Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Spyware
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 2 of 3 1 2 3
 
LinkBack Thread Tools
Old 11-26-2006, 10:45 AM   #21 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,480
OS: 2000 Pro; XP Pro; XP Home


Please download the Suspicious File Packer http://www.safer-networking.org/files/sfp.zip

Unzip it to the desktop and run it.
Paste the following list of files into the Suspicious File Packer window:
C:\sUBs\Cfiles.txt
C:\sUBs\Cfolders.txt
C:\sUBs\d-delA
C:\sUBs\d-delB
C:\sUBs\d-delAA
C:\sUBs\d-delBB
C:\sUBs\d-del2A
C:\sUBs\d-del2B
C:\sUBs\srvhost2.txt
C:\sUBs\srvhost.txt
C:\sUBs\drev
Allow SFP to pack the files. This will generate a CAB archive on your desktop.
Please submit it to this site http://www.bleepingcomputer.com/subm....php?channel=4
Please include a link to this topic in the message.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 11-26-2006, 11:01 AM   #22 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,480
OS: 2000 Pro; XP Pro; XP Home


Once you've performed the last instructions, please do this:

Delete C:\sUBs


* IMPORTANT !!! Be sure ComboFix is on your Desktop.


Go to Start -> Run and then paste in this single line command & click OK
"%userprofile%\desktop\combofix.exe" /v winwea32 ssqpp cmhditn vorenbj uxliwckt
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



When finished, it shall produce a log for you. Post that log in your next reply with a new HJT log

If you have any questions, feel free to ask.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-26-2006, 12:37 PM   #23 (permalink)
Registered User
 
Join Date: Aug 2006
Posts: 32
OS: XP home edition


Tetonbob i have run Combofix 5 times now and everytime it starts to show its findings the box disappears and leaves my desktop blank


How and where do i find the log for this?
bigbhoy77 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-26-2006, 01:03 PM   #24 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,480
OS: 2000 Pro; XP Pro; XP Home


Ok, let's take a step back, please....

First, is your desktop blank now? If so, run ComboFix once again, only this time enter N instead of Y at the first prompt.

Let me know where you stand.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-26-2006, 01:15 PM   #25 (permalink)
Registered User
 
Join Date: Aug 2006
Posts: 32
OS: XP home edition


Quote:
Originally Posted by tetonbob View Post
Ok, let's take a step back, please....

First, is your desktop blank now? If so, run ComboFix once again, only this time enter N instead of Y at the first prompt.

Let me know where you stand.
desktop is back to normal now i have to switch computer off and restart to get it back to normal
bigbhoy77 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-26-2006, 01:18 PM   #26 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,480
OS: 2000 Pro; XP Pro; XP Home


OK, you shouldn't have to do it that way....but as long as it's stable we can proceed with the cleansing.

Don't fret, as I have many options available.

Please search for and Delete C:\sUBs if it exists.

Please delete your current version of combofix.

Next, please do this:


Download this file from one of these locations:

http://download.bleepingcomputer.com/sUBs/combofix.exe

http://www.techsupportforum.com/sectools/combofix.exe


* IMPORTANT !!! Place it on your Desktop.


Go to Start -> Run and then paste in this single line command & click OK
"%userprofile%\desktop\combofix.exe" /v winwea32 ssqpp cmhditn vorenbj uxliwckt
When finished, it shall produce a log for you. Post that log in your next reply with a new HJT log

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-26-2006, 01:43 PM   #27 (permalink)
Registered User
 
Join Date: Aug 2006
Posts: 32
OS: XP home edition


Got it now

David - 06-11-26 20:33:35.98 Service Pack 2
ComboFix 06.11.26 - Running from: "C:\Documents and Settings\David\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-26 to 2006-11-26 ))))))))))))))))))))))))))))))))))


