Tech Support Forum banner
Status
Not open for further replies.
1 - 19 of 19 Posts

· Registered
Joined
·
18 Posts
Discussion Starter · #1 ·
Hey guys a few weeks ago I tried to download something thru bitcomet and I ended up getting a virus or something. I did the 5 step process, but the panda process could not finish. Then when I run DSS it only have me the main.txt, but it did give me the other file.
Here are my hijack results:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:00:52 PM, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 169.254.156:129
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [DME] C:\Program Files\Zero Knowledge\DM\DownloadManagerR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [5c9618c0] rundll32.exe "C:\WINDOWS\system32\rweijulg.dll",b
O4 - HKLM\..\Run: [BM5fa52b5c] Rundll32.exe "C:\WINDOWS\system32\ibuodmdw.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157231781356
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 7298 bytes


Here are my Main.txt results:

Deckard's System Scanner v20071014.68
Run by Nicole on 2008-06-14 14:20:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-14 14:20:57
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\McAfee\QuickClean\PlgUni.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rdshost.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Documents and Settings\Nicole\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 169.254.156:129
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {129FA2A1-408C-4824-83A4-5001581FD01E} - C:\WINDOWS\system32\tuvUOEVO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7B62811B-0057-4BE8-B7C0-525D7B809317} - C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\E9KR6X8X\3077ahntdksr[1].dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BEE84F6B-D6AB-479A-8016-3C9484D311E2} - C:\WINDOWS\system32\cbXPheeB.dll
O2 - BHO: {32057776-19e2-d4db-3b54-bd54242c973c} - {c379c242-45db-45b3-bd4d-2e9167775023} - C:\WINDOWS\system32\apaibwti.dll
O2 - BHO: (no name) - {D26B7643-1B64-4BE7-BE61-6E21F52010C2} - C:\WINDOWS\system32\gmdbndwo.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [DME] C:\Program Files\Zero Knowledge\DM\DownloadManagerR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [5c9618c0] rundll32.exe "C:\WINDOWS\system32\rweijulg.dll",b
O4 - HKLM\..\Run: [BM5fa52b5c] Rundll32.exe "C:\WINDOWS\system32\ibuodmdw.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: NkvMon.exe.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157231781356
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: tuvUOEVO - C:\WINDOWS\system32\tuvUOEVO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\acsd.exe
O23 - Service: dvpapi - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe


--
End of file - 9778 bytes

-- Files created between 2008-05-14 and 2008-06-14 -----------------------------

2008-06-13 20:45:53 99328 --a------ C:\WINDOWS\system32\apaibwti.dll
2008-06-13 20:42:53 49664 --a------ C:\WINDOWS\system32\gmdbndwo.dll
2008-06-13 20:39:53 81408 --a------ C:\WINDOWS\system32\rweijulg.dll
2008-06-13 20:36:53 89600 --a------ C:\WINDOWS\system32\ibuodmdw.dll
2008-06-12 20:39:49 98816 --a------ C:\WINDOWS\system32\iscuownr.dll
2008-06-12 20:36:49 89600 --a------ C:\WINDOWS\system32\hfmnldjd.dll
2008-06-11 20:39:17 98816 --a------ C:\WINDOWS\system32\qvplbbab.dll
2008-06-11 20:36:16 89600 --a------ C:\WINDOWS\system32\axsjabjr.dll
2008-06-11 18:20:58 0 d-------- C:\ie-spyad_zo
2008-06-11 17:57:18 0 d-------- C:\Program Files\SpywareBlaster
2008-06-10 20:41:22 184320 --a------ C:\WINDOWS\system32\grpxtdro.dll
2008-06-10 20:35:24 157184 --a------ C:\WINDOWS\system32\yyjuneva.dll
2008-06-09 20:36:01 92160 --a------ C:\WINDOWS\system32\rpyofcgm.dll
2008-06-09 20:33:34 109056 --a------ C:\WINDOWS\system32\teiyclxm.dll
2008-06-09 20:33:18 100864 --a------ C:\WINDOWS\system32\fqohgylr.dll
2008-06-09 18:42:59 0 d-------- C:\Program Files\Panda Security
2008-06-08 20:41:25 2560 --a------ C:\WINDOWS\system32\ncppewhj.exe
2008-06-08 20:38:25 108544 --a------ C:\WINDOWS\system32\lpbxptig.dll
2008-06-08 20:35:25 92160 --a------ C:\WINDOWS\system32\uioihtag.dll
2008-06-08 20:32:35 100352 --a------ C:\WINDOWS\system32\iokicvss.dll
2008-06-07 12:21:50 108544 --a------ C:\WINDOWS\system32\otigluah.dll
2008-06-07 12:20:34 92160 --a------ C:\WINDOWS\system32\apvloler.dll
2008-06-07 12:20:14 101376 --a------ C:\WINDOWS\system32\epniwtxl.dll
2008-06-07 12:15:56 108544 --a------ C:\WINDOWS\system32\jysunewa.dll
2008-06-07 12:15:24 101376 --a------ C:\WINDOWS\system32\hsemxflq.dll
2008-06-06 21:56:07 108544 --a------ C:\WINDOWS\system32\fmhgkkfx.dll
2008-06-06 21:55:59 91648 --a------ C:\WINDOWS\system32\oktnlejq.dll
2008-06-06 21:25:19 100864 --a------ C:\WINDOWS\system32\cgmgaxvm.dll
2008-06-05 22:36:04 133120 --a------ C:\WINDOWS\system32\xybpvajl.dll
2008-06-05 21:07:23 133120 --a------ C:\WINDOWS\system32\mcebethk.dll
2008-06-05 21:05:00 126976 --a------ C:\WINDOWS\system32\wsimljgg.dll
2008-06-04 21:39:14 132608 --a------ C:\WINDOWS\system32\iixbkclj.dll
2008-06-04 21:27:23 116736 --a------ C:\WINDOWS\system32\ckhsqeru.dll
2008-06-04 20:52:43 126976 --a------ C:\WINDOWS\system32\nrueybse.dll
2008-06-01 17:00:55 132096 --a------ C:\WINDOWS\system32\rmsfpnqj.dll
2008-05-31 23:11:19 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-05-31 22:59:54 0 d-------- C:\Documents and Settings\Nicole\WINDOWS
2008-05-31 22:55:18 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-31 18:43:58 132096 --a------ C:\WINDOWS\system32\plpqxigi.dll
2008-05-29 16:45:34 132608 --a------ C:\WINDOWS\system32\agilnuum.dll
2008-05-28 16:48:38 133632 --a------ C:\WINDOWS\system32\atsmkyie.dll
2008-05-27 16:52:00 116224 --a------ C:\WINDOWS\system32\sicpvgfd.dll
2008-05-27 16:38:41 126976 --a------ C:\WINDOWS\system32\tsktjfoj.dll
2008-05-26 12:49:40 59392 --a------ C:\WINDOWS\system32\pmnmmNgF.dll
2008-05-26 10:30:31 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-26 06:42:39 134144 --a------ C:\WINDOWS\system32\kwheeoeg.dll
2008-05-26 06:36:39 124928 --a------ C:\WINDOWS\system32\qfcxxakd.dll
2008-05-25 12:38:04 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-25 12:28:31 0 d--hs---- C:\WINDOWS\CSC
2008-05-25 11:35:48 0 d-------- C:\Program Files\McAfee.com
2008-05-25 11:35:02 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-25 06:37:41 136704 --a------ C:\WINDOWS\system32\fiunhdci.dll
2008-05-24 18:31:47 690494 --ahs---- C:\WINDOWS\system32\BeehPXbc.ini2
2008-05-24 18:31:38 371712 --a------ C:\WINDOWS\system32\cbXPheeB.dll
2008-05-24 18:26:30 59392 --a------ C:\WINDOWS\system32\tuvUOEVO.dll
2008-05-24 18:14:33 0 d-------- C:\Program Files\Windows Sidebar
2008-05-24 17:59:02 0 d-------- C:\Documents and Settings\Nicole\Application Data\SiteAdvisor


