272]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-10-06 09:34 8192]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-08 20:35 155648]
"Internet Optimizer"="C:\Program Files\Internet Optimizer\optimize.exe" [ ]
"{5C-C2-21-12-ZN}"="c:\windows\system32\dwdsregt.exe" [ ]
"bxxs5"="C:\WINDOWS\bxxs5.dll" [2005-04-02 23:40 376832]
"Fifgnzt"="C:\Program Files\Mzcqq\Seel.exe" [2006-03-16 20:28 37512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Script execution time was exceeded on script "C:\ComboFix[1]\lnkread.vbs".
Script execution was terminated.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

.
Contents of the 'Scheduled Tasks' folder
"2005-01-27 23:36:28 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1098902900.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 19:39:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\PdeSrv2.exe
C:\Program Files\AIM6\anotify.exe
.
**************************************************************************
.
Completion time: 2008-02-11 19:44:52 - machine was rebooted
ComboFix-quarantined-files.txt  2008-02-12 00:44:49
.
2008-01-11 08:02:10 --- E O F --- 

don_kane0042

27 Posts

February 12th, 2008 00:00

sorry about that i didnt know i was suppsoed to keep it in this one.

don_kane0042

27 Posts

February 12th, 2008 00:00

ComboFix 08-02-12.1 - Owner 2008-02-11 19:28:14.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7ACZ7PC1\ComboFix[1].exe
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\mmwq\mmwqa.lck
C:\Program Files\Common Files\mmwq\mmwqd\class-barrel
C:\Program Files\Common Files\mmwq\mmwqm.lck
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Owner\Application Data\Sskcwrd.dll
C:\Documents and Settings\Owner\Application Data\Sskdmns.dll
C:\Documents and Settings\Owner\Application Data\Sskknwrd.dll
C:\Documents and Settings\Owner\Application Data\Sskuknwrd.dll
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\think-adz.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\z_start.lnk
C:\drsmartload1.exe
C:\gimmysmileys1.exe
C:\gimmysmileys2.exe
C:\keyboard1.exe
C:\keyboard2.exe
C:\krw1dn.exe
C:\mousepad1.exe
C:\mousepad2.exe
C:\mte3ndi6odoxng.exe
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\Common Files\inetget
C:\Program Files\Common Files\inetget\mc-110-12-0000137.exe
C:\Program Files\Common Files\mmwq\mmwqa.exe
C:\Program Files\Common Files\mmwq\mmwqa.lck
C:\Program Files\Common Files\mmwq\mmwqd\class-barrel
C:\Program Files\Common Files\mmwq\mmwqd\mmwqc.dll
C:\Program Files\Common Files\mmwq\mmwqd\vocabulary
C:\Program Files\Common Files\mmwq\mmwqh
C:\Program Files\Common Files\mmwq\mmwql.exe
C:\Program Files\Common Files\mmwq\mmwql.lck
C:\Program Files\Common Files\mmwq\mmwqm.exe
C:\Program Files\Common Files\mmwq\mmwqm.lck
C:\Program Files\Common Files\mmwq\mmwqp.exe
C:\Program Files\Common Files\mmwq\mmwqp.lck
C:\Program Files\Common Files\vcclient
C:\Program Files\Common Files\vcclient\ClientUpdater.bat
C:\Program Files\Common Files\vcclient\ICSharpCode.SharpZipLib.dll
C:\Program Files\Common Files\vcclient\SS1001.exe
C:\Program Files\Common Files\vcclient\temp.txt
C:\Program Files\Common Files\vcclient\VCClient.exe
C:\Program Files\Common Files\vcclient\VCClient.exe.config
C:\Program Files\Common Files\vcclient\VCMain.exe
C:\Program Files\Common Files\vcclient\VCUpdate.exe
C:\Program Files\Common Files\vcclient\VCUpdate.exe.config
C:\Program Files\Common Files\vcclient\Version.txt
C:\Program Files\Common Files\windows
C:\Program Files\Common Files\windows\AutoIt3.exe
C:\Program Files\Common Files\windows\mc-110-12-0000137.exe
C:\Program Files\Common Files\windows\psapi.dll
C:\Program Files\Common Files\windows\services32.exe
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\inetget2
C:\Program Files\inetget2\direct.exe
C:\Program Files\inetget2\gimmysmileysB.exe
C:\Program Files\internet optimizer\actalert.exe
C:\Program Files\internet optimizer\optimize.exe
C:\Program Files\internet optimizer\update\actalert.exe
C:\Program Files\internet optimizer\update\rogue.exe
C:\Program Files\msmovies
C:\Program Files\msmovies\p.zip
C:\Program Files\msmovies\v.tmp
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\network\ipnetwork.exe
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\setup.exe
C:\stub_113_4_0_4_0.exe
C:\ucmoreiex.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\bbjanmoA.exe
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\gimmygames.dat
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\keyboard11.dat
C:\WINDOWS\keyboard21.dat
C:\WINDOWS\keyboard6.exe
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\libbz2.dll
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\mmwq
C:\WINDOWS\mmwq\mmwq.dat
C:\WINDOWS\mmwq\wu.exe
C:\WINDOWS\mousepad6.exe
C:\WINDOWS\ms04049582-937.exe
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\NDNuninstall7_22.exe
C:\WINDOWS\newname.dat
C:\WINDOWS\newname6.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\offun.exe
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\pf78.exe
C:\WINDOWS\pms111x.exe
C:\WINDOWS\rk.exe
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\sysc00.exe
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\bang-006.ico
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\cv3wanv28.exe
C:\WINDOWS\system32\din.ip
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\egmulhxk.dll
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\faotvpap7.exe
C:\WINDOWS\system32\lpcywinp.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\nt68rrtc12.sys
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\setup.exe.tmp
C:\WINDOWS\system32\slk8x2peu.exe
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\sznf.ascii
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\w9seq.dll
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\teller2.chk
C:\WINDOWS\uni_eh.exe
C:\WINDOWS\unin101.exe
C:\WINDOWS\uninst2.htm
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\unist1.htm
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
C:\WINDOWS\ZG9uYWxk\
C:\WINDOWS\ZG9uYWxk\\asappsrv.dll
C:\WINDOWS\ZG9uYWxk\\command.exe
C:\WINDOWS\ZG9uYWxk\\t36RsqU4.vbs
C:\WINDOWS\ZG9uYWxk\command.exe
C:\zicorn001.exe

