C:\WINDOWS\system32\colfkylq.dll

[ajhhp]

When I boot up my hp notebook,I get the following error:
C:\WINDOWS\system32\colfkylq.dll Specified module could not be found.
I hit "ok", everything looks normal, but some of my software will not operate when I click in their icon.

Deckard's System Scanner v20071014.68
Run by Art Hribar on 2008-03-19 18:31:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
55: 2008-03-19 22:31:46 UTC - RP650 - Deckard's System Scanner Restore Point
54: 2008-03-18 01:07:43 UTC - RP649 - System Checkpoint
53: 2008-03-16 20:14:31 UTC - RP648 - Installed DirectX
52: 2008-03-16 0157 UTC - RP647 - System Checkpoint
51: 2008-03-11 21:46:46 UTC - RP646 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-02-16 20:59:35 UTC - RP596 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-19 18:34:15
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Sandisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Art Hribar\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8l.hpwis.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: {d9bae657-f9c1-dbab-9b74-d2dc50175561} - {16557105-cd2d-47b9-babd-1c9f756eab9d} - C:\WINDOWS\system32\evgsbnnf.dll (file missing)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {EECB344F-B4F0-4F6A-9670-8DA01965FBD2} - C:\WINDOWS\system32\ddccd.dll (file missing)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [63366313] rundll32.exe "C:\WINDOWS\system32\lmqpwrcs.dll",b
O4 - HKLM\..\Run: [BM6005508f] Rundll32.exe "C:\WINDOWS\system32\colfkylq.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk
O4 - Global Startup: D-Link REG Utility.lnk
O4 - Global Startup: HP Digital Imaging Monitor.lnk
O4 - Global Startup: HP Image Zone Fast Start.lnk
O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk
O4 - Global Startup: Watch.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...70/mcfscan.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O23 - Service: McAfee Application Installer Cleanup (0119071205963213) (0119071205963213mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\011907~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe


--
End of file - 10823 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 CDRPDACC (Arrowkey Device Access) - c:\program files\321studios\shared\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S3 Ser2pl (Prolific Serial port driver) - c:\windows\system32\drivers\ser2pl.sys <Not Verified; Prolific Technology Inc.; Prolific USB-to-Serial Bridge Cable>
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe
R2 HPConfig (HP Configuration Interface Service) - c:\windows\system32\hpconfig.exe <Not Verified; Hewlett-Packard; HPConfig Module>
R2 HPWirelessMgr - c:\program files\hpq\notebook utilities\hpwirelessmgr.exe <Not Verified; Hewlett-Packard Co.; HPWirelessMgr Module>

S2 0119071205963213mcinstcleanup (McAfee Application Installer Cleanup (0119071205963213)) - c:\windows\temp\011907~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)
S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: HP WLAN 54g W450 Network Adapter
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00E70E11&REV_02\3&61AAA01&0&48
Manufacturer: Broadcom
Name: HP WLAN 54g W450 Network Adapter
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00E70E11&REV_02\3&61AAA01&0&48
Service: BCM43XX

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\A0AACB8CBCD71
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\A0AACB8CBCD71
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2007-11-29 13:12:38 350 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-11-29 13:12:37 342 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-02-19 and 2008-03-19 -----------------------------

2008-03-19 18:15:54 0 d-------- C:\agnis
2008-03-19 18:07:59 0 d-------- C:\ie-spyad_zo
2008-03-19 17:59:59 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-19 17:59:10 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-03-19 17:59:09 0 d-------- C:\Program Files\SpywareBlaster
2008-03-19 17:46:32 0 d-------- C:\WINDOWS\LastGood
2008-03-17 19:01:47 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-10 18:27:20 87616 --a------ C:\WINDOWS\system32\lmqpwrcs.dll
2008-03-09 20:50:06 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-03-09 16:45:05 0 d-------- C:\Documents and Settings\Art Hribar\Application Data\McAfee
2008-03-08 23:11:39 88640 --a------ C:\WINDOWS\system32\mlpbcbgp.dll
2008-03-07 22:18:02 90688 --a------ C:\WINDOWS\system32\gaqdqqwm.dll
2008-03-07 22:12:02 88640 --a------ C:\WINDOWS\system32\brxkhddd.dll
2008-03-07 19:11:01 90688 --a------ C:\WINDOWS\system32\gcbjjmnd.dll
2008-03-07 19:02:04 88640 --a------ C:\WINDOWS\system32\lghjpkfe.dll
2008-02-25 20:28:42 0 d-------- C:\Documents and Settings\Art Hribar\Application Data\Snapfish