2006-11-26 15:07 756,893 ---hs---- C:\WINDOWS\system32\ppqss.ini2
2006-11-26 14:06 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-11-26 12:05 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-26 12:05 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-26 12:05 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-26 12:05 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-26 12:05 1,096 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-26 12:03 756,885 ---hs---- C:\WINDOWS\system32\ppqss.bak2
2006-11-26 11:01 <DIR> d-------- C:\Program Files\CleanUp!
2006-11-25 13:23 756,142 ---hs---- C:\WINDOWS\system32\ppqss.bak1
2006-11-25 13:23 38,420 --a------ C:\WINDOWS\system32\uxliwckt.dll
2006-11-25 13:22 708,660 ---hs---- C:\WINDOWS\system32\ssqpp.dll
2006-11-25 13:17 71,168 --a------ C:\WINDOWS\system32\drvloz.dll
2006-11-25 13:17 40,973 ---hs---- C:\WINDOWS\system32\wvusqqr.dll
2006-11-25 00:56 <DIR> d-------- C:\WINDOWS\WBEM
2006-11-25 00:56 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-11-25 00:55 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-11-25 00:53 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-25 00:52 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-24 18:08 <DIR> d-------- C:\highjackthis
2006-11-24 16:04 <DIR> d-------- C:\Program Files\Trend Micro
2006-11-23 22:34 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-23 21:53 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-11-23 21:53 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2006-11-23 21:53 <DIR> d-------- C:\Program Files\Spyware Doctor
2006-11-23 21:53 <DIR> d-------- C:\Documents and Settings\David\Application Data\PC Tools
2006-11-23 19:37 93,696 --a------ C:\WINDOWS\system32\vvdkkpe.dll
2006-11-23 19:37 71,680 --a------ C:\WINDOWS\system32\vorenbj.dll
2006-11-23 19:36 17,408 --a------ C:\WINDOWS\system32\winwea32.dll
2006-11-22 09:52 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-11-20 19:07 <DIR> d-------- C:\Program Files\XP Repair Pro
2006-11-20 00:38 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-20 00:38 <DIR> d-------- C:\5fa6a0c440ee954334c91b93cfffadf5
2006-11-11 19:56 <DIR> d-------- C:\Program Files\DkZ Studio
2006-11-08 17:34 9,060 --a------ C:\WINDOWS\system32\drivers\MUsbFltr.sys
2006-11-08 17:34 8,963 --a------ C:\WINDOWS\system32\drivers\UsbFltr.sys
2006-11-08 17:34 8,448 --a------ C:\WINDOWS\system32\drivers\moufiltr.sys
2006-11-08 17:34 57,344 --------- C:\WINDOWS\system32\HKLock.dll
2006-11-08 17:34 57,344 --------- C:\WINDOWS\HKLock.dll
2006-11-08 17:34 11,776 --a------ C:\WINDOWS\system32\drivers\kbfilter.sys
2006-11-08 17:34 <DIR> d-------- C:\Program Files\Labtec Wireless Desktop
2006-11-08 17:29 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-11-08 17:28 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-11-08 17:28 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2006-11-07 21:03 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 18:33 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2006-11-07 18:33 32,768 --a------ C:\WINDOWS\system32\BCGPOleAcc.dll
2006-11-07 18:33 2,605,056 --a------ C:\WINDOWS\system32\BCGCBPRO800u.dll
2006-11-07 18:33 2,600,960 --a------ C:\WINDOWS\system32\BCGCBPRO800.dll
2006-11-07 18:33 <DIR> d-------- C:\Program Files\Common Files\Ahead
2006-11-07 03:26 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-05 00:18 737,280 --a------ C:\WINDOWS\iun6002.exe
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-04 12:45 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-11-04 12:45 36,224 --a------ C:\WINDOWS\system32\drivers\hidclass.sys
2006-11-04 12:45 24,960 --a------ C:\WINDOWS\system32\drivers\hidparse.sys
2006-11-04 10:10 <DIR> dr-h----- C:\Documents and Settings\David\Recent
2006-11-02 21:53 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-11-02 18:47 720,896 --a------ C:\WINDOWS\iun6002ev.exe
2006-11-02 18:47 <DIR> d-------- C:\Program Files\Full Speed
2006-11-01 20:01 <DIR> d-------- C:\Program Files\Winamp
2006-10-31 22:37 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2006-10-30 12:13 110,612 --a------ C:\WINDOWS\system32\ejqbbdey.exe
2006-10-30 12:13 <DIR> d-------- C:\Program Files\VSAdd-in
2006-10-30 09:11 652,080 --ahs---- C:\WINDOWS\system32\kjllm.ini2
2006-10-28 16:13 <DIR> d-------- C:\Documents and Settings\David Wales\Application Data\Talkback
2006-10-28 16:13 <DIR> d-------- C:\Documents and Settings\David Wales\Application Data\Mozilla
2006-10-28 16:12 <DIR> d-------- C:\Program Files\Mozilla Firefox
2006-10-28 13:46 <DIR> d-------- C:\Program Files\Gogglebox TV