sjb07

106 Posts

February 12th, 2008 07:00

Hi there don_kane0042

Open up HJT and select the second entry - Do a system scan only
Place a checkmark next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O4 - HKLM\..\Run: {5C-C2-21-12-ZN}> c:\windows\system32\dwdsregt.exe CORN001
O4 - HKLM\..\Run: RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: C:\Program Files\Mzcqq\Seel.exe
O4 - HKCU\..\Run: C:\Program Files\InetGet2\stub_109_4_0_4_0.exe
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\ckyqbgbc.exe
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab

Make sure all browser and open windows/programs are closed and select "Fix checked"

Go to start menu - Select Run and in the command box type in notepad
Next copy/paste the red text below into it:


File::
C:\WINDOWS\fkwggshm.exe
C:\Uxtb.exe
C:\info.exe
C:\WINDOWS\bbjanmo.exe
C:\WINDOWS\bxxs5.dll
C:\WINDOWS\wsem303.dll
C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
C:\WINDOWS\system32\WinNB57.dll
C:\WINDOWS\bxxs5.dll
c:\windows\system32\dwdsregt.exe
C:\Program Files\Internet Explorer\ckyqbgbc.exe

Folder::
C:\Program Files\InetGet2
C:\Program Files\Mzcqq

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{5AA06644-BC46-4220-A460-47A6EB47C96D}"=-
"{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}"=-
[-HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[-HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj]
[-HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}]

- Save this to your desktop as CFScript.txt
- Drag the CFScript.txt over onto Combofix.exe and release.



Combofix will then fix the entry and then rescan your computer
Combofix will then execute the script and produce a fresh log, once complete
If your computer does not reboot on completion then reboot it now and generate and fresh HJT log

Please post back with:
The log from combofix
A fresh HJT log

Thanks

don_kane0042

27 Posts

February 12th, 2008 15:00

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:33 PM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PdeSrv2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\hijackthis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll (file missing)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [qwmm] C:\Program Files\InetGet2\stub_109_4_0_4_0.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\ckyqbgbc.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://click.mirarsearch.com/CABUPDATES/winwcd.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 7652 bytes

don_kane0042

27 Posts

February 12th, 2008 15:00

alright here are the newest logs, thanks so much again.

Don

ComboFix 08-02-13.1 - Owner 2008-02-12 12:23:34.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\info.exe
C:\Program Files\Internet Explorer\ckyqbgbc.exe
C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
C:\Uxtb.exe
C:\WINDOWS\bbjanmo.exe
C:\WINDOWS\bxxs5.dll
C:\WINDOWS\fkwggshm.exe
c:\windows\system32\dwdsregt.exe
C:\WINDOWS\system32\WinNB57.dll
C:\WINDOWS\wsem303.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\info.exe
C:\Program Files\Mzcqq
C:\Program Files\Mzcqq\Seel.exe
C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
C:\Uxtb.exe
C:\WINDOWS\bbjanmo.exe
C:\WINDOWS\bxxs5.dll
C:\WINDOWS\fkwggshm.exe
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\WinNB57.dll
C:\WINDOWS\wsem303.dll

.
(((((((((((((((((((((((((   Files Created from 2008-01-13 to 2008-02-13  )))))))))))))))))))))))))))))))
.