-- Find3M Report ---------------------------------------------------------------

2008-03-19 17:46:29 0 d-------- C:\Program Files\McAfee
2008-03-18 20:28:29 0 d-------- C:\Program Files\QuickTime
2008-03-18 20:24:12 0 d-------- C:\Program Files\Messenger
2008-03-18 20:22:59 0 d-------- C:\Program Files\iTunes
2008-03-11 17:48:10 240903 --ahs---- C:\WINDOWS\system32\dccdd.ini2
2008-02-25 20:28:38 10168 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16557105-cd2d-47b9-babd-1c9f756eab9d}]
C:\WINDOWS\system32\evgsbnnf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
09/19/2007 07:15 AM 329032 --a------ C:\Program Files\McAfee\MSK\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EECB344F-B4F0-4F6A-9670-8DA01965FBD2}]
C:\WINDOWS\system32\ddccd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [05/21/2003 03:35 PM C:\WINDOWS\system32\carpserv.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [02/26/2003 08:25 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/14/2002 09:29 PM]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [12/12/2001 11:05 AM]
"AutoTBar"="C:\hp\bin\autotbar.exe" []
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [07/24/2001 05:34 PM]
"TV Now"="C:\Program Files\HPQ\Notebook Utilities\TvNow.exe" [01/30/2003 02:34 PM]
"Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [08/15/2002 10:26 AM]
"QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [01/30/2003 07:02 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [05/22/2003 10:10 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [05/22/2003 11:06 PM]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [03/26/2003 03:15 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/21/2003 12:40 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [05/04/2005 05:21 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/14/2005 08:34 PM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [02/12/2004 01:38 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 03:18 PM]
"NWEReboot"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 11:33 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [08/24/2007 05:57 PM]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [07/22/2007 09:29 PM]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [10/22/2007 01:52 PM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 12:22 PM]
"63366313"="C:\WINDOWS\system32\lmqpwrcs.dll" [03/10/2008 06:27 PM]
"BM6005508f"="C:\WINDOWS\system32\colfkylq.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [09/26/2005 06:30 PM]
"RealPlayer"="C:\Program Files\Real\RealOne Player\realplay.exe" [05/29/2006 02:28 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]

C:\Documents and Settings\Art Hribar\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [4/25/2004 9:36:08 AM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddccd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-03-19 18:35:53 ------------

[ajhhp]

Any takers??? Please help.

[forhockey]

Hi ajhhp,

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------

You still have traces left over components from Norton. Please make sure you uninstall the following entries via add/remove programs:


LiveUpdate 3.1 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)


--------------------------------------------------------------

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix


IMPORTANT: Make sure you install the Recovery Console before running ComboFix.

Reply back with the following:

• C:\ComboFix.txt
• New HiJackThis Log

[ajhhp]

Hello,
LiveUpdate 3.1 (Symantec Corporation) & LiveUpdate Notice (Symantec Corporation) are not showing up in the add/remove programs section. How else would I remove them? I did a file search for Liveupdate and it returned no results. Thanks.

[forhockey]

You can skip that part and move onto the instructions for ComboFix.

[ajhhp]

Here are the Combofix results.

ComboFix 08-03-25.4 - Art Hribar 2008-03-27 17:30:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.166 [GMT -4:00]
Running from: C:\Documents and Settings\Art Hribar\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM6005508f.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\brxkhddd.dll
C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\dccdd.ini2
C:\WINDOWS\system32\gaqdqqwm.dll
C:\WINDOWS\system32\gcbjjmnd.dll
C:\WINDOWS\system32\lghjpkfe.dll
C:\WINDOWS\system32\lmqpwrcs.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlpbcbgp.dll
C:\WINDOWS\system32\scrwpqml.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 )))))))))))))))))))))))))))))))
.