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-26 20:30 -------- d-------- C:\Program Files\Common Files
2006-11-26 17:58 -------- d-------- C:\Program Files\WinRAR
2006-11-26 16:19 -------- d-------- C:\Program Files\MSN Messenger
2006-11-26 14:59 -------- d-------- C:\Program Files\Windows Media Player
2006-11-26 14:57 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-26 14:50 -------- d-------- C:\Program Files\Messenger
2006-11-26 14:50 -------- d-------- C:\Program Files\Lexmark X1100 Series
2006-11-26 14:42 -------- d-------- C:\Program Files\Internet Explorer
2006-11-26 14:41 -------- d-------- C:\Program Files\Google
2006-11-26 14:39 -------- d-------- C:\Program Files\Common Files\AOL
2006-11-26 14:35 -------- d-------- C:\Program Files\AOL 9.0
2006-11-26 13:56 -------- d---s---- C:\Documents and Settings\David\Application Data\Microsoft
2006-11-24 16:00 -------- d-------- C:\Documents and Settings\David\Application Data\uTorrent
2006-11-23 22:34 -------- d-------- C:\Program Files\Grisoft
2006-11-23 21:42 -------- d-------- C:\Program Files\VSToolbar
2006-11-23 21:00 -------- d-------- C:\Program Files\XoftSpy
2006-11-22 09:53 -------- d-------- C:\Program Files\VoyagerTest
2006-11-22 09:52 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-11-22 09:51 -------- d-------- C:\Program Files\BT Voyager 105 ADSL Modem
2006-11-21 23:27 -------- d-------- C:\Documents and Settings\David\Application Data\AdobeUM
2006-11-14 20:52 -------- d-------- C:\Program Files\XBCD
2006-11-11 19:56 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-08 17:34 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 19:08 -------- d-------- C:\Program Files\KONAMI
2006-11-07 18:33 -------- d-------- C:\Program Files\Nero
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-05 14:28 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2006-11-05 14:28 -------- d-------- C:\Program Files\PPLive
2006-11-04 10:01 -------- d-------- C:\Program Files\Skills For Success
2006-10-30 20:59 649396 --ahs---- C:\WINDOWS\system32\kjllm.bak2
2006-10-27 23:08 -------- d-------- C:\Documents and Settings\David Wales\Application Data\ppStream
2006-10-24 21:27 -------- d-------- C:\Program Files\Evidence Eliminator
2006-10-21 22:00 -------- d-------- C:\Program Files\PPMate
2006-10-21 10:42 -------- d-------- C:\Program Files\Common Files\SWF Studio
2006-10-21 10:41 -------- d-------- C:\Program Files\Riva
2006-10-19 21:48 -------- d-------- C:\Program Files\dvdSanta
2006-10-19 21:26 -------- d-------- C:\Program Files\Magic Burning Studio
2006-10-19 19:44 -------- d-------- C:\Documents and Settings\David\Application Data\SearchToolbarCorp