2008-02-12 12:22 . 2008-02-13 12:40 53,248 --a------ C:\WINDOWS\PSEXESVC.EXE

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 17:39 --------- d-----w C:\Program Files\NavExcel Search Toolbar
2008-02-12 00:29 --------- d-----w C:\Program Files\Network
2008-02-11 22:09 --------- d-----w C:\Program Files\Viewpoint
2008-02-11 22:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-05 04:54 --------- d-----w C:\Program Files\World of Warcraft
2008-01-19 21:24 --------- d-----w C:\Program Files\Google
2008-01-10 03:38 --------- d-----w C:\Program Files\LimeWire
2008-01-04 03:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-04 03:41 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-04 03:41 --------- d-----w C:\Program Files\AOL Search
2008-01-04 03:41 --------- d-----w C:\Program Files\AIM6
2008-01-04 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-28 23:24 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-12-28 21:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSNInstaller
2007-12-18 21:58 45,056 ----a-w C:\WINDOWS\system32\fsyskmiz.exe
2005-03-09 19:49 81,920 ----a-w C:\WINDOWS\Media\LimeWire\LimeWire.exe
2005-03-09 19:49 32,768 ----a-w C:\WINDOWS\Media\LimeWire\LimeWire20.dll
2005-03-09 19:49 12,808 ----a-w C:\WINDOWS\Media\LimeWire\WindowsV5PlusUtils.dll
2005-03-09 19:49 12,279 ----a-w C:\WINDOWS\Media\LimeWire\GenericWindowsUtils.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2007-12-18 14:27 111968 --a------ C:\Program Files\AOL Search\AOLSearch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46C4-B683-905236F6F655}
{5AA06644-BC46-4220-A460-47A6EB47C96D}
{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
{DE9C389F-3316-41A7-809B-AA305ED9D922}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}

[HKEY_CLASSES_ROOT\clsid\{5aa06644-bc46-4220-a460-47a6eb47c96d}]
[HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj]

[HKEY_CLASSES_ROOT\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}]
[HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"SFP"="C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.exe" [2003-09-05 15:30 561152]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2004-10-15 16:03 4886528]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-12-18 14:04 50528]
"qwmm"="C:\Program Files\InetGet2\stub_109_4_0_4_0.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-19 16:24 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 09:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 09:31 126976]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 00:04 114741]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 00:01 155648]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-03-02 18:19 143360]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 19:28 196608]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-04-05 13:41 950272]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-10-06 09:34 8192]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-08 20:35 155648]
"Internet Optimizer"="C:\Program Files\Internet Optimizer\optimize.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll


.
Contents of the 'Scheduled Tasks' folder
"2005-01-27 23:36:28 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1098902900.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 12:40:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-13 12:42:04
ComboFix-quarantined-files.txt  2008-02-13 17:41:56
ComboFix2.txt  2008-02-12 00:44:52
.
2008-01-11 08:02:10 --- E O F --- 

sjb07

106 Posts

February 13th, 2008 07:00

Hi don_kane0042

Great work so far - just a couple of files that refused to go first time aorund

Open up HJT and select the second entry - Do a system scan only
Place a checkmark next to these entries:

O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll (file missing)
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\ckyqbgbc.exe
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://click.mirarsearch.com/CABUPDATES/winwcd.cab
Make sure all browser and open windows/programs are closed and select "Fix checked"

Go to start menu - Select Run and in the command box type in notepad
Next copy/paste the red text below into it:


File::
C:\Program Files\InetGet2\stub_109_4_0_4_0.exe
C:\WINDOWS\PSEXESVC.EXE
C:\WINDOWS\system32\fsyskmiz.exe
C:\Program Files\Internet Explorer\ckyqbgbc.exe

Registry::
[-HKEY_CLASSES_ROOT\clsid\{5aa06644-bc46-4220-a460-47a6eb47c96d}]
[-HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj.1]
[-HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[-HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj]
[-HKEY_CLASSES_ROOT\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}]
[-HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"qwmm"=-

- Save this to your desktop as CFScript.txt
- Drag the CFScript.txt over onto Combofix.exe and release.



Combofix will then fix the entry and then rescan your computer
Combofix will then execute the script and produce a fresh log, once complete
If your computer does not reboot on completion then reboot it now

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Once done reboot your computer once more and generate a fresh HJT log

Please post back with...

