Computer Hope

Software => Computer viruses and spyware => Topic started by: HelpMePlz on August 26, 2008, 02:47:42 AM

Title: Help Please
Post by: HelpMePlz on August 26, 2008, 02:47:42 AM
I posted this earlier tonight on another board and they directed me to the page that tells all the different steps to take before coming here and posting.. here is what I said initially and then I am pasting the logs on here that I have so far and then will be starting step 4 .. hope I am doing this right.. So here is the initial post.....I dont even know where to begin, I think I got a virus last week, I believe it was the Virtumonde or something like that. I first noticed the problem when I was using my yahoo messenger, all of a sudden it would type in a message saying something like "OMG those pictures you sent me are online" then it had a link to pictures which of course was a virus. I never clicked it but somehow it just kept on and on.. I finally uninstalled and reinstalled messenger , changed my account etc and now I am getting a <---- 404           ----> error on my messenger which keeps sending to my contacts. And my windows is so messed up, when I try to shut down my computer I get the blue screen that says " A process or thread crucial to system operation has unexpectedly exited or been terminated" my windows defender says this upon start up Application failed to initialize 0x800106ba caused windows defender to stop. the list goes on and on... help me please my computer is my only contact with my family and friends and I am completly lost   .. AND HERE IS THE LOGS
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/26/2008 at 02:58 AM

Application Version : 4.20.1046

Core Rules Database Version : 3548
Trace Rules Database Version: 1536

Scan type       : Complete Scan
Total Scan Time : 03:45:25

Memory items scanned      : 510
Memory threats detected   : 0
Registry items scanned    : 7851
Registry threats detected : 1
File items scanned        : 153249
File threats detected     : 10

Adware.IEPlugin
   HKCR\Remove

Browser Hijacker.Favorites
   C:\DOCUMENTS AND SETTINGS\REBECCA\FAVORITES\MISC\ONLINE SECURITY TEST.URL

Adware.Vundo Variant
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4D32F7E8-BCF7-40E1-AF8E-D2F2E40F56ED}\RP1869\A0730919.DLL

iWon Co-Pilot for Internet Explorer and Netscape
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4D32F7E8-BCF7-40E1-AF8E-D2F2E40F56ED}\RP1869\A0732877.DLL

Trojan.Dropper/Gen
   C:\VSTASCAN\UNINSTAL.EXE

Adware.Vundo Variant/Rel
   C:\WINDOWS\SYSTEM32\HGJLM.BAK1
   C:\WINDOWS\SYSTEM32\HGJLM.BAK2
   C:\WINDOWS\SYSTEM32\HGJLM.INI
   C:\WINDOWS\SYSTEM32\HGJLM.INI2
   C:\WINDOWS\SYSTEM32\HGJLM.TMP

Adware.Vundo Variant/OE
   C:\WINDOWS\SYSTEM32\MGJRCVAM.DLL

Now if I was reading correctly I believe I am to post this and then go back to the steps and come back here and reply with the next log. Hope thats right.. Thanks so much
Title: Re: Help Please
Post by: HelpMePlz on August 26, 2008, 03:02:17 AM
Here is the next log ..
Malwarebytes' Anti-Malware 1.25
Database version: 1087
Windows 5.1.2600 Service Pack 2

3:54:57 AM 8/26/2008
mbam-log-08-26-2008 (03-54-57).txt

Scan type: Quick Scan
Objects scanned: 66216
Time elapsed: 16 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Title: Re: Help Please
Post by: HelpMePlz on August 26, 2008, 03:37:15 AM
Here is the final one.. I have done all the steps , hoping someone can help me out...  :'(
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:33:54 AM, on 8/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Rebecca\LOCALS~1\Temp\lsass.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Speeditup Free\SpeedItUp.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Speeditup Free\Data\CheckUp.dat
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/

search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/

search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-

0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program

Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {1C92DF44-293F-4E82-925F-24AF59032D58} - (no file)
O2 - BHO: (no name) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-

2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5F2AEC6C-76C8-4646-BF45-ED3542F6FF5E} - (no file)
O2 - BHO: (no name) - {72CB0891-9D6C-472A-918A-3FA843047B21} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} -

C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: (no name) - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2

\printray.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32

\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP

Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE

/AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -

atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program

Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SYSTEM.rt32] C:\DOCUME~1\Rebecca\LOCALS~1

\Temp\lsass.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07

\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows

Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!

\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe

-MINI
O4 - Global Startup: Exif Launcher.lnk = C:\Program

Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-

Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-

Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program

Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags

Express\Photags AutoDetect.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common

Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-

2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1

\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) -

http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar

Control, version 5.0 (SP2)) -

http://bin.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} -

http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup

Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -

http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -

C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class)

-

http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/wi

n/QuickTimeInstaller.exe
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor

Control) - http://www.photoworks.com/pixami/BPImageEditor.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) -

https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating

System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-

us/4,0,0,84/mcinsctl.cab
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} -

http://dl.lygo.com/Sidesearch/en_US/tripod/Sidesearch.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety

Center Base Module) -

http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} -

http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) -

http://c.ancestry.com/cab/ImageViewer/MFImgVwr.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader

3.5 Control) - http://www.dotphoto.com/DPImageUploader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -

http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -

http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop

Upload UI Control) - http://www.photoworks.com/pixami/DragDropUploader.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class)

- http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments

Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F80B9305-A013-11D2-BD23-00A024978908} (Accurad Image Control) -

file://E:\viewer\accuradimage.cab
O20 - AppInit_DLLs: qndovk.dll fgcbdq.dll lvvess.dll klhrbi.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program

Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common

Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32

\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32

\gearsec.exe
O23 - Service: GEARSecurity_BackUp - GEAR Software - C:\WINDOWS\SYSTEM32

\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1

\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program

files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1

\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1

\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1

\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1

\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. -

C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) -

Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program

Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 13496 bytes
Title: Re: Help Please
Post by: Carbon Dudeoxide on August 26, 2008, 03:41:25 AM
I'm not the Malware Specialist on duty but I can you run the HijackThis scan again.

This time, before copying the log from Notepad, go to Format and make sure Word Warp is not checked.

Then post the log.
Title: Re: Help Please
Post by: HelpMePlz on August 26, 2008, 03:47:00 AM
Thanks for the heads up.. Here it is again
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:24 AM, on 8/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Rebecca\LOCALS~1\Temp\lsass.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Speeditup Free\SpeedItUp.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Speeditup Free\Data\CheckUp.dat
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {1C92DF44-293F-4E82-925F-24AF59032D58} - (no file)
O2 - BHO: (no name) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5F2AEC6C-76C8-4646-BF45-ED3542F6FF5E} - (no file)
O2 - BHO: (no name) - {72CB0891-9D6C-472A-918A-3FA843047B21} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: (no name) - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SYSTEM.rt32] C:\DOCUME~1\Rebecca\LOCALS~1\Temp\lsass.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://bin.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.photoworks.com/pixami/BPImageEditor.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US/tripod/Sidesearch.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://c.ancestry.com/cab/ImageViewer/MFImgVwr.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.dotphoto.com/DPImageUploader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.photoworks.com/pixami/DragDropUploader.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F80B9305-A013-11D2-BD23-00A024978908} (Accurad Image Control) - file://E:\viewer\accuradimage.cab
O20 - AppInit_DLLs: qndovk.dll fgcbdq.dll lvvess.dll klhrbi.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: GEARSecurity_BackUp - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 13545 bytes
Title: Re: Help Please
Post by: HelpMePlz on August 26, 2008, 03:48:48 AM
I unchecked the word wrap but it still looks the same to me  ???
Title: Re: Help Please
Post by: Carbon Dudeoxide on August 26, 2008, 03:59:43 AM
Trust me.  ;) ;)

A Malware Specialist will be along shortly to check the logs. Good Luck!
Title: Re: Help Please
Post by: HelpMePlz on August 26, 2008, 04:02:15 AM
Thank you so much!! :)
Title: Re: Help Please
Post by: CarzyComputerGuy on August 26, 2008, 06:00:37 AM
What kind of computer is it? Do you have the System recovery CD? Is your data backed up?
Title: Re: Help Please
Post by: Carbon Dudeoxide on August 26, 2008, 06:12:20 AM
Quote from: CarzyComputerGuy on August 26, 2008, 06:00:37 AM
What kind of computer is it? Do you have the System recovery CD? Is your data backed up?
I know you're new here, but if you see a user come here with logs like this, leave it to the Malware Specialists. (CBMatt and Evilfantasy)

Also, if someone comes here with a virus problem in the future, please direct them to the following topic:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

 ;)
Title: Re: Help Please
Post by: evilfantasy on August 26, 2008, 10:23:20 AM
Thanks Carbon.

HelpMePlz you got some of it but there is still work to do.

Run this Disable/Remove Windows Messenger (http://www.majorgeeks.com/DisableRemove_Windows_Messenger_d2327.html) to the Desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the Desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the Desktop.

----------

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- O2 - BHO: (no name) - {1C92DF44-293F-4E82-925F-24AF59032D58} - (no file)
- O2 - BHO: (no name) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - (no file)
- O2 - BHO: (no name) - {5F2AEC6C-76C8-4646-BF45-ED3542F6FF5E} - (no file)
- O2 - BHO: (no name) - {72CB0891-9D6C-472A-918A-3FA843047B21} - (no file)
- O3 - Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - (no file)
- O3 - Toolbar: (no name) - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - (no file)
- O4 - HKLM\..\Run: [SYSTEM.rt32] C:\DOCUME~1\Rebecca\LOCALS~1\Temp\lsass.exe
- O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US/tripod/Sidesearch.cab
- O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe
- O20 - AppInit_DLLs: qndovk.dll fgcbdq.dll lvvess.dll klhrbi.dll

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Go to Start > Run and type notepad.exe then click OK

Copy the text in the Code box below and paste it into Notepad.

Code: [Select]
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"SYSTEM.rt32"=-
In Notepad go to File > Save as...

Next to File name: type fixme.reg Use the dropdown box next to Save as type: and select All files. Save it to the Desktop.

There should now be a file on the Desktop that looks like this (http://i154.photobucket.com/albums/s258/evilfantasy69/reg.jpg)

Double-click fixme.reg it and allow it to merge with the Registry.

You may not see anything happen but give it a few seconds or so to finish.

Now delete the fixme.reg file from the Desktop.