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-16 16:51 -------- d-------- C:\Program Files\McAfee.com
2006-10-16 16:50 -------- d-------- C:\Program Files\McAfee
2006-10-15 21:05 -------- d-------- C:\Program Files\Common Files\McAfee
2006-10-15 20:59 -------- d-------- C:\Documents and Settings\David\Application Data\Lavasoft
2006-10-14 12:51 -------- d-------- C:\Program Files\uTorrent
2006-10-13 12:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-12 19:30 -------- d-------- C:\Program Files\Alwil Software
2006-10-11 18:11 682481 --a------ C:\WINDOWS\system32\pmkjg.dll
2006-10-11 18:04 94208 --a------ C:\WINDOWS\system32\bqekkkf.dll
2006-10-11 18:04 72704 --a------ C:\WINDOWS\system32\cmhditn.dll
2006-10-10 20:31 -------- d-------- C:\Program Files\WinAVIVideoConverter
2006-10-10 18:12 -------- d-------- C:\Program Files\Cucusoft
2006-10-10 16:56 -------- d-------- C:\Program Files\SpywareBlaster
2006-10-10 16:55 -------- d-------- C:\Program Files\KONAMI(2)
2006-10-10 16:55 -------- d-------- C:\Program Files\Eusing Free Registry Cleaner
2006-10-10 16:55 -------- d-------- C:\Program Files\directx
2006-10-10 16:55 -------- d-------- C:\Program Files\BitLord
2006-10-10 16:54 -------- d-------- C:\Program Files\DivX
2006-10-09 18:37 -------- d-------- C:\Documents and Settings\David\Application Data\Ahead
2006-10-08 18:45 -------- d-------- C:\Documents and Settings\David\Application Data\LimeWire
2006-10-06 17:24 -------- d-------- C:\Program Files\Alcohol Soft
2006-10-04 22:10 -------- d-------- C:\Program Files\Xilisoft
2006-10-01 08:16 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-28 18:29 -------- d-------- C:\Program Files\Common Files\NSV
2006-09-27 17:19 -------- d-------- C:\Program Files\TVU Player
2006-09-27 16:02 -------- d-------- C:\Documents and Settings\David\Application Data\Nokia Multimedia Player
2006-09-27 15:52 -------- d-------- C:\Documents and Settings\David\Application Data\vlc
2006-09-27 15:51 -------- d-------- C:\Program Files\VideoLAN
2006-09-26 17:03 -------- d-------- C:\Program Files\tvants
2006-09-26 17:02 -------- d-------- C:\Program Files\SatelliteTVforPC
2006-09-25 20:37 9654 --a------ C:\Documents and Settings\David\Application Data\NMM-MetaData.db
2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 16:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-30 22:25 34308 --a------ C:\WINDOWS\system32\Chip.dll
2006-08-30 22:24 53760 --a------ C:\WINDOWS\system32\Squeeze.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"CHotkey"="zHotkey.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"nwiz"="nwiz.exe /install"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunKistEM"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Spyware Doctor"=""