-- Find3M Report ---------------------------------------------------------------

2008-06-09 18:22:55 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-09 18:15:22 0 d-------- C:\Program Files\Windows Live Toolbar
2008-06-09 17:52:47 2788 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-07 13:35:57 0 d-a------ C:\Program Files\Common Files
2008-06-01 00:29:01 0 d-------- C:\Program Files\Common Files\AOL
2008-05-26 12:08:07 0 d-------- C:\Program Files\McAfee
2008-05-24 23:05:11 0 d-------- C:\Program Files\BitComet
2008-05-24 13:54:32 0 d-------- C:\Program Files\AIM
2008-05-24 13:54:16 0 d-------- C:\Documents and Settings\Nicole\Application Data\Aim
2008-05-03 18:05:34 0 d-------- C:\Documents and Settings\Nicole\Application Data\WinRAR
2008-04-15 21:16:20 0 d-------- C:\Documents and Settings\Nicole\Application Data\LimeWire


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{129FA2A1-408C-4824-83A4-5001581FD01E}]
05/24/2008 06:26 PM 59392 --a------ C:\WINDOWS\system32\tuvUOEVO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B62811B-0057-4BE8-B7C0-525D7B809317}]
06/13/2008 08:47 PM 88576 --a------ C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\E9KR6X8X\3077ahntdksr[1].dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BEE84F6B-D6AB-479A-8016-3C9484D311E2}]
05/24/2008 06:31 PM 371712 --a------ C:\WINDOWS\system32\cbXPheeB.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c379c242-45db-45b3-bd4d-2e9167775023}]
06/13/2008 08:45 PM 99328 --a------ C:\WINDOWS\system32\apaibwti.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D26B7643-1B64-4BE7-BE61-6E21F52010C2}]
06/13/2008 08:42 PM 49664 --a------ C:\WINDOWS\system32\gmdbndwo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Imonitor"="C:\Program Files\McAfee\QuickClean\Plguni.exe" [03/25/2003 04:02 AM]
"DME"="C:\Program Files\Zero Knowledge\DM\DownloadManagerR.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 02:03 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/20/2005 09:54 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/12/2005 12:12 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"5c9618c0"="C:\WINDOWS\system32\rweijulg.dll" [06/13/2008 08:39 PM]
"BM5fa52b5c"="C:\WINDOWS\system32\ibuodmdw.dll" [06/13/2008 08:36 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [12/30/2003 5:54:33 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 12:23:26 AM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [8/11/2004 3:22:40 AM]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 3:12:08 PM]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2/15/2004 6:08:23 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{129FA2A1-408C-4824-83A4-5001581FD01E}"= C:\WINDOWS\system32\tuvUOEVO.dll [05/24/2008 06:26 PM 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvUOEVO]
tuvUOEVO.dll 05/24/2008 06:26 PM 59392 C:\WINDOWS\system32\tuvUOEVO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\cbXPheeB

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{036309A2-B046-F842-0406-040204020301}]
C:\DOCUME~1\Nicole\LOCALS~1\Temp\nya.exe



-- End of Deckard's System Scanner: finished at 2008-06-14 14:23:38 ------------

Thanks In advance;-)
 

· TSF Security Manager, Emeritus
Joined
·
51,795 Posts
Hi again. I see you finally made it to this section.