----------

Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
Title: Re: Help Please
Post by: HelpMePlz on August 26, 2008, 11:26:30 AM
Ok when I did the system scan on HiJackthis I first did as you said and clicked all those that applied ((which I had all of them)) then hit fix and my computer went to the blue screen. I rebooted went back in and fixed them one by one and they all were fixed EXCEPT this one
 O4 - HKLM\..\Run: [SYSTEM.rt32] C:\DOCUME~1\Rebecca\LOCALS~1\Temp\lsass.exe
Everytime I try to fix this one it sends me to the blue screen and I have to reboot. Should I continue on with the next thing or is there something differnt I should do? Also want to say THANK YOU and BIG HUGS for helping me with this. ..
Becca
Title: Re: Help Please
Post by: evilfantasy on August 26, 2008, 11:29:55 AM
Yes just continue on. The next step it removing that entry from the Registry so you may get another error, or blue screen. If so just continue on with the ComboFix instructions and we will deal with it another way. If ComboFix doesn't get it first.
Title: Re: Help Please
Post by: HelpMePlz on August 26, 2008, 11:36:36 AM
Ok great, going to go do it now :)
Becca
Title: Re: Help Please
Post by: HelpMePlz on August 26, 2008, 12:24:14 PM
Ok got it done and the only problem I had was my McAfee would not exit or shut down, I ran the scan anyways and then just allowed the changes on McAfee... but now I am trying to post the log but it is over the 200 words long.. should I break it up?
Becca
Title: Re: Help Please
Post by: evilfantasy on August 26, 2008, 12:26:11 PM
Yes if it won't fit in one post then use two or more.
Title: Re: Help Please
Post by: HelpMePlz on August 26, 2008, 12:35:07 PM
Ok here goes... :)
boFix 08-08-25.01 - Rebecca 2008-08-26 12:55:12.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.463 [GMT -5:00]
Running from: C:\Documents and Settings\Rebecca\Desktop\ComboFix.exe
 * Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Rebecca\LOCALS~1\Temp\lsass.exe
C:\Documents and Settings\Rebecca\Application Data\macromedia\Flash Player\#SharedObjects\AYHHTWAM\bin.clearspring.com
C:\Documents and Settings\Rebecca\Application Data\macromedia\Flash Player\#SharedObjects\AYHHTWAM\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Rebecca\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Rebecca\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\WINDOWS\cdmxtras
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cache329
C:\WINDOWS\system32\cache329\B_329_0_1_503300.htm
C:\WINDOWS\system32\cache329\B_329_0_1_503300.swf
C:\WINDOWS\system32\cache329\B_329_0_1_523000.htm
C:\WINDOWS\system32\cache329\B_329_0_1_523000.swf
C:\WINDOWS\system32\cache329\B_329_0_1_529100.htm
C:\WINDOWS\system32\cache329\B_329_0_1_529100.swf
C:\WINDOWS\system32\cache329\B_329_0_1_531800.htm
C:\WINDOWS\system32\cache329\B_329_0_1_531800.swf
C:\WINDOWS\system32\cache329\B_329_0_1_537300.htm
C:\WINDOWS\system32\cache329\B_329_0_1_537300.swf
C:\WINDOWS\system32\cache329\B_329_0_1_621600.htm
C:\WINDOWS\system32\cache329\B_329_0_1_621600.swf
C:\WINDOWS\system32\cache329\B_329_0_1_624900.htm
C:\WINDOWS\system32\cache329\B_329_0_1_624900.swf
C:\WINDOWS\system32\cache329\B_329_0_1_626000.htm
C:\WINDOWS\system32\cache329\B_329_0_1_626000.swf
C:\WINDOWS\system32\cache329\B_329_0_1_630000.htm
C:\WINDOWS\system32\cache329\B_329_0_1_630000.swf
C:\WINDOWS\system32\cache329\B_329_0_1_630600.htm
C:\WINDOWS\system32\cache329\B_329_0_1_630600.swf
C:\WINDOWS\system32\cache329\B_329_0_1_640300.htm
C:\WINDOWS\system32\cache329\B_329_0_1_640300.swf
C:\WINDOWS\system32\cache329\B_329_0_1_669000.gif
C:\WINDOWS\system32\cache329\B_329_0_1_673400.gif
C:\WINDOWS\system32\cache329\B_329_0_1_678600.htm
C:\WINDOWS\system32\cache329\B_329_0_1_678600.swf
C:\WINDOWS\system32\cache329\B_329_0_1_679300.htm
C:\WINDOWS\system32\cache329\B_329_0_1_679300.swf
C:\WINDOWS\system32\cache329\B_329_0_1_682500.htm
C:\WINDOWS\system32\cache329\B_329_0_1_682500.swf
C:\WINDOWS\system32\cache329\B_329_0_1_688200.htm
C:\WINDOWS\system32\cache329\B_329_0_1_688200.swf
C:\WINDOWS\system32\cache329\B_329_0_1_701000.htm
C:\WINDOWS\system32\cache329\B_329_0_1_701000.swf
C:\WINDOWS\system32\cache329\B_329_0_1_701200.htm
C:\WINDOWS\system32\cache329\B_329_0_1_701200.swf
C:\WINDOWS\system32\cache329\B_329_0_1_701600.htm
C:\WINDOWS\system32\cache329\B_329_0_1_701600.swf
C:\WINDOWS\system32\cache329\B_329_0_3_516200.gif
C:\WINDOWS\system32\cache329\B_329_2_1_503300.htm
C:\WINDOWS\system32\cache329\B_329_2_1_503300.swf
C:\WINDOWS\system32\cache329\B_329_2_1_523000.htm
C:\WINDOWS\system32\cache329\B_329_2_1_523000.swf
C:\WINDOWS\system32\cache329\B_329_2_1_529100.htm
C:\WINDOWS\system32\cache329\B_329_2_1_529100.swf
C:\WINDOWS\system32\cache329\B_329_2_1_531800.htm
C:\WINDOWS\system32\cache329\B_329_2_1_531800.swf
C:\WINDOWS\system32\cache329\B_329_2_1_537300.htm
C:\WINDOWS\system32\cache329\B_329_2_1_537300.swf
C:\WINDOWS\system32\cache329\B_329_2_1_621600.htm
C:\WINDOWS\system32\cache329\B_329_2_1_621600.swf
C:\WINDOWS\system32\cache329\B_329_2_1_624900.htm
C:\WINDOWS\system32\cache329\B_329_2_1_624900.swf
C:\WINDOWS\system32\cache329\B_329_2_1_625100.htm
C:\WINDOWS\system32\cache329\B_329_2_1_625100.swf
C:\WINDOWS\system32\cache329\B_329_2_1_626000.htm
C:\WINDOWS\system32\cache329\B_329_2_1_626000.swf
C:\WINDOWS\system32\cache329\B_329_2_1_630000.htm
C:\WINDOWS\system32\cache329\B_329_2_1_630000.swf
C:\WINDOWS\system32\cache329\B_329_2_1_630600.htm
C:\WINDOWS\system32\cache329\B_329_2_1_630600.swf
C:\WINDOWS\system32\cache329\B_329_2_1_640300.htm
C:\WINDOWS\system32\cache329\B_329_2_1_640300.swf
C:\WINDOWS\system32\cache329\B_329_2_1_669000.gif
C:\WINDOWS\system32\cache329\B_329_2_1_673400.gif
C:\WINDOWS\system32\cache329\B_329_2_1_678600.htm
C:\WINDOWS\system32\cache329\B_329_2_1_678600.swf
C:\WINDOWS\system32\cache329\B_329_2_1_679300.htm
C:\WINDOWS\system32\cache329\B_329_2_1_679300.swf
C:\WINDOWS\system32\cache329\B_329_2_1_682500.htm
C:\WINDOWS\system32\cache329\B_329_2_1_682500.swf
C:\WINDOWS\system32\cache329\B_329_2_1_688200.htm
C:\WINDOWS\system32\cache329\B_329_2_1_688200.swf
C:\WINDOWS\system32\cache329\B_329_2_1_701000.htm
C:\WINDOWS\system32\cache329\B_329_2_1_701000.swf
C:\WINDOWS\system32\cache329\B_329_2_1_701200.htm
C:\WINDOWS\system32\cache329\B_329_2_1_701200.swf
C:\WINDOWS\system32\cache329\B_329_2_1_701600.htm
C:\WINDOWS\system32\cache329\B_329_2_1_701600.swf
C:\WINDOWS\system32\cache329\B_329_2_2_554400.htm
C:\WINDOWS\system32\cache329\B_329_2_2_554400.swf
C:\WINDOWS\system32\cache329\B_329_2_2_558800.gif
C:\WINDOWS\system32\cache329\B_329_2_2_586300.htm
C:\WINDOWS\system32\cache329\B_329_2_2_586300.swf
C:\WINDOWS\system32\cache329\B_329_2_2_589300.htm
C:\WINDOWS\system32\cache329\B_329_2_2_589300.swf
C:\WINDOWS\system32\cache329\B_329_2_2_651200.htm
C:\WINDOWS\system32\cache329\B_329_2_2_651200.swf
C:\WINDOWS\system32\cache329\B_329_2_2_668500.htm
C:\WINDOWS\system32\cache329\B_329_2_2_668500.swf
C:\WINDOWS\system32\cache329\B_329_2_2_674300.htm
C:\WINDOWS\system32\cache329\B_329_2_2_674300.swf
C:\WINDOWS\system32\cache329\B_329_2_2_676300.htm
C:\WINDOWS\system32\cache329\B_329_2_2_676300.swf
C:\WINDOWS\system32\cache329\B_329_2_2_699800.htm
C:\WINDOWS\system32\cache329\B_329_2_2_699800.swf
C:\WINDOWS\system32\cache329\B_329_2_2_775900.htm
C:\WINDOWS\system32\cache329\B_329_2_2_775900.swf
C:\WINDOWS\system32\cache329\B_329_2_3_516200.gif
C:\WINDOWS\system32\cache329\B_329_2_3_568300.htm
C:\WINDOWS\system32\cache329\B_329_2_3_568300.swf
C:\WINDOWS\system32\cache329\B_329_2_3_634300.htm
C:\WINDOWS\system32\cache329\B_329_2_3_634300.swf
C:\WINDOWS\system32\cache329\B_329_3_1_503300.htm
C:\WINDOWS\system32\cache329\B_329_3_1_503300.swf
C:\WINDOWS\system32\cache329\B_329_3_1_523000.htm
C:\WINDOWS\system32\cache329\B_329_3_1_523000.swf
C:\WINDOWS\system32\cache329\B_329_3_1_529100.htm
C:\WINDOWS\system32\cache329\B_329_3_1_529100.swf
C:\WINDOWS\system32\cache329\B_329_3_1_531800.htm
C:\WINDOWS\system32\cache329\B_329_3_1_531800.swf
C:\WINDOWS\system32\cache329\B_329_3_1_537300.htm
C:\WINDOWS\system32\cache329\B_329_3_1_537300.swf
C:\WINDOWS\system32\cache329\B_329_3_1_621600.htm
C:\WINDOWS\system32\cache329\B_329_3_1_621600.swf
C:\WINDOWS\system32\cache329\B_329_3_1_625100.htm
C:\WINDOWS\system32\cache329\B_329_3_1_625100.swf
C:\WINDOWS\system32\cache329\B_329_3_1_626000.htm
C:\WINDOWS\system32\cache329\B_329_3_1_626000.swf
C:\WINDOWS\system32\cache329\B_329_3_1_630000.htm
C:\WINDOWS\system32\cache329\B_329_3_1_630000.swf
C:\WINDOWS\system32\cache329\B_329_3_1_630600.htm
C:\WINDOWS\system32\cache329\B_329_3_1_630600.swf
C:\WINDOWS\system32\cache329\B_329_3_1_640300.htm
C:\WINDOWS\system32\cache329\B_329_3_1_640300.swf
C:\WINDOWS\system32\cache329\B_329_3_1_669000.gif
C:\WINDOWS\system32\cache329\B_329_3_1_673400.gif
C:\WINDOWS\system32\cache329\B_329_3_1_678600.htm
C:\WINDOWS\system32\cache329\B_329_3_1_678600.swf
C:\WINDOWS\system32\cache329\B_329_3_1_679300.htm
C:\WINDOWS\system32\cache329\B_329_3_1_679300.swf
C:\WINDOWS\system32\cache329\B_329_3_1_682500.htm
C:\WINDOWS\system32\cache329\B_329_3_1_682500.swf
C:\WINDOWS\system32\cache329\B_329_3_1_688200.htm
C:\WINDOWS\system32\cache329\B_329_3_1_688200.swf
C:\WINDOWS\system32\cache329\B_329_3_1_701000.htm
C:\WINDOWS\system32\cache329\B_329_3_1_701000.swf
C:\WINDOWS\system32\cache329\B_329_3_1_701200.htm
C:\WINDOWS\system32\cache329\B_329_3_1_701200.swf
C:\WINDOWS\system32\cache329\B_329_3_1_701600.htm
C:\WINDOWS\system32\cache329\B_329_3_1_701600.swf
C:\WINDOWS\system32\cache329\B_329_3_2_554400.htm