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Spyware Doctor"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoLowDiskSpaceChecks"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
"backup"="C:\\WINDOWS\\pss\\BigFix.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BigFix\\bigfix.exe /atstartup"
"item"="BigFix"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Enable Labtec Wireless Desktop.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Enable Labtec Wireless Desktop.lnk"
"backup"="C:\\WINDOWS\\pss\\Enable Labtec Wireless Desktop.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\LABTEC~1\\MagicKey.exe "
"item"="Enable Labtec Wireless Desktop"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ee"
"hkey"="HKCU"
"command"="C:\\Program Files\\Evidence Eliminator\\ee.exe /m"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IPHSend"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxbkbmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pbmini]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PodcastBar"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LAUNCH~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PcSync2"
"hkey"="HKCU"
"command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RECGUARD"
"hkey"="HKLM"
"command"="%WINDIR%\\SMINST\\RECGUARD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwea32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\XoftSpy.job

Completion time: 06-11-26 20:36:16.06
C:\ComboFix.txt ... 06-11-26 20:36
C:\ComboFix2.txt ... 06-11-26 20:29
C:\ComboFix3.txt ... 06-11-26 19:24



*******************************************************

Logfile of HijackThis v1.99.1
Scan saved at 20:42:29, on 26/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\AOL 9.0\waol.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\PROGRA~1\McAfee\MSC\mcinfo.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\swsc.exe
C:\highjackthis\happy.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/apps/vso/en-gb/...p?affid=370-21
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\uxliwckt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {099D0986-C204-F967-3343-00A64FA96FB9} - C:\WINDOWS\system32\vorenbj.dll
O2 - BHO: (no name) - {242A5537-631F-9060-FB37-0A8C162B8D5A} - C:\WINDOWS\system32\cmhditn.dll
O2 - BHO: (no name) - {51C104A3-AC21-4064-83D1-B27DCCB89518} - C:\WINDOWS\system32\ssqpp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\googletoolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\googletoolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\googletoolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\googletoolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\googletoolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\googletoolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C062FE27-5E27-443A-9A83-CCE515C41F29}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ssqpp - C:\WINDOWS\system32\ssqpp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwea32 - C:\WINDOWS\SYSTEM32\winwea32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
bigbhoy77 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-26-2006, 01:46 PM   #28 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,480
OS: 2000 Pro; XP Pro; XP Home


OK, this version will work for us, but rather than double click on it, please use the command structure I indicated.....it will then remove many of the nasties still showing in your log.

Please do this:

Go to Start -> Run and then paste in this single line command & click OK

"%userprofile%\desktop\combofix.exe" /v winwea32 ssqpp cmhditn vorenbj uxliwckt

When finished, it shall produce a log for you. Post that log in your next reply with a new HJT log
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-26-2006, 02:03 PM   #29 (permalink)
Registered User
 
Join Date: Aug 2006
Posts: 32
OS: XP home edition


when i do it the way you told me it automatically goes away after it does the scan and i can't find where the log is. Any idea's where this can be found?


Sorry for all the hassle!
bigbhoy77 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-26-2006, 02:06 PM   #30 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,480
OS: 2000 Pro; XP Pro; XP Home


The process is much the same....a text file should open when combo is done.

If it did not open automatically, it should be located at C:\ComboFix.txt
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-26-2006, 02:35 PM   #31 (permalink)
Registered User
 
Join Date: Aug 2006
Posts: 32
OS: XP home edition


It doesn't open automatically and the only text file i can locate is this one

David- 06-11-26 21:30:29.68 Service Pack 2
ComboFix 06.11.26 - Running from: "C:\Documents and Settings\David\desktop"
Command switches used :: /v winwea32 ssqpp cmhditn vorenbj uxliwckt
bigbhoy77 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-26-2006, 02:36 PM   #32 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,480
OS: 2000 Pro; XP Pro; XP Home


moving on....

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-26-2006, 02:38 PM   #33 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,480
OS: 2000 Pro; XP Pro; XP Home


Additionally, we need to address this;

I see you have more than one Anti-Virus program installed, AVG and McAfee. While this may seem like greater protection, it can cause problems including slowdowns and system hangs. Choose one to keep and uninstall the other.

Any antivirus program must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:
re-install the program -> reboot -> uninstall
-----------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-26-2006, 03:03 PM   #34 (permalink)
Registered User
 
Join Date: Aug 2006
Posts: 32
OS: XP home edition


VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.2

Scan started at 21:46:31 06-11-26

Listing files found while scanning....

C:\WINDOWS\system32\bqekkkf.dll
C:\WINDOWS\system32\cmhditn.dll
C:\WINDOWS\system32\pmkjg.dll
C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\ppqss.bak1
C:\WINDOWS\system32\ppqss.bak2
C:\WINDOWS\system32\ppqss.ini2
C:\WINDOWS\system32\ppqss.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bqekkkf.dll
C:\WINDOWS\system32\bqekkkf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cmhditn.dll
C:\WINDOWS\system32\cmhditn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjg.dll
C:\WINDOWS\system32\pmkjg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\ssqpp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\ppqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ppqss.bak1
C:\WINDOWS\system32\ppqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ppqss.bak2
C:\WINDOWS\system32\ppqss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ppqss.ini2
C:\WINDOWS\system32\ppqss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ppqss.tmp
C:\WINDOWS\system32\ppqss.tmp Has been deleted!