Hopefully this experience will teach you about the dangers of using P2P (file sharing) applications.

You have a nasty collection of Vundo, from way back when your other thread began.

P2P - I see you have P2P software ( BitComet, BitTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

As part of installing the Recovery Console, ComboFix will begin to run. Follow the prompts to install the Recovery Console. Your desktop may disappear. This is normal. It will return.

Once the Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Post the log from ComboFix when you've accomplished that. (C:\ComboFix.txt)

Also, please do this:

Please run Deckard's System Scanner once again, this time using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK

"%userprofile%\desktop\dss.exe" /config

Click on "Check All"

Click Scan!

When finished, it shall produce two logs for you. Post those logs in your next reply.

If you have any questions along the way, STOP and ask them before proceeding.
 

· Registered
Joined
·
18 Posts
Discussion Starter · #3 ·
HEY THANKS BRO!!!!!!!!!!!!!!!!!!!!
I did the cambofix and it gave me this log:

ComboFix 08-06-12.2 - Nicole 2008-06-14 18:34:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.267 [GMT -4:00]
Running from: C:\Documents and Settings\Nicole\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nicole\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Nicole\Application Data\DriveCleaner Free
C:\Documents and Settings\Nicole\Application Data\DriveCleaner Free\Logs\update.log
C:\WINDOWS\BM5fa52b5c.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aagvpskw.ini
C:\WINDOWS\system32\agilnuum.dll
C:\WINDOWS\system32\agkuaeps.ini
C:\WINDOWS\system32\apaibwti.dll
C:\WINDOWS\system32\apvloler.dll
C:\WINDOWS\system32\atsmkyie.dll
C:\WINDOWS\system32\axsjabjr.dll
C:\WINDOWS\system32\BeehPXbc.ini
C:\WINDOWS\system32\BeehPXbc.ini2
C:\WINDOWS\system32\cbXPheeB.dll
C:\WINDOWS\system32\cgmgaxvm.dll
C:\WINDOWS\system32\ckhsqeru.dll
C:\WINDOWS\system32\csngnlog.ini
C:\WINDOWS\system32\dfgvpcis.ini
C:\WINDOWS\system32\epniwtxl.dll
C:\WINDOWS\system32\fiunhdci.dll
C:\WINDOWS\system32\fmhgkkfx.dll
C:\WINDOWS\system32\fqohgylr.dll
C:\WINDOWS\system32\gathioiu.ini
C:\WINDOWS\system32\glujiewr.ini
C:\WINDOWS\system32\gmdbndwo.dll
C:\WINDOWS\system32\grpxtdro.dll
C:\WINDOWS\system32\hfmnldjd.dll
C:\WINDOWS\system32\hsemxflq.dll
C:\WINDOWS\system32\ibuodmdw.dll
C:\WINDOWS\system32\iixbkclj.dll
C:\WINDOWS\system32\iokicvss.dll
C:\WINDOWS\system32\iscuownr.dll
C:\WINDOWS\system32\jysunewa.dll
C:\WINDOWS\system32\kwheeoeg.dll
C:\WINDOWS\system32\lerhrxdh.ini
C:\WINDOWS\system32\lpbxptig.dll
C:\WINDOWS\system32\mcebethk.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mgcfoypr.ini
C:\WINDOWS\system32\ncppewhj.exe
C:\WINDOWS\system32\nrueybse.dll
C:\WINDOWS\system32\oktnlejq.dll
C:\WINDOWS\system32\otigluah.dll
C:\WINDOWS\system32\pebsrmeh.ini
C:\WINDOWS\system32\pgwvurmi.ini
C:\WINDOWS\system32\plpqxigi.dll
C:\WINDOWS\system32\pmnmmNgF.dll
C:\WINDOWS\system32\qfcxxakd.dll
C:\WINDOWS\system32\qjelntko.ini
C:\WINDOWS\system32\qsqqpfjq.ini
C:\WINDOWS\system32\qvplbbab.dll
C:\WINDOWS\system32\relolvpa.ini
C:\WINDOWS\system32\rmsfpnqj.dll
C:\WINDOWS\system32\rpyofcgm.dll
C:\WINDOWS\system32\rweijulg.dll
C:\WINDOWS\system32\sicpvgfd.dll
C:\WINDOWS\system32\teiyclxm.dll
C:\WINDOWS\system32\trrlhaeh.ini
C:\WINDOWS\system32\tsktjfoj.dll
C:\WINDOWS\system32\tuvUOEVO.dll
C:\WINDOWS\system32\uioihtag.dll
C:\WINDOWS\system32\ureqshkc.ini
C:\WINDOWS\system32\uuxcmepp.ini
C:\WINDOWS\system32\wrveljkv.ini
C:\WINDOWS\system32\wsimljgg.dll
C:\WINDOWS\system32\xdmpjqcr.ini
C:\WINDOWS\system32\xybpvajl.dll
C:\WINDOWS\system32\yxiubnom.ini
C:\WINDOWS\system32\yyjuneva.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.