C:\WINDOWS\system32\cache329\B_329_3_2_554400.swf
C:\WINDOWS\system32\cache329\B_329_3_2_558800.gif
C:\WINDOWS\system32\cache329\B_329_3_2_586300.htm
C:\WINDOWS\system32\cache329\B_329_3_2_586300.swf
C:\WINDOWS\system32\cache329\B_329_3_2_589300.htm
C:\WINDOWS\system32\cache329\B_329_3_2_589300.swf
C:\WINDOWS\system32\cache329\B_329_3_2_651200.htm
C:\WINDOWS\system32\cache329\B_329_3_2_651200.swf
C:\WINDOWS\system32\cache329\B_329_3_2_668500.htm
C:\WINDOWS\system32\cache329\B_329_3_2_668500.swf
C:\WINDOWS\system32\cache329\B_329_3_2_674300.htm
C:\WINDOWS\system32\cache329\B_329_3_2_674300.swf
C:\WINDOWS\system32\cache329\B_329_3_2_676300.htm
C:\WINDOWS\system32\cache329\B_329_3_2_676300.swf
C:\WINDOWS\system32\cache329\B_329_3_2_699800.htm
C:\WINDOWS\system32\cache329\B_329_3_2_699800.swf
C:\WINDOWS\system32\cache329\B_329_3_2_775900.htm
C:\WINDOWS\system32\cache329\B_329_3_2_775900.swf
C:\WINDOWS\system32\cache329\B_329_3_3_516200.gif
C:\WINDOWS\system32\cache329\B_329_3_3_537400.htm
C:\WINDOWS\system32\cache329\B_329_3_3_537400.swf
C:\WINDOWS\system32\cache329\B_329_3_3_567700.htm
C:\WINDOWS\system32\cache329\B_329_3_3_567700.swf
C:\WINDOWS\system32\cache329\B_329_3_3_568300.htm
C:\WINDOWS\system32\cache329\B_329_3_3_568300.swf
C:\WINDOWS\system32\cache329\B_329_3_3_634300.htm
C:\WINDOWS\system32\cache329\B_329_3_3_634300.swf
C:\WINDOWS\system32\cache329\B_329_3_3_693100.htm
C:\WINDOWS\system32\cache329\B_329_3_3_693100.swf
C:\WINDOWS\system32\cache329\B_329_3_3_737700.gif
C:\WINDOWS\system32\cache329\B_329_3_3_737800.gif
C:\WINDOWS\system32\cache329\B_329_3_3_737900.gif
C:\WINDOWS\system32\cache329\B_329_3_3_738000.gif
C:\WINDOWS\system32\cache329\B_329_3_4_545600.htm
C:\WINDOWS\system32\cache329\B_329_3_4_545600.swf
C:\WINDOWS\system32\cache329\B_329_3_4_588000.htm
C:\WINDOWS\system32\cache329\B_329_3_4_588000.swf
C:\WINDOWS\system32\cache329\B_329_3_4_591600.htm
C:\WINDOWS\system32\cache329\B_329_3_4_591600.swf
C:\WINDOWS\system32\cache329\B_329_3_4_693600.gif
C:\WINDOWS\system32\cache329\B_329_4_1_609900.htm
C:\WINDOWS\system32\cache329\B_329_4_1_609900.swf
C:\WINDOWS\system32\cache329\B_329_4_1_611800.htm
C:\WINDOWS\system32\cache329\B_329_4_1_642300.htm
C:\WINDOWS\system32\cache329\B_329_4_1_674200.gif
C:\WINDOWS\system32\cache329\B_329_4_1_674200.htm
C:\WINDOWS\system32\cache329\B_329_4_1_675600.htm
C:\WINDOWS\system32\cache329\B_329_4_1_675700.htm
C:\WINDOWS\system32\cache329\B_329_4_1_683100.gif
C:\WINDOWS\system32\cache329\B_329_4_1_683100.htm
C:\WINDOWS\system32\cache329\B_329_4_2_576700.gif
C:\WINDOWS\system32\cache329\B_329_4_2_576700.htm
C:\WINDOWS\system32\cache329\B_329_4_2_591900.gif
C:\WINDOWS\system32\cache329\B_329_4_2_591900.htm
C:\WINDOWS\system32\cache329\B_329_4_2_648700.htm
C:\WINDOWS\system32\cache329\B_329_4_2_656100.htm
C:\WINDOWS\system32\cache329\B_329_4_2_656100.jpg
C:\WINDOWS\system32\cache329\B_329_4_2_656500.gif
C:\WINDOWS\system32\cache329\B_329_4_2_656500.htm
C:\WINDOWS\system32\cache329\B_329_4_2_657000.htm
C:\WINDOWS\system32\cache329\B_329_4_2_657000.jpg
C:\WINDOWS\system32\cache329\B_329_4_2_668400.gif
C:\WINDOWS\system32\cache329\B_329_4_2_668400.htm
C:\WINDOWS\system32\cache329\B_329_4_2_672000.htm
C:\WINDOWS\system32\cache329\B_329_4_2_674600.htm
C:\WINDOWS\system32\cache329\B_329_4_2_686600.htm
C:\WINDOWS\system32\cache329\B_329_4_3_503700.htm
C:\WINDOWS\system32\cache329\B_329_4_3_577200.htm
C:\WINDOWS\system32\cache329\B_329_4_3_583000.htm
C:\WINDOWS\system32\cache329\B_329_4_3_583000.jpg
C:\WINDOWS\system32\cache329\B_329_4_3_583500.htm
C:\WINDOWS\system32\cache329\B_329_4_3_583500.jpg
C:\WINDOWS\system32\cache329\B_329_4_3_608200.htm
C:\WINDOWS\system32\cache329\B_329_4_3_694300.htm
C:\WINDOWS\system32\cache329\B_329_4_3_694300.jpg
C:\WINDOWS\system32\cache329\B_329_4_3_694600.htm
C:\WINDOWS\system32\cache329\B_329_4_3_694600.jpg
C:\WINDOWS\system32\cache329\B_329_4_3_694700.htm
C:\WINDOWS\system32\cache329\B_329_4_3_694700.jpg
C:\WINDOWS\system32\cache329\B_329_4_3_694800.gif
C:\WINDOWS\system32\cache329\B_329_4_3_694800.htm
C:\WINDOWS\system32\cache329\B_329_4_3_694900.gif
C:\WINDOWS\system32\cache329\B_329_4_3_694900.htm
C:\WINDOWS\system32\cache329\B_329_4_3_695000.htm
C:\WINDOWS\system32\cache329\B_329_4_3_695000.jpg
C:\WINDOWS\system32\cache329\B_329_4_4_508400.htm
C:\WINDOWS\system32\cache329\B_329_4_4_520100.gif
C:\WINDOWS\system32\cache329\B_329_4_4_520100.htm
C:\WINDOWS\system32\cache329\B_329_4_4_547500.htm
C:\WINDOWS\system32\cache329\B_329_4_4_547500.jpg
C:\WINDOWS\system32\cache329\B_329_4_4_553600.htm
C:\WINDOWS\system32\cache329\B_329_4_4_553600.jpg
C:\WINDOWS\system32\cache329\B_329_4_4_554100.htm
C:\WINDOWS\system32\cache329\B_329_4_4_554100.jpg
C:\WINDOWS\system32\cache329\B_329_4_4_607000.htm
C:\WINDOWS\system32\cache329\B_329_4_4_673900.htm
C:\WINDOWS\system32\cache329\B_329_4_4_673900.swf
C:\WINDOWS\system32\cache329\B_329_4_4_685500.gif
C:\WINDOWS\system32\cache329\B_329_4_4_685500.htm
C:\WINDOWS\system32\cache329\B_329_4_4_685600.gif
C:\WINDOWS\system32\cache329\B_329_4_4_685600.htm
C:\WINDOWS\system32\cache329\B_329_4_4_693800.gif
C:\WINDOWS\system32\cache329\B_329_4_4_693800.htm
C:\WINDOWS\system32\cache329\B_524800.htm
C:\WINDOWS\system32\cache329\B_525100.htm
C:\WINDOWS\system32\cache329\B_527100.htm
C:\WINDOWS\system32\cache329\B_528500.htm
C:\WINDOWS\system32\cache329\B_530800.htm
C:\WINDOWS\system32\cache329\B_560700.htm
C:\WINDOWS\system32\cache329\B_561000.htm
C:\WINDOWS\system32\cache329\B_575200.htm
C:\WINDOWS\system32\cache329\B_576800.htm
C:\WINDOWS\system32\cache329\B_591300.htm
C:\WINDOWS\system32\cache329\B_604700.htm
C:\WINDOWS\system32\cache329\B_618800.htm
C:\WINDOWS\system32\cache329\B_631900.htm
C:\WINDOWS\system32\cache329\B_633300.htm
C:\WINDOWS\system32\cache329\B_634700.htm
C:\WINDOWS\system32\cache329\B_637600.htm
C:\WINDOWS\system32\cache329\B_642100.htm
C:\WINDOWS\system32\cache329\B_644500.htm
C:\WINDOWS\system32\cache329\B_665300.htm
C:\WINDOWS\system32\cache329\B_665500.htm
C:\WINDOWS\system32\cache329\B_677100.htm
C:\WINDOWS\system32\cache329\B_677300.htm
C:\WINDOWS\system32\cache329\B_677500.htm
C:\WINDOWS\system32\cache329\B_677700.htm
C:\WINDOWS\system32\cache329\B_677900.htm
C:\WINDOWS\system32\cache329\B_685300.htm
C:\WINDOWS\system32\cache329\B_704300.htm
C:\WINDOWS\system32\cache329\B_704600.htm
C:\WINDOWS\system32\cache329\B_704700.htm
C:\WINDOWS\system32\cache329\B_704800.htm
C:\WINDOWS\system32\cache329\B_704900.htm
C:\WINDOWS\system32\cache329\B_705000.htm
C:\WINDOWS\system32\cache329\B_705100.htm
C:\WINDOWS\system32\cache329\B_707700.htm
C:\WINDOWS\system32\cache329\B_707800.htm
C:\WINDOWS\system32\cache329\B_707900.htm
C:\WINDOWS\system32\cache329\B_708000.htm
C:\WINDOWS\system32\cache329\B_791300.htm
C:\WINDOWS\system32\cache329\t_B_329_4_1_611800.htm
C:\WINDOWS\system32\cache329\t_B_329_4_1_642300.htm
C:\WINDOWS\system32\cache329\t_B_329_4_1_675600.htm
C:\WINDOWS\system32\cache329\t_B_329_4_1_675700.htm
C:\WINDOWS\system32\cache329\t_B_329_4_2_648700.htm
C:\WINDOWS\system32\cache329\t_B_329_4_2_672000.htm
C:\WINDOWS\system32\cache329\t_B_329_4_2_674600.htm
C:\WINDOWS\system32\cache329\t_B_329_4_2_686600.htm
C:\WINDOWS\system32\cache329\t_B_329_4_3_503700.htm
C:\WINDOWS\system32\cache329\t_B_329_4_3_577200.htm
C:\WINDOWS\system32\cache329\t_B_329_4_3_608200.htm
C:\WINDOWS\system32\cache329\t_B_329_4_4_508400.htm
C:\WINDOWS\system32\cache329\t_B_329_4_4_607000.htm
C:\WINDOWS\system32\cache329\t_B_524800.htm
C:\WINDOWS\system32\cache329\t_B_525100.htm
C:\WINDOWS\system32\cache329\t_B_527100.htm
C:\WINDOWS\system32\cache329\t_B_528500.htm
C:\WINDOWS\system32\cache329\t_B_530800.htm
C:\WINDOWS\system32\cache329\t_B_560700.htm
C:\WINDOWS\system32\cache329\t_B_561000.htm
C:\WINDOWS\system32\cache329\t_B_575200.htm
C:\WINDOWS\system32\cache329\t_B_576800.htm
C:\WINDOWS\system32\cache329\t_B_591300.htm
C:\WINDOWS\system32\cache329\t_B_604700.htm
C:\WINDOWS\system32\cache329\t_B_618800.htm
C:\WINDOWS\system32\cache329\t_B_631900.htm
C:\WINDOWS\system32\cache329\t_B_633300.htm
C:\WINDOWS\system32\cache329\t_B_634700.htm
C:\WINDOWS\system32\cache329\t_B_637600.htm
C:\WINDOWS\system32\cache329\t_B_642100.htm
C:\WINDOWS\system32\cache329\t_B_644500.htm
C:\WINDOWS\system32\cache329\t_B_648900.htm
C:\WINDOWS\system32\cache329\t_B_650300.htm
Title: Re: Help Please
Post by: HelpMePlz on August 26, 2008, 12:37:11 PM
C:\WINDOWS\system32\cache329\t_B_652000.htm
C:\WINDOWS\system32\cache329\t_B_653100.htm
C:\WINDOWS\system32\cache329\t_B_654600.htm
C:\WINDOWS\system32\cache329\t_B_665300.htm
C:\WINDOWS\system32\cache329\t_B_665500.htm
C:\WINDOWS\system32\cache329\t_B_677100.htm
C:\WINDOWS\system32\cache329\t_B_677300.htm
C:\WINDOWS\system32\cache329\t_B_677500.htm
C:\WINDOWS\system32\cache329\t_B_677700.htm
C:\WINDOWS\system32\cache329\t_B_677900.htm
C:\WINDOWS\system32\cache329\t_B_685300.htm
C:\WINDOWS\system32\cache329\t_B_704300.htm
C:\WINDOWS\system32\cache329\t_B_704600.htm
C:\WINDOWS\system32\cache329\t_B_704700.htm
C:\WINDOWS\system32\cache329\t_B_704800.htm
C:\WINDOWS\system32\cache329\t_B_704900.htm
C:\WINDOWS\system32\cache329\t_B_705000.htm
C:\WINDOWS\system32\cache329\t_B_705100.htm
C:\WINDOWS\system32\cache329\t_B_707700.htm
C:\WINDOWS\system32\cache329\t_B_707800.htm
C:\WINDOWS\system32\cache329\t_B_707900.htm
C:\WINDOWS\system32\cache329\t_B_708000.htm
C:\WINDOWS\system32\cache329\t_B_791300.htm
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\herluivs.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\rhnhmhgu.ini
C:\WINDOWS\system32\url(2).dll
C:\WINDOWS\system32\url(4)(2).dll