>> The new combofix results
>> The SUPERAntiSpyware scan results
>> A fresh HJT log

Thanks

don_kane0042

27 Posts

February 13th, 2008 19:00

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/14/2008 at 02:13 PM

Application Version : 3.9.1008

Core Rules Database Version : 3401
Trace Rules Database Version: 1393

Scan type       : Complete Scan
Total Scan Time : 02:21:04

Memory items scanned      : 461
Memory threats detected   : 0
Registry items scanned    : 4366
Registry threats detected : 156
File items scanned        : 59032
File threats detected     : 184

Unclassified.Unknown Origin
 HKLM\Software\Classes\CLSID\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}
 HKCR\CLSID\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}
 HKCR\CLSID\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}
 HKCR\CLSID\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}\InprocServer32
 HKCR\CLSID\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}\InprocServer32#ThreadingModel
 HKCR\CLSID\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}\Programmable
 HKCR\CLSID\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}\TypeLib
 C:\PROGRAM FILES\NEED2FIND\BAR\1.BIN\ND2FNBAR.DLL
 HKLM\Software\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}
 HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}
 HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}
 HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\InprocServer32
 HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\InprocServer32#ThreadingModel
 HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\Programmable
 HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\TypeLib
 C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\BACKUPS\BACKUP-20080211-191507-921.DLL
 C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\W9SEQ.DLL.VIR
 C:\QOOBOX\QUARANTINE\C\WINDOWS\ZG9UYWXK\COMMAND.EXE.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP709\A0069181.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069251.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069340.EXE

Adware.Mirar/NetNucleus
 HKLM\Software\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
 HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
 HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
 HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32
 HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32#ThreadingModel
 HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\TypeLib
 C:\WINDOWS\SYSTEM32\WINNB57.DLL
 HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}
 HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid
 HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid32
 HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib
 HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib#Version
 HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}
 HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\ProxyStubClsid
 HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\ProxyStubClsid32
 HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\TypeLib
 HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\TypeLib#Version
 HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}
 HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid
 HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid32
 HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib
 HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib#Version
 HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}
 HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid
 HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid32
 HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib
 HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib#Version
 HKCR\NN_Bar_Dummy.NN_BarDummy
 HKCR\NN_Bar_Dummy.NN_BarDummy\CLSID
 HKCR\NN_Bar_Dummy.NN_BarDummy\CurVer
 HKCR\NN_Bar_Dummy.NN_BarDummy.1
 HKCR\NN_Bar_Dummy.NN_BarDummy.1\CLSID
 HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1
 HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1\CLSID
 HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1\CurVer
 HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1.1
 HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1.1\CLSID
 HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}
 HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0
 HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\0
 HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\0\win32
 HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\FLAGS
 HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\HELPDIR
 HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
 HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InprocServer32
 HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InprocServer32#ThreadingModel
 HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\ProgID
 HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Programmable
 HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\TypeLib
 HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\VersionIndependentProgID
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}#DisplayName
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}#UninstallString
 C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\BACKUPS\BACKUP-20080214-112928-911.DLL
 C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WINNB57.DLL.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP711\A0069422.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP712\A0069501.DLL
 C:\WINDOWS\876056.EXE
 C:\WINDOWS\SYSTEM32\WINATS.DLL
 C:\WINDOWS\SYSTEM32\WINDMY.DLL

NavExcel/NavHelper BHO
 HKLM\Software\Classes\CLSID\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}
 HKCR\CLSID\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}
 HKCR\CLSID\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}
 HKCR\CLSID\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}#AppID
 HKCR\CLSID\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}\InprocServer32
 HKCR\CLSID\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}\InprocServer32#ThreadingModel
 HKCR\CLSID\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}\ProgID
 HKCR\CLSID\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}\Programmable
 HKCR\CLSID\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}\TypeLib
 HKCR\CLSID\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}\VersionIndependentProgID
 C:\PROGRAM FILES\NAVEXCEL\NAVHELPER\V2.0.4B\NHELPER.DLL

NavExcel/NavHelper Adware Toolbar and Browser Helper Object
 HKLM\Software\Classes\CLSID\{D80C4E21-C346-4E21-8E64-20746AA20AEB}
 HKCR\CLSID\{D80C4E21-C346-4E21-8E64-20746AA20AEB}
 HKCR\CLSID\{D80C4E21-C346-4E21-8E64-20746AA20AEB}
 HKCR\CLSID\{D80C4E21-C346-4E21-8E64-20746AA20AEB}\InprocServer32
 HKCR\CLSID\{D80C4E21-C346-4E21-8E64-20746AA20AEB}\InprocServer32#ThreadingModel
 HKCR\CLSID\{D80C4E21-C346-4E21-8E64-20746AA20AEB}\ProgID
 HKCR\CLSID\{D80C4E21-C346-4E21-8E64-20746AA20AEB}\Programmable
 HKCR\CLSID\{D80C4E21-C346-4E21-8E64-20746AA20AEB}\TypeLib
 HKCR\CLSID\{D80C4E21-C346-4E21-8E64-20746AA20AEB}\VersionIndependentProgID
 C:\PROGRAM FILES\NAVEXCEL SEARCH TOOLBAR\NAVEXCELBAR.DLL
 C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\NAVEXCEL SEARCH TOOLBAR\NAVEXCELBAR.DLL.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP711\A0069417.DLL

Browser Hijacker.Internet Explorer Zone Hijack
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click#https
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click#https
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect#https
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta#https