2008-03-21 13:47 . 2008-03-21 15:51 <DIR> d-------- C:\Program Files\DVDFab Platinum 4
2008-03-21 13:47 . 2008-03-21 13:57 <DIR> d-------- C:\Documents and Settings\Art Hribar\Application Data\Vso
2008-03-21 13:47 . 2008-03-21 13:47 87,608 --a------ C:\Documents and Settings\Art Hribar\Application Data\inst.exe
2008-03-21 13:47 . 2008-03-21 13:47 47,360 --a------ C:\Documents and Settings\Art Hribar\Application Data\pcouffin.sys
2008-03-21 13:03 . 2008-03-21 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-19 18:30 . 2008-03-19 18:30 <DIR> d-------- C:\Deckard
2008-03-19 18:07 . 2008-03-19 18:07 <DIR> d-------- C:\ie-spyad_zo
2008-03-19 17:59 . 2008-03-21 13:03 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-19 17:59 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-03-19 17:59 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-03-17 19:01 . 2008-03-18 21:07 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-17 19:01 . 2008-03-18 19:27 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-17 19:01 . 2008-03-18 19:27 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-17 19:01 . 2008-03-18 19:27 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-16 15:42 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-03-16 15:41 . 2001-08-17 12:18 285,760 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys
2008-03-16 15:40 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-03-16 15:39 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-03-16 15:38 . 2002-08-29 03:00 1,875,968 --a------ C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-03-16 15:37 . 2002-08-29 03:00 1,158,818 --a------ C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-03-16 15:36 . 2002-08-29 03:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-03-16 15:35 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
2008-03-16 15:34 . 2001-08-17 12:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys
2008-03-16 15:33 . 2001-08-17 22:36 614,429 --a------ C:\WINDOWS\system32\dllcache\digiview.exe
2008-03-16 15:32 . 2002-08-29 03:00 1,677,824 --a------ C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-03-16 15:31 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-03-16 15:30 . 2001-08-17 13:28 762,780 --a------ C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-03-11 17:50 . 2008-03-11 17:50 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-10 17:27 . 2008-03-10 18:27 1,318,163 ---hs---- C:\WINDOWS\system32\ybtijxcg.ini
2008-03-09 20:50 . 2008-03-09 20:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-03-09 16:45 . 2008-03-09 16:45 <DIR> d-------- C:\Documents and Settings\Art Hribar\Application Data\McAfee
2008-03-07 22:15 . 2008-03-10 17:20 1,307,990 ---hs---- C:\WINDOWS\system32\llohhdwx.ini
2008-03-07 19:08 . 2008-03-07 19:08 1,307,561 ---hs---- C:\WINDOWS\system32\ydvcthvi.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 21:40 --------- d-----w C:\Program Files\McAfee
2008-03-21 20:00 --------- d-----w C:\Program Files\ADSTech Instant DVD+DV
2008-03-21 19:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-21 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-21 19:56 --------- d-----w C:\Program Files\321Studios
2008-03-21 19:54 --------- d-----w C:\Program Files\DivX
2008-03-21 16:37 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-21 16:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 00:28 --------- d-----w C:\Program Files\QuickTime
2008-03-19 00:22 --------- d-----w C:\Program Files\iTunes
2008-03-09 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-26 00:28 --------- d-----w C:\Documents and Settings\Art Hribar\Application Data\Snapfish
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16557105-cd2d-47b9-babd-1c9f756eab9d}]
C:\WINDOWS\system32\evgsbnnf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EECB344F-B4F0-4F6A-9670-8DA01965FBD2}]
C:\WINDOWS\system32\ddccd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [ ]
"RealPlayer"="C:\Program Files\Real\RealOne Player\realplay.exe" [2006-05-29 14:28 1003520]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [2003-05-21 15:35 4608 C:\WINDOWS\system32\carpserv.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2003-02-26 20:25 180316]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 21:29 290816]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-12 11:05 36864]
"AutoTBar"="C:\hp\bin\autotbar.exe" [ ]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 17:34 36864]
"TV Now"="C:\Program Files\HPQ\Notebook Utilities\TvNow.exe" [2003-01-30 14:34 282624]
"Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 10:26 45056]
"QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [2003-01-30 19:02 102400]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-22 22:10 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-22 23:06 610304]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-03-26 15:15 684032]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-09-21 12:40 151597]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-05-04 17:21 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-05-14 20:34 98304]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"NWEReboot"="" []
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 17:57 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 21:29 1160480]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 13:52 75584]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 12:22 20480]
"BM6005508f"="C:\WINDOWS\system32\colfkylq.dll" [ ]