.
(((((((((((((((((((((((((   Files Created from 2008-07-26 to 2008-08-26  )))))))))))))))))))))))))))))))
.

2008-08-26 04:28 . 2008-08-26 04:28   <DIR>   d--------   C:\Program Files\Trend Micro
2008-08-26 04:07 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-08-26 03:35 . 2008-08-26 03:35   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-08-26 03:35 . 2008-08-17 15:01   38,472   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 03:35 . 2008-08-17 15:01   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-08-25 23:06 . 2008-08-25 23:06   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2008-08-25 23:06 . 2008-08-25 23:06   <DIR>   d--------   C:\Documents and Settings\Rebecca\Application Data\SUPERAntiSpyware.com
2008-08-25 23:06 . 2008-08-25 23:06   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-25 22:46 . 2008-08-25 22:46   <DIR>   d--------   C:\WINDOWS\Speeditup Free
2008-08-25 22:46 . 2008-08-25 22:46   <DIR>   d--------   C:\Program Files\Speeditup Free
2008-08-25 13:19 . 2008-08-25 13:19   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-25 11:58 . 2008-08-25 11:58   2,335,270   --a------   C:\WINDOWS\system32\36434.mht
2008-08-25 11:58 . 2004-08-04 02:56   708,096   --a------   C:\WINDOWS\system32\44d36.tmp
2008-08-25 11:58 . 2008-08-25 11:58   54,624   --a------   C:\WINDOWS\system32\d0335.sys
2008-08-25 11:42 . 2008-08-25 12:53   <DIR>   d--------   C:\WINDOWS\system32\CatRoot_bak
2008-08-24 00:52 . 2008-08-24 00:55   <DIR>   d--------   C:\Documents and Settings\Rebecca\Application Data\SecondLife
2008-08-21 01:55 . 2008-08-21 01:55   <DIR>   d----c---   C:\VundoFix Backups
2008-08-21 00:35 . 2008-08-25 22:25   <DIR>   d--------   C:\Program Files\Enigma Software Group
2008-08-21 00:16 . 2008-08-21 00:16   61,440   --a------   C:\WINDOWS\system32\drivers\wbkcgnqb.sys
2008-08-20 18:52 . 2008-08-20 18:52   <DIR>   d--------   C:\Documents and Settings\Rebecca\Application Data\Malwarebytes
2008-08-20 18:52 . 2008-08-20 18:52   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-20 18:30 . 2008-08-20 18:30   0   --a------   C:\WINDOWS\system32\ddcYqOhE.dll.vir
2008-08-20 12:20 . 2008-08-20 12:21   <DIR>   d--------   C:\Program Files\Windows Live Safety Center
2008-08-20 11:49 . 2008-08-20 11:49   <DIR>   d--------   C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-20 11:27 . 2000-12-08 21:59   122,880   --a------   C:\WINDOWS\UnGins.exe
2008-08-20 00:19 . 2008-08-20 00:54   <DIR>   d----c---   C:\1Cleanup
2008-08-19 01:58 . 2008-08-19 01:58   <DIR>   d----c---   C:\2eb227843e394d64ce79fdad320ef0
2008-08-19 01:35 . 2008-08-19 01:35   2,335,270   --a------   C:\WINDOWS\system32\73d25A.mht
2008-08-18 23:10 . 2008-08-20 00:11   <DIR>   d--------   C:\Program Files\Panda Security
2008-08-18 13:23 . 2008-08-18 13:23   <DIR>   d--------   C:\Documents and Settings\Rebecca\Application Data\McAfee
2008-08-18 11:54 . 2008-08-18 13:13   <DIR>   d--------   C:\Program Files\a-squared Anti-Malware
2008-08-18 02:10 . 2008-08-18 02:10   <DIR>   d--------   C:\Temp\epr1
2008-08-18 02:10 . 2008-08-18 02:10   355   --a--c---   C:\933.bat
2008-08-13 11:07 . 2008-08-13 11:07   <DIR>   d--------   C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-12 14:01 . 2007-07-30 19:19   271,224   --a------   C:\WINDOWS\system32\mucltui.dll
2008-08-12 14:01 . 2007-07-30 19:19   207,736   --a------   C:\WINDOWS\system32\muweb.dll
2008-08-12 14:01 . 2007-07-30 19:19   30,072   --a------   C:\WINDOWS\system32\mucltui.dll.mui
2008-08-11 20:25 . 2008-08-11 20:25   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2008-08-11 20:25 . 2008-08-12 16:59   <DIR>   d--------   C:\Documents and Settings\Rebecca\Contacts
2008-08-11 20:17 . 2008-08-24 18:54   <DIR>   d--------   C:\Program Files\Windows Live
2008-08-11 20:17 . 2008-08-11 20:24   <DIR>   d--hsc---   C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-11 20:16 . 2008-08-11 20:16   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-08 12:35 . 2008-08-22 00:44   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-08-08 12:35 . 2008-08-08 12:35   1,409   --a------   C:\WINDOWS\QTFont.for
2008-08-06 21:37 . 2008-08-06 21:37   <DIR>   d--------   C:\Program Files\LucasArts
2008-08-06 21:21 . 2008-06-23 11:57   6,066,176   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-06 21:21 . 2007-04-17 04:32   2,455,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-06 21:21 . 2007-03-08 00:10   991,232   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-06 21:21 . 2008-06-23 11:57   459,264   -----c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-06 21:21 . 2008-06-23 11:57   383,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-06 21:21 . 2008-06-23 11:57   267,776   -----c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-06 21:21 . 2008-06-23 11:57   63,488   -----c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-06 21:21 . 2008-06-23 11:57   52,224   -----c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-06 21:21 . 2008-06-23 04:20   13,824   -----c---   C:\WINDOWS\system32\dllcache\ieudinit.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 09:21   ---------   d-----w   C:\Program Files\Java
2008-08-26 04:04   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-08-26 03:53   ---------   d-----w   C:\Program Files\CCleaner
2008-08-26 03:34   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-26 03:20   ---------   d-----w   C:\Documents and Settings\Rebecca\Application Data\Lavasoft
2008-08-26 03:14   ---------   d-----w   C:\Program Files\Spybot - Search & Destroy
2008-08-26 03:14   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-25 18:15   ---------   d--h--w   C:\Documents and Settings\All Users\Application Data\yahoo!
2008-08-25 18:15   ---------   d-----w   C:\Program Files\Yahoo!
2008-08-25 16:52   ---------   d--h--w   C:\Documents and Settings\Rebecca\Application Data\yahoo!
2008-08-20 18:01   ---------   d-----w   C:\Program Files\RegistryFix
2008-08-18 21:36   ---------   d-----w   C:\Documents and Settings\Rebecca\Application Data\Ahead
2008-08-18 18:38   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-08-18 18:36   ---------   d-----w   C:\Program Files\Canon
2008-08-18 18:25   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-18 01:36   ---------   d-----w   C:\Documents and Settings\Rebecca\Application Data\SiteAdvisor
2008-08-11 00:24   ---------   d-----w   C:\Program Files\McAfee
2008-08-10 05:58   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Zylom
2008-08-07 00:29   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-07 20:32   253,952   ----a-w   C:\WINDOWS\system32\es.dll
2008-06-24 16:23   74,240   ----a-w   C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57   826,368   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41   245,248   ----a-w   C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41   245,248   ----a-w   C:\WINDOWS\system32\mswsock(2)(2).dll
2008-06-20 17:41   148,992   ----a-w   C:\WINDOWS\system32\dnsapi(2)(2).dll
2008-05-21 21:45   20   -c-h--w   C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-05-21 21:45   20   -c-h--w   C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2004-06-25 02:25   2,094   -c--a-w   C:\Program Files\V4Hardware_1.xml
2003-10-28 01:54   169   -c-ha-w   C:\Documents and Settings\Cliff\hpothb07.dat
2002-03-16 01:09   24   -c--a-w   C:\Documents and Settings\Cliff\18DF93B7.BIN
2004-10-22 01:19   56   -csh--r   C:\WINDOWS\system32\E2850458D2.sys
2005-04-07 01:34   1,786   -csha-w   C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"SpeedItUpEX"="C:\Program Files\Speeditup Free\SpeedItUp.exe" [2008-06-09 04:34 2275328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 03:51 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 03:50 204800]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-02-03 15:16 180269]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-07 23:42 176128]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-04-03 18:12 777424]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 17:07 617984]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2006-10-02 14:09 35928]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 23:32 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-18 20:44 286720]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
Title: Re: Help Please
Post by: HelpMePlz on August 26, 2008, 12:38:04 PM
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2002-01-09 22:53:14 200704]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-09-19 13:16:30 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-10-16 16:26:16 118784]
Photags AutoDetect.lnk - C:\Program Files\PhoTags Express\Photags AutoDetect.exe [2007-10-08 19:39:11 368640]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-01-22 14:21:00 815104]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.XVID"= xvid.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dllschannel.dlldigest.dllmsnss pc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
--a------ 2002-12-06 17:07 617984 C:\Program Files\ASUS\Probe\AsusProb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
--a--c--- 2004-02-24 21:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol]
--a--c--- 2005-01-10 10:35 73728 C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 19:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2003-12-22 08:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2004-05-04 19:51 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
--a--c--- 2001-08-23 07:00 44032 C:\WINDOWS\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 00:31 208952 C:\WINDOWS\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra--c--- 2001-07-09 04:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center]
--a--c--- 2004-11-15 12:49 98304 C:\PROGRA~1\PESTPA~1\PPControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck]
-----c--- 2003-04-19 07:53 148480 C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-18 20:44 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ResModify]
-r---c--- 2003-12-29 04:16 65536 C:\Program Files\USBToolbox\Res.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a--c--- 2003-07-30 11:08 143360 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-02-03 15:16 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a--c--- 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a--c--- 2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a--c--- 2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\McAfee\\MSC\\mcuimgr.exe"=