Adware.Tracking Cookie
 C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
 C:\Documents and Settings\Owner\Cookies\owner@html[1].txt
 C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
 C:\Documents and Settings\Owner\Cookies\owner@http.edge.vru4[2].txt
 C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt

Adware.BookedSpace
 C:\WINDOWS\bsx32\ASI2.bsx
 C:\WINDOWS\bsx32\ASI5AFF.bsx
 C:\WINDOWS\bsx32\ASISSRE.bsx
 C:\WINDOWS\bsx32\bspace.html
 C:\WINDOWS\bsx32\EECH1.bsx
 C:\WINDOWS\bsx32\MYGEEK.bsx
 C:\WINDOWS\bsx32\SPZ4.bsx
 C:\WINDOWS\bsx32
 C:\WINDOWS\bsx32.ini
 HKLM\software\bookedspace
 HKLM\software\bookedspace\adware
 HKLM\software\bookedspace\adware#Version
 HKLM\software\bookedspace\adware#Referer
 HKLM\software\bookedspace\adware#Unique
 HKLM\software\bookedspace\adware#Stamp-Spawn
 HKLM\software\bookedspace\adware#Stamp-Update
 HKLM\software\bookedspace\adware#Count-Update
 HKLM\software\bookedspace\adware#Delay-Update
 HKLM\software\bookedspace\adware#Delay-MYGEEK
 HKLM\software\bookedspace\adware#Delay-SPZ4
 HKLM\software\bookedspace\adware#Delay-EECH1
 HKLM\software\bookedspace\adware#Delay-ASI5AFF
 HKLM\software\bookedspace\adware#Delay-ASISS3
 HKLM\software\bookedspace\adware#Delay-ASI2
 HKLM\software\bookedspace\adware#Campaigns
 HKLM\software\bookedspace\adware#Receipt-ASI2
 HKLM\software\bookedspace\adware#Data-ASI2
 HKLM\software\bookedspace\adware#Receipt-EECH1
 HKLM\software\bookedspace\adware#Data-EECH1
 HKLM\software\bookedspace\adware#Receipt-ASISSRE
 HKLM\software\bookedspace\adware#Data-ASISSRE
 HKLM\software\bookedspace\adware#Receipt-ASI5AFF
 HKLM\software\bookedspace\adware#Data-ASI5AFF
 HKLM\software\bookedspace\adware#Receipt-RK1
 HKLM\software\bookedspace\adware#Receipt-BBI2
 HKLM\software\bookedspace\adware#Receipt-MRR1
 HKLM\software\bookedspace\adware#Receipt-SPZ4
 HKLM\software\bookedspace\adware#Data-SPZ4
 HKLM\software\bookedspace\adware#Receipt-VENTFE17
 HKLM\software\bookedspace\adware#Receipt-MYGEEK
 HKLM\software\bookedspace\adware#Data-MYGEEK
 HKLM\software\bookedspace\adware#Stamp-SPZ4
 HKLM\software\bookedspace\adware#Count-SPZ4
 HKLM\software\bookedspace\adware#Override
 HKLM\software\bookedspace\adware#Stamp-EECH1
 HKLM\software\bookedspace\adware#Count-EECH1
 HKLM\software\bookedspace\adware#Stamp-ASI2
 HKLM\software\bookedspace\adware#Count-ASI2
 HKLM\software\bookedspace\adware#Stamp-MYGEEK
 HKLM\software\bookedspace\adware#Count-MYGEEK
 C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\BACKUPS\BACKUP-20080211-191507-565.DLL
 C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\BACKUPS\BACKUP-20080212-122052-345.DLL
 C:\QOOBOX\QUARANTINE\C\WINDOWS\BXXS5.DLL.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP711\A0069420.DLL
 C:\WINDOWS\HVUTAHOW.DLL
 C:\WINDOWS\OFFZBESP.DLL

Adware.QuickLinks
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\JGAf
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\JGAf#DisplayName
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\JGAf#UninstallString
 C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SLK8X2PEU.EXE.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069245.EXE

don_kane0042

27 Posts

February 13th, 2008 19:00

alright heres the hijack this just to let you know im willing to get rid of everything i dont need for this computer to run when i restart it i get all this verizon stuff and i dont even have it anymore ill delete every single thing just to get this thing to run better. thank again

Don

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:25 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\PdeSrv2.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 7156 bytes

don_kane0042

27 Posts

February 13th, 2008 19:00

Adware.GAIN/Gator
 HKLM\Software\Gator.com
 HKLM\Software\Gator.com\AppInfo
 HKLM\Software\Gator.com\CMEII
 HKLM\Software\Gator.com\CMEII#AppHist
 HKLM\Software\Gator.com\CMEII#numInst
 HKLM\Software\Gator.com\Gator
 HKLM\Software\Gator.com\Gator\dyn
 HKLM\Software\Gator.com\Gator\dyn\GCH
 HKLM\Software\Gator.com\Gator\dyn\GCH\_gs
 HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#StartTime
 HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#OldestTime
 HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#121-200
 HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#121-bytes