C:\Documents and Settings\Art Hribar\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2004-04-25 09:36:08 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Netscape\\Netscape\\Netscp.exe"=
"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\aliirda.sys [2003-01-23 14:55]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\system32\drivers\caliaud.sys [2002-11-05 11:04]
R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys [2002-11-05 11:04]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2002-08-28 20:00]
S2 DVR2INS;ADS Instant DVD 2.0;C:\WINDOWS\system32\Drivers\dvr2ins.sys [2003-04-14 20:42]

.
Contents of the 'Scheduled Tasks' folder
"2007-11-29 17:12:38 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2007-11-29 17:12:37 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 17:42:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????7?7?5?1??@???? ??3B?????????????T?B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6253\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-03-27 17:46:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-27 21:46:03
.
2008-03-11 21:50:57 --- E O F ---

[forhockey]

Hi ajhhp,

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to the following:
  
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform Fullscan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

Also, please update me on how your system is behaving

[ajhhp]

System is about the same, still get the warning upon windows start up that file C:WINDOWS\system32\colfkylq.dll is missing.

Below is the Panda scan that I just performed. I will download Malwarebytes tomorrow.


Incident Status Location

Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Art Hribar\Start Menu\Programs\Startup\PowerReg Scheduler.exe
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[server.iad.liveperson.net/hc/52580280]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.com.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.did-it.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.overture.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.did-it.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.overture.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[hc2.humanclick.com/hc/57285962]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[statse.webtrendslive.com/S144504]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.zedo.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.atwola.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Firefox\Profiles\hmeoxygq.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Profiles\default\h8nqddym.slt\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Profiles\default\h8nqddym.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Profiles\default\h8nqddym.slt\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Profiles\default\h8nqddym.slt\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Profiles\default\h8nqddym.slt\cookies.txt[.mediaplex.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Profiles\default\h8nqddym.slt\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Profiles\default\h8nqddym.slt\cookies.txt[.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Profiles\default\h8nqddym.slt\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Profiles\default\h8nqddym.slt\cookies.txt[.apmebf.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Profiles\default\h8nqddym.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Profiles\default\h8nqddym.slt\cookies.txt[.realmedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Profiles\default\h8nqddym.slt\cookies.txt[.zedo.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Profiles\default\h8nqddym.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Profiles\default\h8nqddym.slt\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Mozilla\Profiles\default\h8nqddym.slt\cookies.txt[.overture.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Netscape\Navigator\Profiles\77wosrzl.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Netscape\Navigator\Profiles\77wosrzl.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Netscape\Navigator\Profiles\77wosrzl.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Netscape\Navigator\Profiles\77wosrzl.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Netscape\Navigator\Profiles\77wosrzl.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Netscape\Navigator\Profiles\77wosrzl.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Netscape\Navigator\Profiles\77wosrzl.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Netscape\Navigator\Profiles\77wosrzl.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Netscape\Navigator\Profiles\77wosrzl.default\cookies.txt[.com.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Netscape\Navigator\Profiles\77wosrzl.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Netscape\Navigator\Profiles\77wosrzl.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Netscape\Navigator\Profiles\77wosrzl.default\cookies.txt[.advertising.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Netscape\Navigator\Profiles\77wosrzl.default\cookies.txt[.did-it.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Netscape\Navigator\Profiles\77wosrzl.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Art Hribar\Application Data\Netscape\Navigator\Profiles\77wosrzl.default\cookies.txt[.overture.com/]
Virus:Trj/Bancos.RQ Not disinfected C:\Documents and Settings\Art Hribar\Desktop\ComboFix.exe[327882R2FWJFW\pv.cfexe]
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\brxkhddd.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\lghjpkfe.dll.vir

[ajhhp]

Below is the Malwarebytes' scan.

Malwarebytes' Anti-Malware 1.09
Database version: 563

Scan type: Full Scan (A:\|C:\|)
Objects scanned: 98079
Time elapsed: 44 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[forhockey]

Hi ajhhp,

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now.

Open notepad and copy/paste the text in the quotebox below:
(don't forget to copy and paste REGEDIT4)

Quote:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM6005508f"=-

Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

--------------------------------------------

Please run DSS again, and post the resulting log.

Also, please update me on how your system is behaving?