R0 gxc122b;gxc122b;C:\WINDOWS\system32\DRIVERS\gxc122b.sys [2004-03-12 23:41]
R0 gxc122p;gxc122p;C:\WINDOWS\system32\Drivers\gxc122p.sys [2004-03-12 23:41]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-29 00:59]
R3 rdsdrv;rdsdrv;C:\WINDOWS\system32\DRIVERS\rdsdrv.sys [2003-10-21 10:19]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 01:01]
S0 syvn;syvn;C:\WINDOWS\system32\drivers\wbkcgnqb.sys [2008-08-21 00:16]
S3 ASUSHWIO;ASUSHWIO;C:\WINDOWS\System32\drivers\ASUSHWIO.sys []
S3 d0335;d0335;C:\WINDOWS\system32\d0335.sys [2008-08-25 11:58]
S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\Cliff\LOCALS~1\Temp\DMSKSSRh.sys []
S3 GearAspiWDM_BackUp;GEAR CDRom Filter;C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2003-08-25 10:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\dvdcheck.exe
\Shell\directx\command - DirectX9\dxsetup.exe
\Shell\setup\command - D:\setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-08-26 C:\WINDOWS\Tasks\AF2C5CCA9B8BCF3E.job
- c:\docume~1\rebecca\applic~1\plansi~1\winholdless.exe []

2008-08-24 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (CLIFF-HA8LIBYJX-Cliff).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe []

2008-08-15 C:\WINDOWS\Tasks\McDefragTask.job
- C:\WINDOWS\system32\defrag.exe [2004-08-04 02:56]

2008-07-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - C:\Program Files\Windows Live\Messenger\msnmsgr.exe
HKLM-Run-PrinTray - C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
ShellExecuteHooks-{1D516154-6AC0-426C-92A1-FDC0073E8A1B} - C:\DOCUME~1\Cliff\LOCALS~1\Temp\ntwzhook.dll
MSConfigStartUp-27JANBS3QDRHPP - C:\WINDOWS\System32\Sqnge1Me.exe
MSConfigStartUp-AdwareAlert - C:\Program Files\AdwareAlert\AdwareAlert.Exe
MSConfigStartUp-Awtr - C:\Documents and Settings\Cliff\Application Data\ldeo.exe
MSConfigStartUp-BearShare - C:\Program Files\BearShare\BearShare.exe
MSConfigStartUp-eBayToolbar - C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
MSConfigStartUp-Jet Detection - C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
MSConfigStartUp-Ko4U6So1 - C:\documents and settings\rebecca\local settings\temp\Ko4U6So1.exe
MSConfigStartUp-MPFExe - C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
MSConfigStartUp-OASClnt - C:\Program Files\McAfee.com\VSO\oasclnt.exe
MSConfigStartUp-SpyHunter - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
MSConfigStartUp-ViewMgr - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
MSConfigStartUp-Weather - C:\Program Files\AWS\WeatherBug\Weather.exe
MSConfigStartUp-Yahoo! Pager - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R0 -: HKLM-Main,Default_Page_URL = hxxp://www.yahoo.com/
R0 -: HKLM-Main,Default_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com/
R0 -: HKLM-Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 -: HKCU-SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {09C6CAC0-936E-40A0-BC26-707480103DC3} - hxxp://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
C:\WINDOWS\Downloaded Program Files\flipside_webmoo.inf

O16 -: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.photoworks.com/pixami/DragDropUploader.cab
C:\WINDOWS\Downloaded Program Files\DragDropUploader.inf
C:\WINDOWS\Downloaded Program Files\Pixami Upload Control.ocx
C:\WINDOWS\Downloaded Program Files\DragDropUploadUI.ocx
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 13:06:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Completion time: 2008-08-26 13:16:17
ComboFix-quarantined-files.txt  2008-08-26 18:16:05

Pre-Run: 14,293,508,096 bytes free
Post-Run: 14,480,089,088 bytes free

652   --- E O F ---   2008-08-26 16:02:31
Title: Re: Help Please
Post by: evilfantasy on August 26, 2008, 12:52:35 PM
Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]
KillAll::

Folder::
C:\VundoFix Backups

File::
C:\WINDOWS\system32\36434.mht
C:\WINDOWS\system32\44d36.tmp
C:\WINDOWS\system32\d0335.sys
C:\WINDOWS\system32\drivers\wbkcgnqb.sys
C:\WINDOWS\system32\ddcYqOhE.dll.vir
C:\Temp\epr1
C:\933.bat
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript.gif)

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
Title: Re: Help Please
Post by: HelpMePlz on August 26, 2008, 01:25:53 PM
Wow, this is really starting to work, my computer is speeding up  ;D
K here is the next one ...

ComboFix 08-08-25.01 - Rebecca 2008-08-26 13:57:03.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.592 [GMT -5:00]
Running from: C:\Documents and Settings\Rebecca\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rebecca\Desktop\CFScript.txt
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\933.bat
C:\Temp\epr1
C:\WINDOWS\system32\36434.mht
C:\WINDOWS\system32\44d36.tmp
C:\WINDOWS\system32\d0335.sys
C:\WINDOWS\system32\ddcYqOhE.dll.vir
C:\WINDOWS\system32\drivers\wbkcgnqb.sys
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\933.bat
C:\VundoFix Backups
C:\WINDOWS\system32\36434.mht
C:\WINDOWS\system32\44d36.tmp
C:\WINDOWS\system32\d0335.sys
C:\WINDOWS\system32\ddcYqOhE.dll.vir
C:\WINDOWS\system32\drivers\wbkcgnqb.sys

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_d0335
-------\Service_d0335
-------\Service_syvn


(((((((((((((((((((((((((   Files Created from 2008-07-26 to 2008-08-26  )))))))))))))))))))))))))))))))
.