Adware.Director
 HKU\S-1-5-21-1957994488-2139871995-839522115-1003\Software\Director

Adware.Toolbar888
 HKU\S-1-5-21-1957994488-2139871995-839522115-1003\Software\XBTB04715

Browser Hijacker.Internet Explorer Settings Hijack
 HKU\S-1-5-21-1957994488-2139871995-839522115-1003\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ]

Adware.Avenue Media
 C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\BACKUPS\BACKUP-20080211-191507-390.DLL
 C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\BACKUPS\BACKUP-20080212-122052-117.DLL
 C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\INTERNET OPTIMIZER\ACTALERT.EXE.VIR
 C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE.VIR
 C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\INTERNET OPTIMIZER\UPDATE\ACTALERT.EXE.VIR
 C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\MZCQQ\SEEL.EXE.VIR
 C:\QOOBOX\QUARANTINE\C\WINDOWS\WSEM303.DLL.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069225.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069226.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069227.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP711\A0069414.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP711\A0069423.DLL
 C:\WINDOWS\PF79.EXE

Adware.NicTech Networks
 C:\INSTALLER.EXE
 C:\WINDOWS\ICONU.EXE
 C:\WINDOWS\SYSTEM32\DN2M01F1E.DLL
 C:\WINDOWS\SYSTEM32\FPJ0031ME.DLL
 C:\WINDOWS\SYSTEM32\GUARD.TMP
 C:\WINDOWS\SYSTEM32\KTN4L75Q1.DLL
 C:\WINDOWS\SYSTEM32\M082LALO1DQC.DLL
 C:\WINDOWS\SYSTEM32\N2R20C9OEF.DLL
 C:\WINDOWS\SYSTEM32\WQIDX.DLL

Trojan.NewDotNet
 C:\NNSCAA638.EXE
 C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL6_38.EXE.VIR
 C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL7_22.EXE.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069330.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069331.EXE

Trojan.WINLOGI
 C:\OO.EXE

InstaFinderK BHO
 C:\PROGRAM FILES\INSTAFINK\INSTAFINK.DLL

Adware.Need2Find
 C:\PROGRAM FILES\NEED2FIND\BAR\1.BIN\N2PLUGIN.DLL
 C:\PROGRAM FILES\NEED2FIND\BAR\1.BIN\NPND2FN.DLL

Trojan.GimmySmilies
 C:\QOOBOX\QUARANTINE\C\GIMMYSMILEYS1.EXE.VIR
 C:\QOOBOX\QUARANTINE\C\GIMMYSMILEYS2.EXE.VIR
 C:\QOOBOX\QUARANTINE\C\WINDOWS\NEWNAME6.EXE.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069320.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069322.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069323.EXE

Rogue.Unclassified/Loader
 C:\QOOBOX\QUARANTINE\C\INFO.EXE.VIR
 C:\QOOBOX\QUARANTINE\C\UXTB.EXE.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP711\A0069416.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP711\A0069418.EXE

Trojan.WinSysBan
 C:\QOOBOX\QUARANTINE\C\KEYBOARD1.EXE.VIR
 C:\QOOBOX\QUARANTINE\C\KEYBOARD2.EXE.VIR
 C:\QOOBOX\QUARANTINE\C\MOUSEPAD1.EXE.VIR
 C:\QOOBOX\QUARANTINE\C\MOUSEPAD2.EXE.VIR
 C:\QOOBOX\QUARANTINE\C\WINDOWS\KEYBOARD6.EXE.VIR
 C:\QOOBOX\QUARANTINE\C\WINDOWS\MOUSEPAD6.EXE.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069324.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069325.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069326.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069327.EXE

Trojan.Unknown Origin
 C:\QOOBOX\QUARANTINE\C\KRW1DN.EXE.VIR
 C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\MMWQ\MMWQA.EXE.VIR
 C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\MMWQ\MMWQL.EXE.VIR
 C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\MMWQ\MMWQM.EXE.VIR
 C:\QOOBOX\QUARANTINE\C\WINDOWS\PF78.EXE.VIR
 C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BANG-006.ICO.VIR
 C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FAOTVPAP7.EXE.VIR
 C:\QOOBOX\QUARANTINE\C\WINDOWS\TELLER2.CHK.VIR
 C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINST2.HTM.VIR
 C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINSTALL_NMON.VBS.VIR
 C:\QOOBOX\QUARANTINE\C\WINDOWS\UNIST1.HTM.VIR
 C:\QOOBOX\QUARANTINE\C\WINDOWS\ZG9UYWXK\T36RSQU4.VBS.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069234.ICO
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069239.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069254.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069264.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069332.VBS
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069341.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069342.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069344.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069350.VBS
 C:\VENTFE1.EXE