2008-06-14 14:57 . 2008-06-14 14:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-11 18:50 . 2008-06-11 18:50 <DIR> d-------- C:\Deckard
2008-06-11 18:20 . 2008-06-11 18:20 <DIR> d-------- C:\ie-spyad_zo
2008-06-11 17:57 . 2008-06-11 17:59 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-09 18:42 . 2008-06-09 18:45 <DIR> d-------- C:\Program Files\Panda Security
2008-05-31 23:11 . 2008-05-31 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-05-31 22:59 . 2008-05-31 22:59 <DIR> d-------- C:\Documents and Settings\Nicole\WINDOWS
2008-05-31 22:55 . 2008-06-14 17:57 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-05-26 10:30 . 2006-05-04 15:09 2,514,909 --------- C:\WINDOWS\ShareCracker.CAB
2008-05-26 10:30 . 2008-05-26 10:30 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-05-26 10:30 . 2008-05-26 10:30 337 --a------ C:\WINDOWS\ST6UNST.000
2008-05-25 12:38 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-25 12:13 . 2008-06-14 18:50 716 --a------ C:\WINDOWS\system32\Config.MPF
2008-05-25 11:39 . 2006-07-14 00:09 161,768 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-05-25 11:39 . 2006-07-08 15:46 84,744 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-05-25 11:39 . 2006-07-14 00:10 37,800 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-05-25 11:39 . 2006-07-14 00:09 33,896 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-05-25 11:39 . 2006-07-14 00:09 31,560 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-05-25 11:38 . 2006-07-17 21:56 104,024 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-05-25 11:35 . 2008-05-25 11:36 <DIR> d-------- C:\Program Files\McAfee.com
2008-05-25 11:35 . 2008-05-25 11:39 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-05-24 18:43 . 2008-05-24 18:43 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-05-24 18:14 . 2008-05-24 18:14 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-05-24 17:59 . 2008-05-24 17:59 <DIR> d-------- C:\Documents and Settings\Nicole\Application Data\SiteAdvisor
2008-05-16 03:58 . 2008-05-16 03:58 208 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 22:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-09 22:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-09 22:15 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-06-09 22:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-01 04:29 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-01 03:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-26 16:08 --------- d-----w C:\Program Files\McAfee
2008-05-25 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-25 03:05 --------- d-----w C:\Program Files\BitComet
2008-05-24 17:54 --------- d-----w C:\Program Files\AIM
2008-05-24 17:54 --------- d-----w C:\Documents and Settings\Nicole\Application Data\Aim
2008-04-16 01:16 --------- d-----w C:\Documents and Settings\Nicole\Application Data\LimeWire
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B62811B-0057-4BE8-B7C0-525D7B809317}]
C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\E9KR6X8X\3077ahntdksr[1].dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Imonitor"="C:\Program Files\McAfee\QuickClean\Plguni.exe" [2003-03-25 04:02 98304]
"DME"="C:\Program Files\Zero Knowledge\DM\DownloadManagerR.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 21:54 278528]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2003-12-30 17:54:33 82026]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-08-11 03:22:40 757760]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 15:12:08 16423]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2004-02-15 18:08:23 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\StubInstaller.exe"=
"C:\\Documents and Settings\\Nicole\\Desktop\\jellybean\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24760:TCP"= 24760:TCP:BitComet 24760 TCP
"24760:UDP"= 24760:UDP:BitComet 24760 UDP
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009

R3 USB200M;Linksys USB 2.0 Network Adapter ver.2;C:\WINDOWS\system32\DRIVERS\USB200M2.sys [2005-04-21 02:30]
S3 USB-100;Linksys EtherFast 10/100 Compact USB Network Adapter;C:\WINDOWS\system32\DRIVERS\USB100M.SYS [2001-09-13 22:35]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{036309A2-B046-F842-0406-040204020301}]
C:\DOCUME~1\Nicole\LOCALS~1\Temp\nya.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-06-13 23:07:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-25 15:37:31 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2008-06-01 09:15:38 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 18:53:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-06-14 19:00:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-14 23:00:14

Pre-Run: 3,714,981,888 bytes free
Post-Run: 3,734,773,760 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

233 --- E O F --- 2008-05-16 19:49:20

Then I did the Deckard's System Scanner and it gave me this for main.txt:
Deckard's System Scanner v20071014.68
Run by Nicole on 2008-06-14 19:19:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
44: 2008-06-14 23:20:08 UTC - RP739 - Deckard's System Scanner Restore Point
43: 2008-06-14 22:31:25 UTC - RP738 - ComboFix created restore point
42: 2008-06-11 22:51:24 UTC - RP737 - Deckard's System Scanner Restore Point
41: 2008-06-09 22:22:39 UTC - RP736 - Removed LiveUpdate Notice (Symantec Corporation)
40: 2008-06-09 22:10:56 UTC - RP735 - Removed Windows Live Toolbar


-- First Restore Point --
1: 2008-06-07 16:13:10 UTC - RP696 - System Checkpoint


Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Nicole.exe) ----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-14 19:23:14
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\McAfee\QuickClean\PlgUni.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rdshost.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Documents and Settings\Nicole\Desktop\dss.exe
C:\Program Files\Trend Micro\HijackThis\Nicole.exe
C:\Program Files\McAfee.com\Agent\mcupdate.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 169.254.156:129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7B62811B-0057-4BE8-B7C0-525D7B809317} - C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\E9KR6X8X\3077ahntdksr[1].dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [DME] C:\Program Files\Zero Knowledge\DM\DownloadManagerR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: NkvMon.exe.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157231781356
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\acsd.exe
O23 - Service: dvpapi - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe


--
End of file - 9436 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 USB200M (Linksys USB 2.0 Network Adapter ver.2) - c:\windows\system32\drivers\usb200m2.sys <Not Verified; Linksys; Linksys USB 2.0 Network Adapter ver.2>

S3 GEARAspiWDM - c:\windows\system32\drivers\gearaspiwdm.sys (file missing)
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 USB-100 (Linksys EtherFast 10/100 Compact USB Network Adapter) - c:\windows\system32\drivers\usb100m.sys <Not Verified; Linksys; Linksys Compact USB Network Adapter>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 dvpapi - "c:\program files\common files\command software\dvpapi.exe" <Not Verified; Command Software Systems, Inc.; Command AntiVirus for Windows>

S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_50001799&REV_10\4&22656C78&0&48F0
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC #2
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_50001799&REV_10\4&22656C78&0&48F0
Service: rtl8139

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Symantec Network Security Miniport
Device ID: ROOT\SYMC_SYMIMMP\0004
Manufacturer: Symantec
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC - Symantec Network Security Miniport
PNP Device ID: ROOT\SYMC_SYMIMMP\0004
Service: SymIMMP


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\explorer.exe (pid 3276)
2003-03-25 04:02:00 57344 --a------ C:\Program Files\McAfee\QuickClean\imhook.dll <Not Verified; Network Associates, Inc.; QuickClean>


-- Scheduled Tasks -------------------------------------------------------------

2008-06-13 19:07:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-06-01 05:15:38 358 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-05-25 11:37:31 266 --a------ C:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2008-05-14 and 2008-06-14 -----------------------------

2008-06-14 18:33:33 0 d-------- C:\cmdcons
2008-06-14 18:14:03 68096 --a------ C:\WINDOWS\zip.exe
2008-06-14 18:14:03 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-14 18:14:02 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-14 18:14:02 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-14 18:14:02 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-14 18:14:02 98816 --a------ C:\WINDOWS\sed.exe
2008-06-14 18:14:02 80412 --a------ C:\WINDOWS\grep.exe
2008-06-14 18:14:02 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-14 14:57:22 0 d-------- C:\Program Files\Trend Micro
2008-06-11 18:20:58 0 d-------- C:\ie-spyad_zo
2008-06-11 17:57:18 0 d-------- C:\Program Files\SpywareBlaster
2008-06-09 18:42:59 0 d-------- C:\Program Files\Panda Security
2008-05-31 23:11:19 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-05-31 22:59:54 0 d-------- C:\Documents and Settings\Nicole\WINDOWS
2008-05-31 22:55:18 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-26 10:30:31 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-25 12:38:04 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-25 12:28:31 0 d--hs---- C:\WINDOWS\CSC
2008-05-25 11:35:48 0 d-------- C:\Program Files\McAfee.com
2008-05-25 11:35:02 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-24 18:14:33 0 d-------- C:\Program Files\Windows Sidebar
2008-05-24 17:59:02 0 d-------- C:\Documents and Settings\Nicole\Application Data\SiteAdvisor


-- Find3M Report ---------------------------------------------------------------

2008-06-09 18:22:55 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-09 18:15:22 0 d-------- C:\Program Files\Windows Live Toolbar
2008-06-09 17:52:47 2788 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-07 13:35:57 0 d-a------ C:\Program Files\Common Files
2008-06-01 00:29:01 0 d-------- C:\Program Files\Common Files\AOL
2008-05-26 12:08:07 0 d-------- C:\Program Files\McAfee
2008-05-24 23:05:11 0 d-------- C:\Program Files\BitComet
2008-05-24 13:54:32 0 d-------- C:\Program Files\AIM
2008-05-24 13:54:16 0 d-------- C:\Documents and Settings\Nicole\Application Data\Aim
2008-05-03 18:05:34 0 d-------- C:\Documents and Settings\Nicole\Application Data\WinRAR
2008-04-15 21:16:20 0 d-------- C:\Documents and Settings\Nicole\Application Data\LimeWire


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B62811B-0057-4BE8-B7C0-525D7B809317}]
C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\E9KR6X8X\3077ahntdksr[1].dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Imonitor"="C:\Program Files\McAfee\QuickClean\Plguni.exe" [03/25/2003 04:02 AM]
"DME"="C:\Program Files\Zero Knowledge\DM\DownloadManagerR.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 02:03 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/20/2005 09:54 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/12/2005 12:12 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [12/30/2003 5:54:33 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 12:23:26 AM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [8/11/2004 3:22:40 AM]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 3:12:08 PM]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2/15/2004 6:08:23 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{036309A2-B046-F842-0406-040204020301}]
C:\DOCUME~1\Nicole\LOCALS~1\Temp\nya.exe



-- End of Deckard's System Scanner: finished at 2008-06-14 19:30:38 ------------

The EXTRA.TXT GAVE ME THIS


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 510.3 MiB / 209.9 MiB
Pagefile Memory (total/avail): 863.21 MiB / 603.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.24 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 19.11 GiB total, 3.46 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 149.05 GiB total, 141.87 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD205BA - 19.11 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 19.11 GiB - C:

