Tech Support Forum - View Single Post - Help! Stubborn Antispyware Soldier Infection

sakurasan · 10-07-2006, 06:36 PM

Owner - 06-10-07 10:21:55.93 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Owner\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-07 to 2006-10-07 ))))))))))))))))))))))))))))))))))

2006-10-05 14:59 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-10-05 14:59 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-05 14:59 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-10-05 14:59 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-10-03 17:34 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-07 10:21 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-03 19:25 -------- d-------- C:\Program Files\WinZip
2006-10-03 19:25 -------- d-------- C:\Program Files\Windows Defender
2006-10-03 19:24 -------- d-------- C:\Program Files\Webshots
2006-10-03 19:21 -------- d-------- C:\Program Files\QuickTime
2006-10-03 19:17 -------- d-------- C:\Program Files\Multimedia Card Reader
2006-10-03 19:17 -------- d-------- C:\Program Files\MSN Messenger
2006-10-03 19:16 -------- d-------- C:\Program Files\Motorola Phone Tools
2006-10-03 19:14 -------- d-------- C:\Program Files\Messenger
2006-10-03 19:13 -------- d-------- C:\Program Files\iTunes
2006-10-03 19:12 -------- d-------- C:\Program Files\Internet Explorer
2006-10-03 19:07 -------- d-------- C:\Program Files\eFax Messenger 4.2
2006-10-03 17:34 -------- d-------- C:\Program Files\Grisoft
2006-10-01 20:17 -------- d-------- C:\Program Files\Easy Internet signup
2006-10-01 19:15 -------- d-------- C:\Program Files\XoftSpy
2006-10-01 16:52 -------- d-------- C:\Program Files\Enigma Software Group
2006-09-25 18:29 -------- d-------- C:\Program Files\FlashFXP
2006-09-24 11:49 -------- d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2006-09-23 13:46 -------- d-------- C:\Documents and Settings\Owner\Application Data\eFax Messenger
2006-08-21 06:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 03:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 03:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-17 11:09 -------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2006-07-27 07:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 02:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-12 09:50 1319 --a------ C:\Documents and Settings\Owner\Application Data\AdobeDLM.log

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\backupnotify.exe"
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"RealPlayer"="\"C:\\Program Files\\Real\\RealOne Player\\realplay.exe\" /RunUPGToolCommandReBoot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"CamMonitor"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\\\Unload\\hpqcmon.exe"
"HPHUPD05"="c:\\Program Files\\Hewlett-Packard\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"AutoTKit"="C:\\hp\\bin\\AUTOTKIT.EXE"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"Sunkist2k"="C:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"AlcxMonitor"="ALCXMNTR.EXE"
"QuickFinder Scheduler"="\"c:\\Program Files\\WordPerfect Office 11\\Programs\\QFSCHD110.EXE\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_01\\bin\\jusched.exe"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"StorageGuard"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"SideWinderTrayV4"="C:\\PROGRA~1\\MI948F~1\\GAMECO~1\\Common\\SWTrayV4.exe"
"/AutoLaunch"="C:\\Program Files\\PHILIPS\\PSADMM\\DMM\\bin\\AutoLaunch.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\McAgent.exe"
"eFax 4.2"="\"C:\\Program Files\\eFax Messenger 4.2\\J2GDllCmd.exe\" /R"
"SpyHunter"="C:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonceex]
@=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLLaunch"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1142815478\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mm_tray"
"hkey"="HKLM"
"command"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RealPlayer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realplay"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Real\\RealOne Player\\realplay.exe\" /RunUPGToolCommandReBoot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061004-175852-286
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20061004-175852-891
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20061004-175640-579
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20061004-175640-496
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20061004-174958-569
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
backup-20061004-174958-746
R3 - Default URLSearchHook is missing
backup-20061004-174958-932
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
backup-20061004-174958-840
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
backup-20061004-174958-836
O4 - HKLM\..\Run: [XHGWFKUF] c:\windows\system32\xhgwfkuf.exe /install
backup-20061004-174958-757
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20061004-174958-537
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20060826-085456-585
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
backup-20060826-085456-180
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
backup-20060826-085456-257
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
backup-20060826-085456-532
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
backup-20060826-085456-175
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
backup-20060826-085456-957
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
backup-20060826-085456-345
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
backup-20060826-085456-341
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
backup-20060826-085456-540
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
backup-20060826-085456-252
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
backup-20060826-085456-209
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
backup-20060826-085456-202
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
backup-20060826-085456-262
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
backup-20060826-085456-437
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Sat 10/07/2006 10:22:17.79
ComboFix.txt