[ajhhp]

When I click om the new "delete.reg" file, I get the "Open With" dialog box. What program do I choose to open this file?

What is DSS?

[forhockey]

Hi ajhhp,

Lets try another approach.

Please download HijackThis. This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded. Click on the "Install" button. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Double click on HijackThis.exe to run the program.

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

O4 - HKLM\..\Run: [BM6005508f] Rundll32.exe "C:\WINDOWS\system32\colfkylq.dll",s

Please remember to close all other windows, including browsers then click Fix checked.

Close HijackThis

--------------------------------------------------------------

DSS (Deckard's System Scanner) Was the first tool you ran which produced the main.txt log.

Please run DSS.exe and post the resulting log.

[ajhhp]

After I completed your latest request, upon re-boot, the message "C:\WINDOWS\system32\colfkylq.dll Specified module could not be found." did not come up. (yeah).

I do have an additional question, in reviewing my latest Panda scan there are many spyware cookie txt's that were noted as not being disinfected and one trojan that was not disinfected. Should I have went through the Panda $12.95 process to remove these?


Below are the results of the latest DSS.

Deckard's System Scanner v20071014.68
Run by Art Hribar on 2008-03-30 1044
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Art Hribar.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1055 AM, on 3/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Art Hribar\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Art Hribar.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.yahoo.com"); (C:\Documents and Settings\ART HRIBAR\Application Data\Mozilla\Profiles\default\h8nqddym.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ART HRIBAR\Application Data\Mozilla\Profiles\default\h8nqddym.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: {d9bae657-f9c1-dbab-9b74-d2dc50175561} - {16557105-cd2d-47b9-babd-1c9f756eab9d} - C:\WINDOWS\system32\evgsbnnf.dll (file missing)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {EECB344F-B4F0-4F6A-9670-8DA01965FBD2} - C:\WINDOWS\system32\ddccd.dll (file missing)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\DV Series\Console\Watch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...70/mcfscan.cab
O23 - Service: McAfee Application Installer Cleanup (0045131206884110) (0045131206884110mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\004513~1.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 9455 bytes

-- Files created between 2008-02-29 and 2008-03-30 -----------------------------

2008-03-30 09:58:12 0 d-------- C:\Program Files\Trend Micro
2008-03-30 09:35:04 0 d-------- C:\WINDOWS\LastGood
2008-03-28 19:26:15 0 d-------- C:\Documents and Settings\Art Hribar\Application Data\Malwarebytes
2008-03-28 19:25:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-28 19:25:45 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-26 21:47:25 0 d-------- C:\cmdcons
2008-03-26 21:44:05 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-26 21:44:05 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-26 21:44:05 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-26 21:44:05 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-21 13:47:55 0 d-------- C:\Documents and Settings\Art Hribar\Application Data\Vso
2008-03-21 13:47:55 47360 --a------ C:\Documents and Settings\Art Hribar\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-03-21 13:47:41 0 d-------- C:\Program Files\DVDFab Platinum 4
2008-03-21 13:03:59 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-19 18:15:54 0 d-------- C:\agnis
2008-03-19 18:07:59 0 d-------- C:\ie-spyad_zo
2008-03-19 17:59:10 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-03-19 17:59:09 0 d-------- C:\Program Files\SpywareBlaster
2008-03-17 19:01:47 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-09 20:50:06 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-03-09 16:45:05 0 d-------- C:\Documents and Settings\Art Hribar\Application Data\McAfee