Trojan.CmdService
 C:\QOOBOX\QUARANTINE\C\MTE3NDI6ODOXNG.EXE.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069255.EXE

Trojan.MC Downloader Variant
 C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\INETGET\MC-110-12-0000137.EXE.VIR
 C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\WINDOWS\MC-110-12-0000137.EXE.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069198.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069208.EXE

Adware.Unknown Origin
 C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\MMWQ\MMWQD\CLASS-BARREL.VIR
 C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\MMWQ\MMWQD\VOCABULARY.VIR
 C:\WINDOWS\SYSTEM32\MKSAWRTAL.AMF

Unclassified.Unknown Origin/System
 C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\MMWQ\MMWQD\MMWQC.DLL.VIR
 C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSC00.EXE.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069267.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069347.DLL

Trojan.Downloader-Gen
 C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\MMWQ\MMWQP.EXE.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069345.EXE
 C:\WINDOWS\SYSTEM32\WINPFG32.SYS

Adware.SurfSideKick
 C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\VCCLIENT\SS1001.EXE.VIR
 C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\VCCLIENT\VCCLIENT.EXE.VIR
 C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\VCCLIENT\VCMAIN.EXE.VIR
 C:\SS1001.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069201.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069202.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069204.EXE

Adware.Avenue Media/Internet Optimizer
 C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\INTERNET OPTIMIZER\UPDATE\ROGUE.EXE.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069228.EXE

Trojan.MsMovies
 C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\MSMOVIES\V.TMP.VIR

Trojan.NetMon/DNSChange
 C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\NETWORK MONITOR\NETMON.EXE.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069229.EXE

Adware.TargetSavers
 C:\QOOBOX\QUARANTINE\C\STUB_113_4_0_4_0.EXE.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069328.EXE

Adware.UCMore/The Search Accelerator
 C:\QOOBOX\QUARANTINE\C\UCMOREIEX.EXE.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069257.EXE

Trojan.Downloader-SysMon
 C:\QOOBOX\QUARANTINE\C\WINDOWS\BBJANMO.EXE.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP711\A0069419.EXE

Adware.SysMon
 C:\QOOBOX\QUARANTINE\C\WINDOWS\BBJANMOA.EXE.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069338.EXE
 C:\VISFX500.EXE

Trojan.YourEnhancement
 C:\QOOBOX\QUARANTINE\C\WINDOWS\MS04049582-937.EXE.VIR
 C:\QOOBOX\QUARANTINE\C\WINDOWS\PMS111X.EXE.VIR
 C:\QOOBOX\QUARANTINE\C\WINDOWS\UNIN101.EXE.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069265.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069269.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069337.EXE

Trojan.Downloader-VisFX
 C:\QOOBOX\QUARANTINE\C\WINDOWS\OFFUN.EXE.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069262.EXE

RelevantKnowledge Spyware Component
 C:\QOOBOX\QUARANTINE\C\WINDOWS\RK.EXE.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069266.EXE

Trojan.Downloader-PMTLauncher
 C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CV3WANV28.EXE.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069237.EXE

Trojan.Downloader-FakeRX
 C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\EGMULHXK.DLL.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069315.DLL

Adware.ZenoSearch
 C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FSYSKMIZ.EXE.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP713\A0069512.EXE

Trojan.Unclassified/LPCYWINP
 C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LPCYWINP.EXE.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069314.EXE

TargetSaver, Inc. Process
 C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TSUNINST.EXE.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069249.EXE

Trojan.Unclassified/SysOld
 C:\QOOBOX\QUARANTINE\C\WINDOWS\UNI_EH.EXE.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069268.EXE

Adware.Adservs
 C:\QOOBOX\QUARANTINE\C\WINDOWS\ZG9UYWXK\ASAPPSRV.DLL.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069349.DLL

Trojan.ZenoSearch
 C:\QOOBOX\QUARANTINE\C\ZICORN001.EXE.VIR
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069238.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069258.EXE
 C:\WINDOWS\SYSTEM32\OWINMRAG.EXE
 C:\WINDOWS\SYSTEM32\OWINMREH.EXE
 C:\WINDOWS\SYSTEM32\OWINMRES.EXE
 C:\WINDOWS\SYSTEM32\QLDSREGJ.EXE

Trojan.Downloader-Small/Project
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{8FC58EB1-73AE-4A93-8A63-B40745151DBE}\RP710\A0069318.EXE

Trojan.Override
 C:\WINDOWS\XYEVFEKQ.EXE

don_kane0042

27 Posts

February 13th, 2008 19:00

ComboFix 08-02-13.1 - Owner 2008-02-14 11:32:46.3 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\Program Files\InetGet2\stub_109_4_0_4_0.exe
C:\Program Files\Internet Explorer\ckyqbgbc.exe
C:\WINDOWS\PSEXESVC.EXE
C:\WINDOWS\system32\fsyskmiz.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\PSEXESVC.EXE
C:\WINDOWS\system32\fsyskmiz.exe

.
(((((((((((((((((((((((((   Files Created from 2008-01-14 to 2008-02-14  )))))))))))))))))))))))))))))))
.