\\.\PHYSICALDRIVE1 - WDC WD16 00BEVS-00RST0 USB Device - 149.05 GiB - 1 partition
\PARTITION0 - Installable File System - 149.05 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Freedom Firewall v??3????????? (Adelphia) Disabled
FW: McAfee Personal Firewall v (McAfee) Disabled
AV: Freedom Anti-Virus v??3????????? (Adelphia) Disabled Outdated
AV: McAfee VirusScan v (McAfee) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1124230631\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1124230631\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Documents and Settings\\Nicole\\Desktop\\jellybean\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Nicole\\Desktop\\jellybean\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Nicole\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NIKKI
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Nicole
LOGONSERVER=\\NIKKI
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0803
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Nicole\LOCALS~1\Temp
TMP=C:\DOCUME~1\Nicole\LOCALS~1\Temp
USERDOMAIN=NIKKI
USERNAME=Nicole
USERPROFILE=C:\Documents and Settings\Nicole
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Amy (admin)
Nicole (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
BitComet 0.87 --> C:\Program Files\BitComet\uninst.exe
CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Driver Detective --> MsiExec.exe /I{C6794E36-6D7F-46BD-8C5A-5225A91467A2}
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL --> MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Freedom Security & Privacy --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{6CF0D732-8F97-489D-A704-2211D7ACC5D9}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPCCTR --> MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPSFO --> MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
HP Deskjet 3900 series --> C:\Program Files\HP\Digital Imaging\{3819891A-030B-4a4e-98ED-B28A649E48AB}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5} /l1033
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_17bf748e\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.12.11 --> "C:\Documents and Settings\Nicole\Desktop\jellybean\LimeWire\uninstall.exe"
McAfee QuickClean --> MsiExec.exe /I{951DA770-6E72-11D6-B279-0010A4C6B25D}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MuVo Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\setup.exe" -l0x9 /remove
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nikon View 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}\setup.exe" UNINSTALL
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
VCAMCEN --> MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2236 / Error
Event Submitted/Written: 06/14/2008 07:09:34 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 802717761.

Event Record #/Type2235 / Error
Event Submitted/Written: 06/14/2008 07:09:29 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Nicole.exe, version 2.0.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2234 / Success
Event Submitted/Written: 06/14/2008 07:03:31 PM
Event ID/Source: 5103 / Remote Assistance
Event Description:
RA: Expert user (remote user: Jose) has started controlling novice (local user: Nicole)

Event Record #/Type2227 / Success
Event Submitted/Written: 06/14/2008 07:01:01 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2213 / Success
Event Submitted/Written: 06/14/2008 05:33:57 PM
Event ID/Source: 5103 / Remote Assistance
Event Description:
RA: Expert user (remote user: Jose) has started controlling novice (local user: Nicole)



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type14437 / Error
Event Submitted/Written: 06/14/2008 07:01:55 PM
Event ID/Source: 1112 / TermServDevices
Event Description:
Failed to register for user printing preferences change notification. Open the Services snap-in and confirm that the Printer Spooler service is running

Event Record #/Type14436 / Error
Event Submitted/Written: 06/14/2008 07:01:53 PM
Event ID/Source: 10001 / DCOM
Event Description:
Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /.
The error:
"%%233"
Happened while starting this command:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding

Event Record #/Type14390 / Error
Event Submitted/Written: 06/14/2008 06:17:59 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type14389 / Error
Event Submitted/Written: 06/14/2008 05:33:19 PM
Event ID/Source: 1112 / TermServDevices
Event Description:
Failed to register for user printing preferences change notification. Open the Services snap-in and confirm that the Printer Spooler service is running

Event Record #/Type14380 / Error
Event Submitted/Written: 06/14/2008 05:29:23 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.



-- End of Deckard's System Scanner: finished at 2008-06-14 19:30:38 ------------


My internet is working good again bro and for the first time Deckard's System Scanner gave me a extra.txt
What's next???? And sorry it took me a while to get back at you, but I had to send the programs from my comp to my girlfriends comp so i could fix it for her. I was a pain in the A**
Thanks again bro:pray:
 

· TSF Security Manager, Emeritus
Joined
·
51,795 Posts
Things are looking much better.

Before we continue, I have a question.

McAfee AntiVirus appears to be disabled and outdated. Is this the case? This essentially leaves the machine unprotected.

Would you like a different FREE alternative?
 

· TSF Security Manager, Emeritus
Joined
·
51,795 Posts
If you want to move in a different direction, uninstall all these:

Freedom Security & Privacy
McAfee QuickClean
McAfee SecurityCenter


Next...

Download the McAfee Removal Tool.

Double click on MCPR.exe to launch it, then Click Run. A window should appear and disappear, this is normal. A new window should popup and begin the uninstall. When prompted to reboot your computer type Y.

Next.....

P2P - I see you have P2P software (Limewire ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Place a check next to the following entries if they exist (make sure you do not miss any) and click Fix Checked

O2 - BHO: (no name) - {7B62811B-0057-4BE8-B7C0-525D7B809317} - C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\E9KR6X8X\3077ahntdksr[1].dll (file missing)

Close HijackThis now.

---------------------------------------------------------------------------------------------

Next....

Install this FREE AntiVirus program, update it, and run a full system scan.

Avira PersonalEdition Classic

Here is a tutorial on it's setup and use:

http://www.techsupportforum.com/content/Security/Articles/64.html

Don't be alarmed at what it finds..a lot of the finds will be in ComboFix quarantine. Allow Avira to fix anything it finds.

When the scan is complete, click on the Report button. A log file will open. Please post that in your next reply.

Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------
 

· Registered
Joined
·
18 Posts
Discussion Starter · #7 ·
Thanks for the help bro and sorry it took me so long, but I work all week and the weekends are the only time I have time for this. This is my results:



Avira AntiVir Personal
Report file date: Saturday, June 14, 2008 22:22

Scanning for 1331584 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: Nicole
Computer name: NIKKI

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 15:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 14:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 14:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 14:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 16:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 3/7/2008 19:08:58
ANTIVIR2.VDF : 7.0.4.195 2546176 Bytes 6/14/2008 02:14:00
ANTIVIR3.VDF : 7.0.4.196 2048 Bytes 6/14/2008 02:14:00
Engineversion : 8.1.0.55
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 15:58:21
AESCRIPT.DLL : 8.1.0.40 266618 Bytes 6/15/2008 02:14:10
AESCN.DLL : 8.1.0.21 119156 Bytes 6/15/2008 02:14:09
AERDL.DLL : 8.1.0.20 418165 Bytes 6/15/2008 02:14:08
AEPACK.DLL : 8.1.1.5 364918 Bytes 6/15/2008 02:14:07
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 6/15/2008 02:14:06
AEHEUR.DLL : 8.1.0.30 1253750 Bytes 6/15/2008 02:14:06
AEHELP.DLL : 8.1.0.15 115063 Bytes 6/15/2008 02:14:04
AEGEN.DLL : 8.1.0.28 307572 Bytes 6/15/2008 02:14:04
AEEMU.DLL : 8.1.0.6 430451 Bytes 6/15/2008 02:14:03
AECORE.DLL : 8.1.0.31 168310 Bytes 6/15/2008 02:14:01
AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/23/2008 23:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 16:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 19:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 1/23/2008 23:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 14:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/23/2008 23:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 3/10/2008 20:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 18:02:11

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Saturday, June 14, 2008 22:22

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'helpctr.exe' - '1' Module(s) have been scanned
Scan process 'rdsaddin.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'sessmgr.exe' - '1' Module(s) have been scanned
Scan process 'rdshost.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'hprblog.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'devldr32.exe' - '1' Module(s) have been scanned
Scan process 'NkvMon.exe' - '1' Module(s) have been scanned
Scan process 'Kodak Software Updater.exe' - '1' Module(s) have been scanned
Scan process 'EasyShare.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'AcroTray.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'WgaTray.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'acsd.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
47 processes with 47 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '32' files ).


Starting the file scan:

Begin scan in 'C:\' <System>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{8CF99323-19C6-4812-A24E-A0A67B149D1A}\{12356C17-87C2-4336-9C57-4BB7C24C1847}.qbd
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{8CF99323-19C6-4812-A24E-A0A67B149D1A}\{12356C17-87C2-4336-9C57-4BB7C24C1847}.qbd
[DETECTION] Is the Trojan horse TR/Lowzones.SG
[NOTE] The file was deleted!
C:\Documents and Settings\Nicole\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\n.jar-334cf30b-448690a9.zip
[0] Archive type: ZIP
--> HiPointInstallShield.class
[DETECTION] Is the Trojan horse TR/Spy.Agent.RK
[NOTE] The file was moved to '48be7e6d.qua'!
C:\Program Files\Panda Security\ActiveScan 2.0\pskavs.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[NOTE] The file was moved to '48bf855c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\apvloler.dll.vir
[DETECTION] Is the Trojan horse TR/Agent.rep
[NOTE] The file was moved to '48ca8591.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\cbXPheeB.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48ac8584.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\cgmgaxvm.dll.vir
[DETECTION] Is the Trojan horse TR/Proxy.100864
[NOTE] The file was moved to '48c18589.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\epniwtxl.dll.vir
[DETECTION] Is the Trojan horse TR/Agent.reo
[NOTE] The file was moved to '48c28593.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\fiunhdci.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48c9858c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\fmhgkkfx.dll.vir
[DETECTION] Is the Trojan horse TR/Monder.108544.2
[NOTE] The file was moved to '48bc8590.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\fqohgylr.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48c38595.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\gmdbndwo.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.Morphine.Gen
[NOTE] The file was moved to '48b88591.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\grpxtdro.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.ESY
[NOTE] The file was moved to '48c48597.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\hfmnldjd.dll.vir
[DETECTION] Is the Trojan horse TR/Monder.NB
[NOTE] The file was moved to '48c1858b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\hsemxflq.dll.vir
[DETECTION] Is the Trojan horse TR/Agent.reo
[NOTE] The file was moved to '48b98598.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\iixbkclj.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48cc858f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\iokicvss.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48bf8595.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\kwheeoeg.dll.vir
[DETECTION] Is the Trojan horse TR/Lowzones.EN
[NOTE] The file was moved to '48bc859e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\lpbxptig.dll.vir
[DETECTION] Is the Trojan horse TR/Monder.108544.1
[NOTE] The file was moved to '48b68597.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\mcebethk.dll.vir
[DETECTION] Is the Trojan horse TR/Monder.133120.1
[NOTE] The file was moved to '48b9858b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ncppewhj.exe.vir
[DETECTION] Is the Trojan horse TR/Lowzones.SG
[NOTE] The file was moved to '48c4858b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\nrueybse.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48c9859a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\oktnlejq.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48c88594.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\plpqxigi.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48c48595.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\qfcxxakd.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48b78590.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\rmsfpnqj.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48c78598.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\rpyofcgm.dll.vir
[DETECTION] Is the Trojan horse TR/Monder.92160
[NOTE] The file was moved to '48cd859b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\teiyclxm.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48bd8591.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tsktjfoj.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48bf859f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wsimljgg.dll.vir
[DETECTION] Is the Trojan horse TR/Monder.126976.1
[NOTE] The file was moved to '48bd85a0.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\xybpvajl.dll.vir
[DETECTION] Is the Trojan horse TR/Monder.133120.1
[NOTE] The file was moved to '48b685a7.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\yyjuneva.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.ESF.1
[NOTE] The file was moved to '48be85a7.qua'!
C:\WINDOWS\$NtUninstallKB824141$\user32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\hh.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\itss.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\locator.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\magnify.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\narrator.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\ole32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\osk.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\shell32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\srv.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\user32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\win32k.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$\ndis.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$\netshell.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\es.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll
[WARNING] The file could not be opened!
Begin scan in 'F:\' <SignatureMini>


End of the scan: Saturday, June 14, 2008 23:45
Used time: 1:23:52 min

The scan has been done completely.