Performing Repairs to the registry.
Done!

***************************************************

Logfile of HijackThis v1.99.1
Scan saved at 22:03, on 06-11-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\highjackthis\happy.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/apps/vso/en-gb/...p?affid=370-21
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\uxliwckt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {099D0986-C204-F967-3343-00A64FA96FB9} - C:\WINDOWS\system32\vorenbj.dll
O2 - BHO: (no name) - {242A5537-631F-9060-FB37-0A8C162B8D5A} - C:\WINDOWS\system32\cmhditn.dll (file missing)
O2 - BHO: (no name) - {51C104A3-AC21-4064-83D1-B27DCCB89518} - C:\WINDOWS\system32\ssqpp.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\googletoolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\googletoolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\googletoolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\googletoolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\googletoolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\googletoolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C062FE27-5E27-443A-9A83-CCE515C41F29}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwea32 - C:\WINDOWS\SYSTEM32\winwea32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
bigbhoy77 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-26-2006, 04:04 PM   #35 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,480
OS: 2000 Pro; XP Pro; XP Home


Download Pocket Killbox and unzip the exe file to your desktop.

Launch KillBox.exe & select the following options:
  • delete on Reboot
  • All files (if available)
Use your mouse to select all the filenames highlighted in blue & then right-click & select Copy
  • C:\WINDOWS\SYSTEM32\winwea32.dll
    C:\WINDOWS\system32\vorenbj.dll
    C:\WINDOWS\system32\drvloz.dll
    C:\WINDOWS\system32\uxliwckt.dll
    C:\WINDOWS\system32\vorenbj.dll
    C:\WINDOWS\system32\vvdkkpe.dll
    C:\WINDOWS\system32\wvusqqr.dll
    C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
    C:\Program Files\Common Files\{34F9BF1A-0710-2057-0121-06101905002c}\Uninst.exe
* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* KillBox will alert you the files will be deleted on next reboot, click Yes
* When asked to Reboot, select Yes

Click OK at any PendingFileRenameOperations prompt, and let us know if you receive this message.

Also, if the computer does not restart automatically, please restart it manually.

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\uxliwckt.dll
O2 - BHO: (no name) - {099D0986-C204-F967-3343-00A64FA96FB9} - C:\WINDOWS\system32\vorenbj.dll
O2 - BHO: (no name) - {242A5537-631F-9060-FB37-0A8C162B8D5A} - C:\WINDOWS\system32\cmhditn.dll (file missing)
O2 - BHO: (no name) - {51C104A3-AC21-4064-83D1-B27DCCB89518} - C:\WINDOWS\system32\ssqpp.dll (file missing)
O20 - Winlogon Notify: winwea32 - C:\WINDOWS\SYSTEM32\winwea32.dll



Close HijackThis now.

---------------------------------------------------------------------------------------------

Go here and do the BitDefender online virus scan.
  • Click "I Agree" to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Leave the scanning options at default and press "Click here to scan" to begin the scan.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on "Click here to export the scan results"
  • Save the report to your desktop then come back here and post it in your next reply along with a new Hijack This log

How is your system behaving now, please?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-26-2006, 05:02 PM   #36 (permalink)
Registered User
 
Join Date: Aug 2006
Posts: 32
OS: XP home edition


Scan Info

Scanned Files
86310

Infected Files
0
Virus Detected
No virus found.