2008-08-26 04:28 . 2008-08-26 04:28   <DIR>   d--------   C:\Program Files\Trend Micro
2008-08-26 04:07 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-08-26 03:35 . 2008-08-26 03:35   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-08-26 03:35 . 2008-08-17 15:01   38,472   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 03:35 . 2008-08-17 15:01   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-08-25 23:06 . 2008-08-25 23:06   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2008-08-25 23:06 . 2008-08-25 23:06   <DIR>   d--------   C:\Documents and Settings\Rebecca\Application Data\SUPERAntiSpyware.com
2008-08-25 23:06 . 2008-08-25 23:06   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-25 22:46 . 2008-08-25 22:46   <DIR>   d--------   C:\WINDOWS\Speeditup Free
2008-08-25 22:46 . 2008-08-25 22:46   <DIR>   d--------   C:\Program Files\Speeditup Free
2008-08-25 13:19 . 2008-08-25 13:19   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-25 11:42 . 2008-08-25 12:53   <DIR>   d--------   C:\WINDOWS\system32\CatRoot_bak
2008-08-24 00:52 . 2008-08-24 00:55   <DIR>   d--------   C:\Documents and Settings\Rebecca\Application Data\SecondLife
2008-08-21 00:35 . 2008-08-25 22:25   <DIR>   d--------   C:\Program Files\Enigma Software Group
2008-08-20 18:52 . 2008-08-20 18:52   <DIR>   d--------   C:\Documents and Settings\Rebecca\Application Data\Malwarebytes
2008-08-20 18:52 . 2008-08-20 18:52   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-20 12:20 . 2008-08-20 12:21   <DIR>   d--------   C:\Program Files\Windows Live Safety Center
2008-08-20 11:49 . 2008-08-20 11:49   <DIR>   d--------   C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-20 11:27 . 2000-12-08 21:59   122,880   --a------   C:\WINDOWS\UnGins.exe
2008-08-20 00:19 . 2008-08-20 00:54   <DIR>   d----c---   C:\1Cleanup
2008-08-19 01:58 . 2008-08-19 01:58   <DIR>   d----c---   C:\2eb227843e394d64ce79fdad320ef0
2008-08-19 01:35 . 2008-08-19 01:35   2,335,270   --a------   C:\WINDOWS\system32\73d25A.mht
2008-08-18 23:10 . 2008-08-20 00:11   <DIR>   d--------   C:\Program Files\Panda Security
2008-08-18 13:23 . 2008-08-18 13:23   <DIR>   d--------   C:\Documents and Settings\Rebecca\Application Data\McAfee
2008-08-18 11:54 . 2008-08-18 13:13   <DIR>   d--------   C:\Program Files\a-squared Anti-Malware
2008-08-18 02:10 . 2008-08-18 02:10   <DIR>   d--------   C:\Temp\epr1
2008-08-13 11:07 . 2008-08-13 11:07   <DIR>   d--------   C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-12 14:01 . 2007-07-30 19:19   271,224   --a------   C:\WINDOWS\system32\mucltui.dll
2008-08-12 14:01 . 2007-07-30 19:19   207,736   --a------   C:\WINDOWS\system32\muweb.dll
2008-08-12 14:01 . 2007-07-30 19:19   30,072   --a------   C:\WINDOWS\system32\mucltui.dll.mui
2008-08-11 20:25 . 2008-08-11 20:25   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2008-08-11 20:25 . 2008-08-12 16:59   <DIR>   d--------   C:\Documents and Settings\Rebecca\Contacts
2008-08-11 20:17 . 2008-08-24 18:54   <DIR>   d--------   C:\Program Files\Windows Live
2008-08-11 20:17 . 2008-08-11 20:24   <DIR>   d--hsc---   C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-11 20:16 . 2008-08-11 20:16   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-08 12:35 . 2008-08-22 00:44   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-08-08 12:35 . 2008-08-08 12:35   1,409   --a------   C:\WINDOWS\QTFont.for
2008-08-06 21:37 . 2008-08-06 21:37   <DIR>   d--------   C:\Program Files\LucasArts
2008-08-06 21:21 . 2008-06-23 11:57   6,066,176   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-06 21:21 . 2007-04-17 04:32   2,455,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-06 21:21 . 2007-03-08 00:10   991,232   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-06 21:21 . 2008-06-23 11:57   459,264   -----c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-06 21:21 . 2008-06-23 11:57   383,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-06 21:21 . 2008-06-23 11:57   267,776   -----c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-06 21:21 . 2008-06-23 11:57   63,488   -----c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-06 21:21 . 2008-06-23 11:57   52,224   -----c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-06 21:21 . 2008-06-23 04:20   13,824   -----c---   C:\WINDOWS\system32\dllcache\ieudinit.exe

.
Title: Re: Help Please
Post by: HelpMePlz on August 26, 2008, 01:26:16 PM
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 09:21   ---------   d-----w   C:\Program Files\Java
2008-08-26 04:04   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-08-26 03:53   ---------   d-----w   C:\Program Files\CCleaner
2008-08-26 03:34   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-26 03:20   ---------   d-----w   C:\Documents and Settings\Rebecca\Application Data\Lavasoft
2008-08-26 03:14   ---------   d-----w   C:\Program Files\Spybot - Search & Destroy
2008-08-26 03:14   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-25 18:15   ---------   d--h--w   C:\Documents and Settings\All Users\Application Data\yahoo!
2008-08-25 18:15   ---------   d-----w   C:\Program Files\Yahoo!
2008-08-25 16:52   ---------   d--h--w   C:\Documents and Settings\Rebecca\Application Data\yahoo!
2008-08-20 18:01   ---------   d-----w   C:\Program Files\RegistryFix
2008-08-18 21:36   ---------   d-----w   C:\Documents and Settings\Rebecca\Application Data\Ahead
2008-08-18 18:38   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-08-18 18:36   ---------   d-----w   C:\Program Files\Canon
2008-08-18 18:25   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-18 01:36   ---------   d-----w   C:\Documents and Settings\Rebecca\Application Data\SiteAdvisor
2008-08-11 00:24   ---------   d-----w   C:\Program Files\McAfee
2008-08-10 05:58   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Zylom
2008-08-07 00:29   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-21 21:45   20   -c-h--w   C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-05-21 21:45   20   -c-h--w   C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2004-06-25 02:25   2,094   -c--a-w   C:\Program Files\V4Hardware_1.xml
2003-10-28 01:54   169   -c-ha-w   C:\Documents and Settings\Cliff\hpothb07.dat
2002-03-16 01:09   24   -c--a-w   C:\Documents and Settings\Cliff\18DF93B7.BIN
2004-10-22 01:19   56   -csh--r   C:\WINDOWS\system32\E2850458D2.sys
2005-04-07 01:34   1,786   -csha-w   C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-08-26_13.14.52.98   )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 01:02:28   163,328   ----a-w   C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"SpeedItUpEX"="C:\Program Files\Speeditup Free\SpeedItUp.exe" [2008-06-09 04:34 2275328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 03:51 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 03:50 204800]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-02-03 15:16 180269]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-07 23:42 176128]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 17:07 617984]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2006-10-02 14:09 35928]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 23:32 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-18 20:44 286720]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2002-01-09 22:53:14 200704]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-09-19 13:16:30 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-10-16 16:26:16 118784]
Photags AutoDetect.lnk - C:\Program Files\PhoTags Express\Photags AutoDetect.exe [2007-10-08 19:39:11 368640]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-01-22 14:21:00 815104]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.XVID"= xvid.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dllschannel.dlldigest.dllmsnss pc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
--a------ 2002-12-06 17:07 617984 C:\Program Files\ASUS\Probe\AsusProb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
--a--c--- 2004-02-24 21:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol]
--a--c--- 2005-01-10 10:35 73728 C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 19:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2003-12-22 08:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2004-05-04 19:51 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
--a--c--- 2001-08-23 07:00 44032 C:\WINDOWS\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 00:31 208952 C:\WINDOWS\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra--c--- 2001-07-09 04:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center]
--a--c--- 2004-11-15 12:49 98304 C:\PROGRA~1\PESTPA~1\PPControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck]
-----c--- 2003-04-19 07:53 148480 C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-18 20:44 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ResModify]
-r---c--- 2003-12-29 04:16 65536 C:\Program Files\USBToolbox\Res.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a--c--- 2003-07-30 11:08 143360 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-02-03 15:16 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a--c--- 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a--c--- 2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a--c--- 2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\McAfee\\MSC\\mcuimgr.exe"=

R0 gxc122b;gxc122b;C:\WINDOWS\system32\DRIVERS\gxc122b.sys [2004-03-12 23:41]
R0 gxc122p;gxc122p;C:\WINDOWS\system32\Drivers\gxc122p.sys [2004-03-12 23:41]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-29 00:59]
R3 rdsdrv;rdsdrv;C:\WINDOWS\system32\DRIVERS\rdsdrv.sys [2003-10-21 10:19]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 01:01]
S3 ASUSHWIO;ASUSHWIO;C:\WINDOWS\System32\drivers\ASUSHWIO.sys []
S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\Cliff\LOCALS~1\Temp\DMSKSSRh.sys []
S3 GearAspiWDM_BackUp;GEAR CDRom Filter;C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2003-08-25 10:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\dvdcheck.exe
\Shell\directx\command - DirectX9\dxsetup.exe
\Shell\setup\command - D:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-26 C:\WINDOWS\Tasks\AF2C5CCA9B8BCF3E.job
- c:\docume~1\rebecca\applic~1\plansi~1\winholdless.exe []

2008-08-24 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (CLIFF-HA8LIBYJX-Cliff).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe []

2008-08-15 C:\WINDOWS\Tasks\McDefragTask.job
- C:\WINDOWS\system32\defrag.exe [2004-08-04 02:56]

2008-07-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 14:06:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6172\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
C:\Program Files\Speeditup Free\Data\CheckUp.dat
.
**************************************************************************
.
Completion time: 2008-08-26 14:21:33 - machine was rebooted
ComboFix-quarantined-files.txt  2008-08-26 19:20:27
ComboFix2.txt  2008-08-26 18:16:19

Pre-Run: 14,430,019,584 bytes free
Post-Run: 14,349,611,008 bytes free

285   --- E O F ---   2008-08-26 16:02:31
Title: Re: Help Please
Post by: evilfantasy on August 26, 2008, 02:36:31 PM
(http://i154.photobucket.com/albums/s258/evilfantasy69/combofixu-1.jpg)

-
----------

Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your Desktop.

Alternate download link (http://majorgeeks.com/ATF_Cleaner_d4949.html)

Note: Vista users must use Run As Administrator (http://vistasupport.mvps.org/run_as_administrator.htm)
.
Note that your system will run slower for a reboot or two after having used this tool so don't panic.

Important: Restart the computer before continuing.