5309 Scanning directories
258643 Files were scanned
31 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
30 files were moved to quarantine
0 files were renamed
76 Files cannot be scanned
258612 Files not concerned
7390 Archives were scanned
76 Warnings
31 Notes

THANKS AGAINNNNNN:wave:
 

· Registered
Joined
·
18 Posts
Discussion Starter · #10 ·
Here you go:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:15:48 PM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 169.254.156:129
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [DME] C:\Program Files\Zero Knowledge\DM\DownloadManagerR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157231781356
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7073 bytes
 

· TSF Security Manager, Emeritus
Joined
·
51,795 Posts
Are you using remote desktop in this machine?

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked

      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Please run this online scan to help look for remnants.

First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one.

Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan.


Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

How is the machine behaving?
 

· Registered
Joined
·
18 Posts
Discussion Starter · #12 ·
Here's the Kaspersky Log (missing log):

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, June 23, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, June 23, 2008 10:11:53
Records in database: 880422
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 50968
Threat name: 8
Infected objects: 14
Suspicious objects: 0
Duration of the scan: 05:19:12


File name / Threat name / Threats count
C:\Documents and Settings\Nicole\Desktop\Norton\norton.EXE Infected: Backdoor.Win32.Agent.aox 1
C:\Documents and Settings\Nicole\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Nicole\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\QooBox\Quarantine\C\WINDOWS\system32\agilnuum.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.xjc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ckhsqeru.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ibuodmdw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ytd 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jysunewa.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\otigluah.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnmmNgF.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rweijulg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ytc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\sicpvgfd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.vjr 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvUOEVO.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\uioihtag.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\catchme2008-06-14_184658.64.zip Infected: Trojan.Win32.Pakes.cym 1

The selected area was scanned.


Thank You! :grin:
 

· TSF Security Manager, Emeritus
Joined
·
51,795 Posts
Please go to: VirusTotal
  • On the page you'll find a "Browse" button.
  • Next to the browse button you'll see a box to enter text.
  • Please copy/paste the following in BOLD:

    C:\Documents and Settings\Nicole\Desktop\Norton\norton.EXE

  • Then click the "Send File " button just below.
  • This will scan the file. Please be patient.
  • Once scanned, copy and paste the results in your next reply.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Also tell me how the machine is behaving.
 

· Registered
Joined
·
18 Posts
Discussion Starter · #14 ·
This may be a dumb question, but my boyfriend is the one trying to fix my computer, long distance.....and I can't get a hold of him. When I select the text "C:\Documents and Settings\Nicole\Desktop\Norton\norton.EXE" it does not paste in BOLD....how do I get this function to work?

Thanks!

~Nicole
 

· Registered
Joined
·
18 Posts
Discussion Starter · #16 ·
The VirusScan took a good hour...and these are the results.....

Bigger than max permited size / Mayor del tamaño máximo permitido

I am not sure what to do next...run HIJACK?

Other than that, my computer runs good... for how old it is :wink:

I want to thank you so much for taking the time out to help me with this..I can't live without my computer!!!! :pray:

~Nicole
 

· TSF Security Manager, Emeritus
Joined
·
51,795 Posts
Scan should only take a few minutes.

Please zip the file (right click, Send To> Compressed (zipped) Folder and upload it here:


http://www.bleepingcomputer.com/submit-malware.php?channel=28


If you need help on how to zip a file

http://www.bleepingcomputer.com/tutorials/tutorial105.html


To create a ZIP file:

Right click on a file, folder, or selection of files and click on the Send To menu option and then choose Compressed (zipped) Folder. The image below shows the location of these menu items:



After selecting the Compressed (zipped) Folder menu option, the files will be zipped and you should now see a file that ends with .ZIP. The files name will be the name of the folder or file you compressed. If you compressed a selection of files, it will be the name of the first file in that selection.

And yes, please also post a new HijackThis log.
 

· Registered
Joined
·
18 Posts
Discussion Starter · #18 ·
This is what I got when I made the link a Zip Drive and copied and pasted it....."Your file was successfully submitted. Please let the user helping you know that you have submitted the file."

HIJack Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:31 PM, on 6/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 169.254.156:129
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [DME] C:\Program Files\Zero Knowledge\DM\DownloadManagerR.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157231781356
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7019 bytes



~Nicole
 

· TSF Security Manager, Emeritus
Joined
·
51,795 Posts
Hi Nicole -

Unfortunately, what I got was a document of the file path, not a zipped copy of the file.

I need you to navigate to this folder on your desktop,

C:\Documents and Settings\Nicole\Desktop\Norton

and then repeat the procedure by right clicking on the file, norton.exe and then zip it up. Then submit it to the same site.

The path should be

C:\Documents and Settings\Nicole\Desktop\Norton\norton.zip


Do not double click on it. Only single right click on it, please.
 
1 - 19 of 19 Posts
Status
Not open for further replies.
Top