*****************************************************

Logfile of HijackThis v1.99.1
Scan saved at 00:02, on 06-11-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\highjackthis\happy.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/apps/vso/en-gb/...p?affid=370-21
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\googletoolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\googletoolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\googletoolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\googletoolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\googletoolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\googletoolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C062FE27-5E27-443A-9A83-CCE515C41F29}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

My system seems to be working fine except my screen seems to be a little fuzzy since yesterday.
bigbhoy77 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-26-2006, 06:19 PM   #37 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,480
OS: 2000 Pro; XP Pro; XP Home


Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

-----------------------------------------------------------------

CLEAR & RESET SYSTEM RESTORE'S CACHE

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 & press Enter

* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply

Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

---------------------------------------------------------------------------------------------

As indicated in Post #33....

You still have more than one Anti-virus program installed. I highly recommend you choose one to keep, and uninstall the other.


Copy an uninstall command:
  • Open HiJackThis
  • Click on the button " Open the Misc Tools section"
  • Click on the Box that says "Open Uninstall Manager"
  • Scroll to VS Add-in for Internet Explorer in the list of programs
  • Highlight VS Add-in for Internet Explorer , and Copy the Uninstall Command (on the right side of the screen)
  • Paste that information in your next reply.

Create an uninstall list:

With HiJackThis still open
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on the Box that says "Open Uninstall Manager"
  • Click on the button "Save list"
  • Copy and past the List from the notepad file into your post

---------------------------------------------------------------------------------------------

Please go to: VirusTotal
  • At the top of the page you'll find a "Browse" button. Click the "Browse" button and browse to this file in BOLD:

    C:\WINDOWS\system32\ejqbbdey.exe

  • Click "Open".
  • Then click the "Send" button at the top of the VirusTotal page.
  • This will scan the file. Please be patient.
  • Once scanned, copy and paste the results in your next reply.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-27-2006, 03:17 AM   #38 (permalink)
Registered User
 
Join Date: Aug 2006
Posts: 32
OS: XP home edition


regsvr32.exe /u /s "C:\Program Files\VSAdd-in\VSAdd-in.dll"

*******************************************************

µTorrent
2.5.0
21CN VGO
888Bar
ABBYY FineReader 5.0 Sprint
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0
Adobe Reader 7.0
afreeca Á¦°Å
AOL Coach Version 1.0(Build:20040229.1 uk)
AOL Connectivity Services
AOL Toolbar
AOL UK (Choose which version to remove)
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Art Attack
BigFix
CCleaner (remove only)
CleanUp!
Digital Media Reader
DkZ Studio
dvdSanta 4.00
Evidence Eliminator
Full Speed
Gogglebox TV
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
J2SE Runtime Environment 5.0 Update 2
Labtec Wireless Desktop
Learn2 Player (Uninstall Only)
Lexmark X1100 Series
LimeWire PRO 4.12.3
Macromedia Shockwave Player
Magic Burning Studio v10.2.7
MaxTV Online
McAfee Uninstall Wizard
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Works
Mozilla Firefox (2.0)
MSN Messenger 7.5
MSXML 4.0 SP2 (KB927978)
Multimedia Keyboard Driver
Nero 7 Lite v7.5.7.0
Nokia Connectivity Cable Driver
Nokia PC Connectivity Solution
Nokia PC Suite
NVIDIA Drivers
OIN
Panda ActiveScan
PB-WC100 USB Camera
PowerDVD
PPLive 1.2.39A
ppmate 1.6.0.20
ppStream ÄÚ²â°æ
Pro Evolution Soccer 5
Pro Evolution Soccer 6
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Riva FLV Encoder 2.0
Safety Alert 2006
Safety Bar
Satellite TV for PC Elite 4.8.8.0
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
SFS Trial Version - P1-3 Literacy
SFS Trial Version - P4-7 Numeracy
Soft Data Fax Modem with SmartCP
SopCast 0.9.8
Spybot - Search & Destroy 1.4
Spyware Doctor 4.0
Super Internet TV v6.8
Synacast Plug-in 1.1.0.7
TVAnts 1.0
TVUPlayer 2.2.0
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB917425)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VideoLAN VLC media player 0.8.5
VSAdd-in for Internet Explorer
Winamp (remove only)
WinAVI Video Converter 5.8
WinAVIVideoConverter
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB885295
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
WinRAR archiver
XBCD 1.07
XoftSpy
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