----------

Scan with Panda ActiveScan (http://www.pandasoftware.com/products/activescan.htm).Post the contents of the ActiveScan report in your next reply.[/list]
Title: Re: Help Please
Post by: HelpMePlz on August 26, 2008, 03:33:42 PM
Hello, I am up to the Kaspersky part but when I try to run that scan it says that I must have Java 1.5 or better installed for it to run, I click on the java website and that says that I have the latest version. Not sure what to do?
Becca
Title: Re: Help Please
Post by: evilfantasy on August 26, 2008, 03:45:13 PM
I edited the above post. Try the Panda ActiveScan instead.
Title: Re: Help Please
Post by: HelpMePlz on August 26, 2008, 05:40:15 PM
Ok the Panda kept giving me Errors but it did finally work.. Here are the results..
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-26 18:33:38
PROTECTIONS: 3
MALWARE: 57
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
Windows Defender                             1.1.1904.0                    No        Yes
McAfee Internet Security Suite 2007          8.1                           No        No
McAfee VirusScan Plus                        12.1                          No        No
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00041904  adware/sidesearch                  Adware              No        0         Yes            No           c:\documents and settings\rebecca\application data\lycos
00055522  Eicar.Mod                          Virus               No        0         No             No           C:\Program Files\PestPatrol\Help.chm[/HowCanITestDetection.html]
00139059  Cookie/Traffic Marketplace         TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\rebecca@trafficmp[2].txt.bak
00139059  Cookie/Traffic Marketplace         TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@trafficmp[2].txt.bak
00139060  Cookie/Casalemedia                 TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\rebecca@casalemedia[1].txt.bak
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@doubleclick[2].txt.bak
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\rebecca@doubleclick[1].txt.bak
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@doubleclick[1].txt.bak
00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\rebecca@atdmt[1].txt.bak
00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@atdmt[2].txt.bak
00145386  Cookie/XXXtoolbar                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\rebecca@xxxtoolbar[1].txt.bak
00145433  Cookie/Mammamediasolutions         TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\rebecca@targetnet[1].txt.bak
00145453  Cookie/Bfast                       TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@bfast[2].txt.bak
00145453  Cookie/Bfast                       TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@bfast[1].txt.bak
00145453  Cookie/Bfast                       TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\rebecca@bfast[1].txt.bak
00145454  Cookie/Centralmedia                TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\rebecca@centralmedia[1].txt.bak
00145457  Cookie/FastClick                   TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@fastclick[2].txt.bak
00145457  Cookie/FastClick                   TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\rebecca@fastclick[1].txt.bak
00145457  Cookie/FastClick                   TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@fastclick[1].txt.bak
00145466  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00145466  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00145466  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00145738  Cookie/Mediaplex                   TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\rebecca@mediaplex[1].txt.bak
00145738  Cookie/Mediaplex                   TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@mediaplex[2].txt.bak
00145738  Cookie/Mediaplex                   TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@mediaplex[1].txt.bak
00145770  Cookie/CentrPort                   TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@centrport[2].txt.bak
00145770  Cookie/CentrPort                   TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\rebecca@centrport[1].txt.bak
00145770  Cookie/CentrPort                   TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@centrport[1].txt.bak
00145792  Cookie/SexList                     TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@sexlist[1].txt.bak
00145792  Cookie/SexList                     TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@sexlist[2].txt.bak
00145807  Cookie/Linksynergy                 TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\rebecca@linksynergy[2].txt.bak
00145807  Cookie/Linksynergy                 TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@linksynergy[1].txt.bak
00145807  Cookie/Linksynergy                 TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@linksynergy[2].txt.bak
00145869  Cookie/SpyLog                      TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@spylog[2].txt.bak
00145869  Cookie/SpyLog                      TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\rebecca@spylog[1].txt.bak
00147403  application/iwon                   HackTools           No        0         Yes            No           HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA0B9B71-C2AF-11D3-B376-0800460222F0}
00147403  application/iwon                   HackTools           No        0         Yes            No           HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C298FB42-E3E2-11D3-ADCD-0050DAC24E8F}
00147403  application/iwon                   HackTools           No        0         Yes            No           hkey_classes_root\clsid\{58384780-211c-11d4-aeb7-0050dac24e8f}
00147403  application/iwon                   HackTools           No        0         Yes            No           hkey_classes_root\iwontoolbar.settingsplugin
00147403  application/iwon                   HackTools           No        0         Yes            No           HKEY_LOCAL_MACHINE\software\classes\CLSID\{58384780-211C-11d4-AEB7-0050DAC24E8F}
00147403  application/iwon                   HackTools           No        0         Yes            No           hkey_classes_root\iwontoolbar.settingsplugin.1
00147806  Cookie/7search                     TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\rebecca@7search[2].txt.bak
00159564  Cookie/WUpd                        TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@revenue[2].txt.bak
00167706  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00167706  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00167730  Cookie/Hitbox                      TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
Title: Re: Help Please
Post by: HelpMePlz on August 26, 2008, 05:41:03 PM
00167733  Cookie/Adserver                    TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00167759  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00167759  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00167760  Cookie/Hitslink                    TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00167761  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00167761  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00167762  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00167763  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00167763  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00167764  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00167764  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00167765  Cookie/Hitbox                      TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00167765  Cookie/Hitbox                      TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00167765  Cookie/Hitbox                      TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00167770  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00167770  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00167778  Cookie/Hitbox                      TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00167783  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00167783  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00167784  Cookie/Com.com                     TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00168057  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00168057  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00168058  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00168058  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@advertising[2].txt.bak
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\rebecca@advertising[1].txt.bak
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@advertising[1].txt.bak
00169286  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@sextracker[2].txt.bak
00169286  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@sextracker[1].txt.bak
00170556  Cookie/RealMedia                   TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@realmedia[1].txt.bak
00170556  Cookie/RealMedia                   TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\rebecca@realmedia[2].txt.bak
00173520  Cookie/Bluestreak                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\rebecca@bluestreak[2].txt.bak
00173520  Cookie/Bluestreak                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@bluestreak[2].txt.bak
00173520  Cookie/Bluestreak                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@bluestreak[1].txt.bak
00180153  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00180154  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00180154  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00180246  Cookie/XXXCounter                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@xxxcounter[2].txt.bak
00180246  Cookie/XXXCounter                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@xxxcounter[1].txt.bak
00182104  Cookie/Hitbox                      TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00182104  Cookie/Hitbox                      TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00199983  Cookie/Valueclick                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\cliff@valueclick[1].txt.bak
00199983  Cookie/Valueclick                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\rebecca@valueclick[1].txt.bak
00206571  Application/Altnet                 HackTools           No        0         Yes            No           C:\Program Files\Microsoft AntiSpyware\Quarantine\2F50ECB7-0972-4F5F-8117-DC41A7\4A679ACF-71B2-48FE-A2CF-A1B2AC
00206953  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00206953  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00242066  Application/MyWebSearch            HackTools           No        0         Yes            No           C:\Program Files\SpyHunter\Backup\F3POPSWT.DLL.bak
00251542  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00251542  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00286739  Cookie/Hitbox                      TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00286739  Cookie/Hitbox                      TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00286739  Cookie/Hitbox                      TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
00293517  Cookie/AdDynamix                   TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
00519333  Application/Processor              HackTools           No        0         Yes            No           C:\Documents and Settings\Rebecca\Desktop\VIRUS stuff\VirtumundoBeGone.exe
00527204  Application/PRScheduler            HackTools           No        0         Yes            No           C:\Program Files\PestPatrol\Quarantine\20041121124024781.zip[Documents and Settings/Cliff/Start Menu/Programs/Startup/PowerReg Scheduler V3.exe]
00816208  Adware/eZula                       Adware              No        0         Yes            No           C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\download\TheGrooveAlliance\3DGrooveXtrav18\Groove.x32
00959011  Adware/AzeSearch                   Adware              No        0         No             No           C:\Program Files\Microsoft AntiSpyware\Quarantine\2F50ECB7-0972-4F5F-8117-DC41A7\4A679ACF-71B2-48FE-A2CF-A1B2AC[mySetp.exe]
02261869  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][1].txt.bak
02261869  Cookie/Sextracker                  TrackingCookie      No        0         Yes            No           C:\Program Files\SpyHunter\Backup\[email protected][2].txt.bak
02402148  Application/Playmp3z               HackTools           No        0         Yes            No           C:\Documents and Settings\Rebecca\My Documents\My Music\Setup\Setup.exe
;===================================================================================================================================================================================
SUSPECTS
Sent      Location                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Y
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id        Severity   Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Y
;===================================================================================================================================================================================
  184380  MEDIUM     MS08-002                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   Y
  184379  MEDIUM     MS08-001                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   Y
  108744  MEDIUM     MS06-008                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   Y
  108742  MEDIUM     MS06-006                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   Y
;===================================================================================================================================================================================
Title: Re: Help Please
Post by: evilfantasy on August 26, 2008, 05:52:39 PM
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Now download The Avenger (http://swandog46.geekstogo.com/avenger.zip) by Swandog46 and save it to your Desktop.
Code: [Select]
Comment:

Files to delete:
C:\Documents and Settings\Rebecca\Desktop\VIRUS stuff\VirtumundoBeGone.exe
C:\Program Files\PestPatrol\Quarantine\20041121124024781.zip[Documents and Settings/Cliff/Start Menu/Programs/Startup/PowerReg Scheduler V3.exe]
C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\download\TheGrooveAlliance\3DGrooveXtrav18\Groove.x32
C:\Program Files\Microsoft AntiSpyware\Quarantine\2F50ECB7-0972-4F5F-8117-DC41A7\4A679ACF-71B2-48FE-A2CF-A1B2AC[mySetp.exe]
C:\Documents and Settings\Rebecca\My Documents\My Music\Setup\Setup.exe

Registry keys to delete:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA0B9B71-C2AF-11D3-B376-0800460222F0}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C298FB42-E3E2-11D3-ADCD-0050DAC24E8F}
hkey_classes_root\clsid\{58384780-211c-11d4-aeb7-0050dac24e8f}
hkey_classes_root\iwontoolbar.settingsplugin
HKEY_LOCAL_MACHINE\software\classes\CLSID\{58384780-211C-11d4-AEB7-0050DAC24E8F}
hkey_classes_root\iwontoolbar.settingsplugin.1
Title: Re: Help Please
Post by: HelpMePlz on August 26, 2008, 06:16:18 PM
Hi, I am getting an Error.. here is what it says...
Error: Invalid registry syntex in command
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CA0B9B71-C2AF-11D3-B376-0800460222FO}
only registry keys under the HKEY-LOCAL-MACHINE hive are accessible to this program. Skiping line (registry key deletion mode)
Title: Re: Help Please
Post by: evilfantasy on August 26, 2008, 06:22:23 PM
Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)

**Note:  It is important that it is saved directly to your Desktop

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]
KillAll::

File::
C:\Documents and Settings\Rebecca\Desktop\VIRUS stuff\VirtumundoBeGone.exe
C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\download\TheGrooveAlliance\3DGrooveXtrav18\Groove.x32
C:\Documents and Settings\Rebecca\My Documents\My Music\Setup\Setup.exe

Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA0B9B71-C2AF-11D3-B376-0800460222F0}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C298FB42-E3E2-11D3-ADCD-0050DAC24E8F}]
[-hkey_classes_root\clsid\{58384780-211c-11d4-aeb7-0050dac24e8f}]
[-hkey_classes_root\iwontoolbar.settingsplugin]
[-HKEY_LOCAL_MACHINE\software\classes\CLSID\{58384780-211C-11d4-AEB7-0050DAC24E8F}]
[-hkey_classes_root\iwontoolbar.settingsplugin.1]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript.gif)

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
Title: Re: Help Please
Post by: HelpMePlz on August 26, 2008, 07:22:54 PM
ComboFix 08-08-26.02 - Rebecca 2008-08-26 19:37:36.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.558 [GMT -5:00]
Running from: C:\Documents and Settings\Rebecca\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rebecca\Desktop\CFScript.txt
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Rebecca\Desktop\VIRUS stuff\VirtumundoBeGone.exe
C:\Documents and Settings\Rebecca\My Documents\My Music\Setup\Setup.exe
C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\download\TheGrooveAlliance\3DGrooveXtrav18\Groove.x32
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Rebecca\Desktop\VIRUS stuff\VirtumundoBeGone.exe
C:\Documents and Settings\Rebecca\My Documents\My Music\Setup\Setup.exe
C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\download\TheGrooveAlliance\3DGrooveXtrav18\Groove.x32

.
(((((((((((((((((((((((((   Files Created from 2008-07-27 to 2008-08-27  )))))))))))))))))))))))))))))))
.