-- Find3M Report ---------------------------------------------------------------

2008-03-30 09:35:02 0 d-------- C:\Program Files\McAfee
2008-03-27 19:17:31 0 d-------- C:\Program Files\QuickTime
2008-03-27 19:12:08 0 d-------- C:\Program Files\Messenger
2008-03-27 19:09:49 0 d-------- C:\Program Files\iTunes
2008-03-21 16:00:18 0 d-------- C:\Program Files\ADSTech Instant DVD+DV
2008-03-21 15:57:50 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-21 15:56:00 0 d-------- C:\Program Files\321Studios
2008-03-21 15:54:13 0 d-------- C:\Program Files\DivX
2008-03-21 13:48:33 34 --a------ C:\Documents and Settings\Art Hribar\Application Data\pcouffin.log
2008-03-21 13:47:57 1144 --a------ C:\Documents and Settings\Art Hribar\Application Data\pcouffin.inf
2008-03-21 13:47:57 7887 --a------ C:\Documents and Settings\Art Hribar\Application Data\pcouffin.cat
2008-03-21 12:37:04 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-21 12:33:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-25 20:28:53 0 d-------- C:\Documents and Settings\Art Hribar\Application Data\Snapfish
2008-02-25 20:28:38 10168 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16557105-cd2d-47b9-babd-1c9f756eab9d}]
C:\WINDOWS\system32\evgsbnnf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
09/19/2007 07:15 AM 329032 --a------ C:\Program Files\McAfee\MSK\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EECB344F-B4F0-4F6A-9670-8DA01965FBD2}]
C:\WINDOWS\system32\ddccd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [05/21/2003 03:35 PM C:\WINDOWS\system32\carpserv.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [02/26/2003 08:25 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/14/2002 09:29 PM]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [12/12/2001 11:05 AM]
"AutoTBar"="C:\hp\bin\autotbar.exe" []
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [07/24/2001 05:34 PM]
"TV Now"="C:\Program Files\HPQ\Notebook Utilities\TvNow.exe" [01/30/2003 02:34 PM]
"Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [08/15/2002 10:26 AM]
"QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [01/30/2003 07:02 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [05/22/2003 10:10 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [05/22/2003 11:06 PM]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [03/26/2003 03:15 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/21/2003 12:40 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [05/04/2005 05:21 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/14/2005 08:34 PM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [02/12/2004 01:38 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 03:18 PM]
"NWEReboot"="" []
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 11:33 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [08/24/2007 05:57 PM]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [07/22/2007 09:29 PM]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [10/22/2007 01:52 PM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 12:22 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" []
"RealPlayer"="C:\Program Files\Real\RealOne Player\realplay.exe" [05/29/2006 02:28 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]

C:\Documents and Settings\Art Hribar\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [4/25/2004 9:36:08 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-03-30 10:07:39 ------------

[forhockey]

Hi ajhhp,

Quote:

I do have an additional question, in reviewing my latest Panda scan there are many spyware cookie txt's that were noted as not being disinfected and one trojan that was not disinfected. Should I have went through the Panda $12.95 process to remove these?

No, all that was showing in the Panda scan was tracking cookies (which is normal) and viruses that were stuck in the quarantine folders.

The following tool will clear out your cookies:

Please download ATF Cleaner

* Double-click ATF-Cleaner.exe to run the program.
* Click Select All found at the bottom of the list.
* Click the Empty Selected button.

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

* Click Opera at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

--------------------------------------------------------------

Well done, your logs are clean! There are just a few more things I would like you to do.


The following procedure will clear out ComboFix.exe, as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

----------------------------------------------------------------

Microsoft Updates

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Malware Prevention Tools

These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources.

• SpywareBlaster - Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Check regularly for updates.
• IE-Spyad - Here is an installation guide -> http://www.techsupportforum.com/cont...ticles/63.html
• MVPS Hosts File - extract and double-click the mvps.bat file. This will replace your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements, preventing your computer from connecting to those sites.
• McAfee SiteAdvisor - helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox.
• SpywareGuard - real-time protection that detects and blocks spyware before it can execute.

Alternative Web Browsers

Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites.

• Firefox
• Opera

Firewalls

If you do not have a firewall, here are a few free ones available for personal use:

Understanding and Using Firewalls

• Comodo Firewall Pro
• ZoneAlarm
• OutPost Firewall

Informational Reading

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:

• PC SAFETY AND SECURITY
• How Did I Get Infected In The First Place?.
• THE ANTI-SPYWARE TUTORIAL
• STRONG PASSWORDS

Please respond to this thread one more time so we can mark this thread as resolved.

[ajhhp]

Thanks for the additional information. I am up to date on Microsoft's critical updates, I have always kept a close watch on this. I am also firewalled and now have SpywareBlaster installed and running. I now have to go through the same steps because my kids desktop PC has the same error message upon boot up. For many many years I used Netscape as my browser, since they were not going to support it after Feb 2008, I switch to Firefox and that is when all of this stuff popped up. Never had an issue with Netscape. Never really used Internet Explorer. Thanks so much for the assistance.

[forhockey]

ajhhp,

You're welcome. If you do require assistance with your kids computer, then please start a new thread.

Safe Surfing.