**********************************************************


AntiVir 7.2.0.46 11.27.2006 ADSPY/VSAddinDLL.A
Authentium 4.93.8 11.24.2006 no virus found
Avast 4.7.892.0 11.27.2006 no virus found
AVG 386 11.27.2006 Adware Generic.RUQ
BitDefender 7.2 11.27.2006 no virus found
CAT-QuickHeal 8.00 11.25.2006 Adware.Virtumonde.sr (Not a Virus)
ClamAV devel-20060426 11.27.2006 no virus found
DrWeb 4.33 11.27.2006 no virus found
eSafe 7.0.14.0 11.26.2006 Suspicious Trojan/Worm
eTrust-InoculateIT 23.73.68 11.27.2006 no virus found
eTrust-Vet 30.3.3217 11.27.2006 no virus found
Ewido 4.0 11.26.2006 no virus found
Fortinet 2.82.0.0 11.27.2006 suspicious
F-Prot 3.16f 11.24.2006 no virus found
F-Prot4 4.2.1.29 11.24.2006 no virus found
Ikarus 0.2.65.0 11.27.2006 no virus found
Kaspersky 4.0.2.24 11.27.2006 not-a-virus:AdWare.Win32.Agent.at
McAfee 4904 11.24.2006 potentially unwanted program Adware-SearchColours
Microsoft 1.1804 11.27.2006 no virus found
NOD32v2 1884 11.27.2006 Win32/Adware.Toolbar.SearchColours
Norman 5.80.02 11.24.2006 W32/Virtumonde.SR
Panda 9.0.0.4 11.26.2006 Application/VSToolbar
Prevx1 V2 11.27.2006 no virus found
Sophos 4.11.0 11.16.2006 no virus found
TheHacker 6.0.3.124 11.27.2006 Adware/Agent.at
UNA 1.83 11.24.2006 Adware.Agent.C0AA
VBA32 3.11.1 11.26.2006 AdWare.Win32.Searchcolor.a
VirusBuster 4.3.15:9 11.27.2006 Adware.SearchColors.A
Last edited by bigbhoy77; 11-27-2006 at 03:25 AM.
bigbhoy77 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-27-2006, 08:26 AM   #39 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,480
OS: 2000 Pro; XP Pro; XP Home


Go to Start>Run and copy/paste the following command:

regsvr32.exe /u /s "C:\Program Files\VSAdd-in\VSAdd-in.dll"

Then press Enter.

Do not fret if this fails.

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

888Bar
OIN
Safety Alert 2006
Safety Bar
VSAdd-in for Internet Explorer

If any give a message that they are already installed, and do you want to remove them from the Add/Remove list, Click Yes. If any will not install, let me know, and we'll remove them another way. Inform me as to which ones remain. Do Not fret if any fails.

---------------------------------------------------------------------------------------------


Delete these folders:

C:\Program Files\VSAdd-in
C:\Program Files\VSToolbar

Delete this file:

C:\WINDOWS\system32\ejqbbdey.exe

If it resists deletion, boot to safe mode and delete it from there.

Let me know how that all goes, and post a new HJT log.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
Last edited by tetonbob; 11-27-2006 at 08:27 AM.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-27-2006, 08:45 AM   #40 (permalink)
Registered User
 
Join Date: Aug 2006
Posts: 32
OS: XP home edition


Logfile of HijackThis v1.99.1
Scan saved at 15:45, on 06-11-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\highjackthis\happy.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/apps/vso/en-gb/...p?affid=370-21
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\googletoolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\googletoolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\googletoolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\googletoolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\googletoolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\googletoolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C062FE27-5E27-443A-9A83-CCE515C41F29}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
bigbhoy77 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 2 of 3 1 2 3

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 09:07 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85