2008-02-14 08:22 . 2008-02-14 08:22 

 d-------- C:\WINDOWS\LastGood

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 17:39 --------- d-----w C:\Program Files\NavExcel Search Toolbar
2008-02-12 00:29 --------- d-----w C:\Program Files\Network
2008-02-11 22:09 --------- d-----w C:\Program Files\Viewpoint
2008-02-11 22:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-19 21:24 --------- d-----w C:\Program Files\Google
2008-01-10 03:38 --------- d-----w C:\Program Files\LimeWire
2008-01-04 03:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-04 03:41 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-04 03:41 --------- d-----w C:\Program Files\AOL Search
2008-01-04 03:41 --------- d-----w C:\Program Files\AIM6
2008-01-04 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-28 23:24 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-12-28 21:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSNInstaller
2005-03-09 19:49 81,920 ----a-w C:\WINDOWS\Media\LimeWire\LimeWire.exe
2005-03-09 19:49 32,768 ----a-w C:\WINDOWS\Media\LimeWire\LimeWire20.dll
2005-03-09 19:49 12,808 ----a-w C:\WINDOWS\Media\LimeWire\WindowsV5PlusUtils.dll
2005-03-09 19:49 12,279 ----a-w C:\WINDOWS\Media\LimeWire\GenericWindowsUtils.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2007-12-18 14:27 111968 --a------ C:\Program Files\AOL Search\AOLSearch.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"SFP"="C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.exe" [2003-09-05 15:30 561152]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2004-10-15 16:03 4886528]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-12-18 14:04 50528]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-19 16:24 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 09:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 09:31 126976]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 00:04 114741]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 00:01 155648]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-03-02 18:19 143360]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 19:28 196608]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-04-05 13:41 950272]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-10-06 09:34 8192]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-08 20:35 155648]
"Internet Optimizer"="C:\Program Files\Internet Optimizer\optimize.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 00:17:18 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll


.
Contents of the 'Scheduled Tasks' folder
"2005-01-27 23:36:28 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1098902900.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 11:37:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-14 11:37:59
ComboFix-quarantined-files.txt  2008-02-14 16:37:51
ComboFix2.txt  2008-02-13 17:42:05
ComboFix3.txt  2008-02-12 00:44:52
.
2008-01-11 08:02:10 --- E O F --- 

sjb07

106 Posts

February 13th, 2008 21:00

Hi don_kane0042

The SAS scan looks like it has done its job pretty well in seeking and taking out a lot of malicious files and the combofix log is also looking much better now.

>> Regarding verizon have you checked add/remove programs and removing it from there.

If that option is not available then follow the instructions below:

Open up HJT and select the second entry - Do a system scan only
Place a checkmark next to these entries:

O4 - HKCU\..\Run: C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
Make sure all browser and open windows/programs are closed and select "Fix checked"

Now reboot your computer:

Navigate to and delete the following folders if present:
C:\Program Files\Common Files\ Verizon Online

Once done, carry on with the fix from here.....

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please perform a scan with Kaspersky Webscan Online Virus Scanner

Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show ' Kaspersky Online Scanner license key was not found!

1. Click the " Kaspersky Online Scanner" button ( NOT "Kaspersky File Scanner").
2. Read the Requirements and Privacy statement, then select " Accept".
3. A new window will appear promting you to install an ActiveX component from Kaspersky - " Do you want to install this software?".
4. Click " Yes" or select " Install" to download the ActiveX controls that allows ActiveScan to run.
5. When the download is complete it will say ready, click " Next".
6. Click " Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
7. Click " Scan Options" and select both " Scan Archives" and " Scan Mail Bases".
8. Click " OK".
9. Under " Select a target to scan", click on " My Computer".
10. When the scan is complete choose to save the results as " Save as Text" named kaspersky.txt to your desktop and post them in your next reply.

Now reboot your computer once more and then generate a fresh HJT log for me

Just a recap on what is needed in your next post

-> The results from the Kaspersky Scan
-> A fresh HJT log

>> Let me know how things are running now......

Thanks

don_kane0042

27 Posts

February 13th, 2008 22:00

Man everything was going so smooth i jsut deleted the verizon rebooted my computer and went on to the ATF-Cleaner, but thats where the problems started. I opened it up and then when i went to click main nothing happened, so i manually selected all of the categories hit empty selected. After about 3 or 4 minutes i clicked X on the top right and it said this program is not responding. I rebooted my computer several times and tried the same thing again but i keep getting the this program is not responding. Any more help you have would be great.

Thanks A Lot

Don

View More

View All

No Events found!

Top