2008-08-26 17:04 . 2008-06-19 17:24   28,544   --a------   C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-26 04:28 . 2008-08-26 04:28   <DIR>   d--------   C:\Program Files\Trend Micro
2008-08-26 04:07 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-08-26 03:35 . 2008-08-26 03:35   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-08-26 03:35 . 2008-08-17 15:01   38,472   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 03:35 . 2008-08-17 15:01   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-08-25 23:06 . 2008-08-25 23:06   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2008-08-25 23:06 . 2008-08-25 23:06   <DIR>   d--------   C:\Documents and Settings\Rebecca\Application Data\SUPERAntiSpyware.com
2008-08-25 23:06 . 2008-08-25 23:06   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-25 22:46 . 2008-08-25 22:46   <DIR>   d--------   C:\WINDOWS\Speeditup Free
2008-08-25 22:46 . 2008-08-25 22:46   <DIR>   d--------   C:\Program Files\Speeditup Free
2008-08-25 13:19 . 2008-08-25 13:19   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-25 11:42 . 2008-08-25 12:53   <DIR>   d--------   C:\WINDOWS\system32\CatRoot_bak
2008-08-24 00:52 . 2008-08-24 00:55   <DIR>   d--------   C:\Documents and Settings\Rebecca\Application Data\SecondLife
2008-08-21 00:35 . 2008-08-25 22:25   <DIR>   d--------   C:\Program Files\Enigma Software Group
2008-08-20 18:52 . 2008-08-20 18:52   <DIR>   d--------   C:\Documents and Settings\Rebecca\Application Data\Malwarebytes
2008-08-20 18:52 . 2008-08-20 18:52   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-20 12:20 . 2008-08-20 12:21   <DIR>   d--------   C:\Program Files\Windows Live Safety Center
2008-08-20 11:49 . 2008-08-20 11:49   <DIR>   d--------   C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-20 11:27 . 2000-12-08 21:59   122,880   --a------   C:\WINDOWS\UnGins.exe
2008-08-20 00:19 . 2008-08-20 00:54   <DIR>   d----c---   C:\1Cleanup
2008-08-19 01:58 . 2008-08-19 01:58   <DIR>   d----c---   C:\2eb227843e394d64ce79fdad320ef0
2008-08-19 01:35 . 2008-08-19 01:35   2,335,270   --a------   C:\WINDOWS\system32\73d25A.mht
2008-08-18 23:10 . 2008-08-26 17:03   <DIR>   d--------   C:\Program Files\Panda Security
2008-08-18 13:23 . 2008-08-18 13:23   <DIR>   d--------   C:\Documents and Settings\Rebecca\Application Data\McAfee
2008-08-18 11:54 . 2008-08-18 13:13   <DIR>   d--------   C:\Program Files\a-squared Anti-Malware
2008-08-18 02:10 . 2008-08-18 02:10   <DIR>   d--------   C:\Temp\epr1
2008-08-13 11:07 . 2008-08-13 11:07   <DIR>   d--------   C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-12 14:01 . 2007-07-30 19:19   271,224   --a------   C:\WINDOWS\system32\mucltui.dll
2008-08-12 14:01 . 2007-07-30 19:19   207,736   --a------   C:\WINDOWS\system32\muweb.dll
2008-08-12 14:01 . 2007-07-30 19:19   30,072   --a------   C:\WINDOWS\system32\mucltui.dll.mui
2008-08-11 20:25 . 2008-08-11 20:25   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2008-08-11 20:25 . 2008-08-12 16:59   <DIR>   d--------   C:\Documents and Settings\Rebecca\Contacts
2008-08-11 20:17 . 2008-08-24 18:54   <DIR>   d--------   C:\Program Files\Windows Live
2008-08-11 20:17 . 2008-08-11 20:24   <DIR>   d--hsc---   C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-11 20:16 . 2008-08-11 20:16   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-08 12:35 . 2008-08-22 00:44   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-08-08 12:35 . 2008-08-08 12:35   1,409   --a------   C:\WINDOWS\QTFont.for
2008-08-06 21:37 . 2008-08-06 21:37   <DIR>   d--------   C:\Program Files\LucasArts
2008-08-06 21:21 . 2008-06-23 11:57   6,066,176   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-06 21:21 . 2007-04-17 04:32   2,455,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-06 21:21 . 2007-03-08 00:10   991,232   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-06 21:21 . 2008-06-23 11:57   459,264   -----c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-06 21:21 . 2008-06-23 11:57   383,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-06 21:21 . 2008-06-23 11:57   267,776   -----c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-06 21:21 . 2008-06-23 11:57   63,488   -----c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-06 21:21 . 2008-06-23 11:57   52,224   -----c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-06 21:21 . 2008-06-23 04:20   13,824   -----c---   C:\WINDOWS\system32\dllcache\ieudinit.exe

Title: Re: Help Please
Post by: HelpMePlz on August 26, 2008, 07:23:22 PM
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 09:21   ---------   d-----w   C:\Program Files\Java
2008-08-26 04:04   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-08-26 03:53   ---------   d-----w   C:\Program Files\CCleaner
2008-08-26 03:34   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-26 03:20   ---------   d-----w   C:\Documents and Settings\Rebecca\Application Data\Lavasoft
2008-08-26 03:14   ---------   d-----w   C:\Program Files\Spybot - Search & Destroy
2008-08-26 03:14   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-25 18:15   ---------   d--h--w   C:\Documents and Settings\All Users\Application Data\yahoo!
2008-08-25 18:15   ---------   d-----w   C:\Program Files\Yahoo!
2008-08-25 16:52   ---------   d--h--w   C:\Documents and Settings\Rebecca\Application Data\yahoo!
2008-08-20 18:01   ---------   d-----w   C:\Program Files\RegistryFix
2008-08-18 21:36   ---------   d-----w   C:\Documents and Settings\Rebecca\Application Data\Ahead
2008-08-18 18:38   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-08-18 18:36   ---------   d-----w   C:\Program Files\Canon
2008-08-18 18:25   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-18 01:36   ---------   d-----w   C:\Documents and Settings\Rebecca\Application Data\SiteAdvisor
2008-08-11 00:24   ---------   d-----w   C:\Program Files\McAfee
2008-08-10 05:58   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Zylom
2008-08-07 00:29   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-21 21:45   20   -c-h--w   C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-05-21 21:45   20   -c-h--w   C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2004-06-25 02:25   2,094   -c--a-w   C:\Program Files\V4Hardware_1.xml
2003-10-28 01:54   169   -c-ha-w   C:\Documents and Settings\Cliff\hpothb07.dat
2002-03-16 01:09   24   -c--a-w   C:\Documents and Settings\Cliff\18DF93B7.BIN
2004-10-22 01:19   56   -csh--r   C:\WINDOWS\system32\E2850458D2.sys
2005-04-07 01:34   1,786   -csha-w   C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"SpeedItUpEX"="C:\Program Files\Speeditup Free\SpeedItUp.exe" [2008-06-09 04:34 2275328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 03:51 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 03:50 204800]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-02-03 15:16 180269]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-07 23:42 176128]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 17:07 617984]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2006-10-02 14:09 35928]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 23:32 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-18 20:44 286720]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2002-01-09 22:53:14 200704]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-09-19 13:16:30 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-10-16 16:26:16 118784]
Photags AutoDetect.lnk - C:\Program Files\PhoTags Express\Photags AutoDetect.exe [2007-10-08 19:39:11 368640]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-01-22 14:21:00 815104]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.XVID"= xvid.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dllschannel.dlldigest.dllmsnss pc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
--a------ 2002-12-06 17:07 617984 C:\Program Files\ASUS\Probe\AsusProb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
--a--c--- 2004-02-24 21:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol]
--a--c--- 2005-01-10 10:35 73728 C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 19:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2003-12-22 08:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2004-05-04 19:51 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
--a--c--- 2001-08-23 07:00 44032 C:\WINDOWS\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 00:31 208952 C:\WINDOWS\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra--c--- 2001-07-09 04:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center]
--a--c--- 2004-11-15 12:49 98304 C:\PROGRA~1\PESTPA~1\PPControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck]
-----c--- 2003-04-19 07:53 148480 C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-18 20:44 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ResModify]
-r---c--- 2003-12-29 04:16 65536 C:\Program Files\USBToolbox\Res.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a--c--- 2003-07-30 11:08 143360 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-02-03 15:16 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a--c--- 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a--c--- 2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a--c--- 2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\McAfee\\MSC\\mcuimgr.exe"=

R0 gxc122b;gxc122b;C:\WINDOWS\system32\DRIVERS\gxc122b.sys [2004-03-12 23:41]
R0 gxc122p;gxc122p;C:\WINDOWS\system32\Drivers\gxc122p.sys [2004-03-12 23:41]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-29 00:59]
R3 rdsdrv;rdsdrv;C:\WINDOWS\system32\DRIVERS\rdsdrv.sys [2003-10-21 10:19]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 01:01]
S3 ASUSHWIO;ASUSHWIO;C:\WINDOWS\System32\drivers\ASUSHWIO.sys []
S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\Cliff\LOCALS~1\Temp\DMSKSSRh.sys []
S3 GearAspiWDM_BackUp;GEAR CDRom Filter;C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2003-08-25 10:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\dvdcheck.exe
\Shell\directx\command - DirectX9\dxsetup.exe
\Shell\setup\command - D:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-27 C:\WINDOWS\Tasks\AF2C5CCA9B8BCF3E.job
- c:\docume~1\rebecca\applic~1\plansi~1\winholdless.exe []

2008-08-24 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (CLIFF-HA8LIBYJX-Cliff).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe []

2008-08-15 C:\WINDOWS\Tasks\McDefragTask.job
- C:\WINDOWS\system32\defrag.exe [2004-08-04 02:56]

2008-07-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 19:59:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Speeditup Free\Data\CheckUp.dat
C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
.
**************************************************************************
.
Completion time: 2008-08-26 20:14:37 - machine was rebooted [Rebecca]
ComboFix-quarantined-files.txt  2008-08-27 01:13:28
ComboFix2.txt  2008-08-26 19:21:34

Pre-Run: 19,201,478,656 bytes free
Post-Run: 19,236,388,864 bytes free

271   --- E O F ---   2008-08-26 16:02:31
Title: Re: Help Please
Post by: evilfantasy on August 26, 2008, 07:27:48 PM
*Fingers crossed....How is everything now?
Title: Re: Help Please
Post by: HelpMePlz on August 26, 2008, 07:50:26 PM
Thank you so so much, I am bowing to you :) It seems to be working great now!!
Becca
Title: Re: Help Please
Post by: evilfantasy on August 26, 2008, 07:57:48 PM
Took a while but we got it done. Good job!! (http://bestsmileys.com/thumbs/7.gif)

If you have any questions just let me know.

Run ATF Cleaner.

Download OTCleanIt.exe (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to your Desktop.
.
----------

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html) or Windows Vista System Restore Guide  (http://www.bleepingcomputer.com/tutorials/tutorial143.html)
.
----------

Use the  Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
.
----------

Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.

----------

To prevent unknown applications from being installed on your computer install WinPatrol 2008 (http://www.winpatrol.com/winpatrol.html)
*  Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

I suggest using SiteAdvisor (http://www.siteadvisor.com/). SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.

 SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
*  (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)

Check out  Keeping Yourself Safe On The Web (http://evilspages.blogspot.com/2008/05/keeping-yourself-safe-on-web.html) for tips and free tools to help keep you safe in the future.

Also see  Slow Computer? It May Not Be Malware (http://evilspages.blogspot.com/2008/05/slow-computer-it-may-not-be-malware.html) for free cleaning/maintenance tools to help keep your computer running smooth.



Safe surfing.....(http://bestsmileys.com/waving/3.gif)