10-07-2006, 06:36 PM	#15 (permalink)
sakurasan Registered User Join Date: Oct 2006 Posts: 12 OS: winxp	combofix log Owner - 06-10-07 10:21:55.93 Service Pack 2 ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Owner\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-09-07 to 2006-10-07 )))))))))))))))))))))))))))))))))) 2006-10-05 14:59 53,248 --a------ C:\WINDOWS\system32\Process.exe 2006-10-05 14:59 40,960 --a------ C:\WINDOWS\system32\swsc.exe 2006-10-05 14:59 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2006-10-05 14:59 135,168 --a------ C:\WINDOWS\system32\swreg.exe 2006-10-03 17:34 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-07 10:21 -------- d-------- C:\Program Files\Mozilla Firefox 2006-10-03 19:25 -------- d-------- C:\Program Files\WinZip 2006-10-03 19:25 -------- d-------- C:\Program Files\Windows Defender 2006-10-03 19:24 -------- d-------- C:\Program Files\Webshots 2006-10-03 19:21 -------- d-------- C:\Program Files\QuickTime 2006-10-03 19:17 -------- d-------- C:\Program Files\Multimedia Card Reader 2006-10-03 19:17 -------- d-------- C:\Program Files\MSN Messenger 2006-10-03 19:16 -------- d-------- C:\Program Files\Motorola Phone Tools 2006-10-03 19:14 -------- d-------- C:\Program Files\Messenger 2006-10-03 19:13 -------- d-------- C:\Program Files\iTunes 2006-10-03 19:12 -------- d-------- C:\Program Files\Internet Explorer 2006-10-03 19:07 -------- d-------- C:\Program Files\eFax Messenger 4.2 2006-10-03 17:34 -------- d-------- C:\Program Files\Grisoft 2006-10-01 20:17 -------- d-------- C:\Program Files\Easy Internet signup 2006-10-01 19:15 -------- d-------- C:\Program Files\XoftSpy 2006-10-01 16:52 -------- d-------- C:\Program Files\Enigma Software Group 2006-09-25 18:29 -------- d-------- C:\Program Files\FlashFXP 2006-09-24 11:49 -------- d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer 2006-09-23 13:46 -------- d-------- C:\Documents and Settings\Owner\Application Data\eFax Messenger 2006-08-21 06:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 03:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 03:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-17 11:09 -------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM 2006-07-27 07:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 02:24 72704 --a------ C:\WINDOWS\system32\hlink.dll 2006-07-12 09:50 1319 --a------ C:\Documents and Settings\Owner\Application Data\AdobeDLM.log (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BackupNotify"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\backupnotify.exe" "NVIEW"="rundll32.exe nview.dll,nViewLoadHook" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\"" "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" "RealPlayer"="\"C:\\Program Files\\Real\\RealOne Player\\realplay.exe\" /RunUPGToolCommandReBoot" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe" "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe" "CamMonitor"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\\\Unload\\hpqcmon.exe" "HPHUPD05"="c:\\Program Files\\Hewlett-Packard\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe" "HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe" "KBD"="C:\\HP\\KBD\\KBD.EXE" "AutoTKit"="C:\\hp\\bin\\AUTOTKIT.EXE" "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /installquiet /keeploaded /nodetect" "Sunkist2k"="C:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe" "PS2"="C:\\WINDOWS\\system32\\ps2.exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "AlcxMonitor"="ALCXMNTR.EXE" "QuickFinder Scheduler"="\"c:\\Program Files\\WordPerfect Office 11\\Programs\\QFSCHD110.EXE\"" "SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_01\\bin\\jusched.exe" "HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\"" "iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "StorageGuard"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r" "SideWinderTrayV4"="C:\\PROGRA~1\\MI948F~1\\GAMECO~1\\Common\\SWTrayV4.exe" "/AutoLaunch"="C:\\Program Files\\PHILIPS\\PSADMM\\DMM\\bin\\AutoLaunch.exe" "MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe" "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\McAgent.exe" "eFax 4.2"="\"C:\\Program Files\\eFax Messenger 4.2\\J2GDllCmd.exe\" /R" "SpyHunter"="C:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter.exe" "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonceex] @="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000000 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Aim6] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLLaunch" "hkey"="HKCU" "command"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HostManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLSoftware" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\AOL\\1142815478\\ee\\AOLSoftware.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mmtask] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mmtask" "hkey"="HKLM" "command"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MMTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mm_tray" "hkey"="HKLM" "command"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MsnMsgr" "hkey"="HKCU" "command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RealPlayer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realplay" "hkey"="HKCU" "command"="\"C:\\Program Files\\Real\\RealOne Player\\realplay.exe\" /RunUPGToolCommandReBoot" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Yahoo! Pager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ypager" "hkey"="HKCU" "command"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet" "inimapping"="0" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20061004-175852-286 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = backup-20061004-175852-891 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = backup-20061004-175640-579 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = backup-20061004-175640-496 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = backup-20061004-174958-569 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) backup-20061004-174958-746 R3 - Default URLSearchHook is missing backup-20061004-174958-932 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = backup-20061004-174958-840 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank backup-20061004-174958-836 O4 - HKLM\..\Run: [XHGWFKUF] c:\windows\system32\xhgwfkuf.exe /install backup-20061004-174958-757 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = backup-20061004-174958-537 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = backup-20060826-085456-585 O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe backup-20060826-085456-180 O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab backup-20060826-085456-257 O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe backup-20060826-085456-532 O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe backup-20060826-085456-175 O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe backup-20060826-085456-957 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab backup-20060826-085456-345 O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll backup-20060826-085456-341 O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe backup-20060826-085456-540 O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe backup-20060826-085456-252 O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe backup-20060826-085456-209 O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe backup-20060826-085456-202 O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe backup-20060826-085456-262 O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask backup-20060826-085456-437 O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\Symantec NetDetect.job Completion time: Sat 10/07/2006 10:22:17.79 ComboFix.txt