Cant Remove TrojanDownloader.NX [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

1 2 >

Cant Remove TrojanDownloader.NX [RESOLVED], Computer running slow, windows security center says i have TrojanDownl

Options

FX3 View Member Profile	Jan 17 2008, 12:29 PM Post #1
Member Posts: 12 OS: Windows XP	Hello, Im new here and have a problem. Windows security center says i have a TrojanDownloader.NX on my computer and must remove it. There is a link to go to and its just a bogus website. There is also a yellow triangle in the taskbar and when ever i click on it it goes to the same website. Aslo, their is a different Windows Security Center message (its red) and says their is a specific spyware on my computer. I dont know what to do. I run spybot as well as webroot spy sweeper and it picks up nothing. I downloaded HijackThis v2.0.2 and heres a recent log. Also, my task manager does not work and says it has been disabled my the Administrator. Please Help!!!!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:29:01 PM, on 1/17/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\system32\qiawpbjj.exe F:\WINDOWS\system32\devldr32.exe F:\WINDOWS\Explorer.EXE F:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe F:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe F:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE F:\PROGRA~1\mcafee.com\vso\mcvsshld.exe F:\PROGRA~1\mcafee.com\agent\mcagent.exe f:\progra~1\mcafee.com\vso\mcvsescn.exe F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe F:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe F:\Program Files\Common Files\AOL\1124472623\ee\AOLSoftware.exe F:\Program Files\iTunes\iTunesHelper.exe F:\WINDOWS\System32\CTsvcCDA.EXE F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe F:\WINDOWS\Dit.exe F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe F:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe F:\Program Files\Messenger\msmsgs.exe f:\PROGRA~1\mcafee.com\vso\mcvsrte.exe F:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe F:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe F:\WINDOWS\system32\ctfmon.exe F:\WINDOWS\System32\svchost.exe F:\Program Files\Viewpoint\Common\ViewpointService.exe F:\WINDOWS\wanmpsvc.exe F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe f:\progra~1\mcafee.com\vso\mcvsftsn.exe F:\Program Files\Microsoft Office\Office10\msoffice.exe F:\WINDOWS\System32\MsPMSPSv.exe f:\PROGRA~1\mcafee.com\vso\mcshield.exe F:\Program Files\iPod\bin\iPodService.exe F:\Program Files\Webroot\Spy Sweeper\SSU.EXE F:\Program Files\Trend Micro\HijackThis\HijackThis.exe f:\program files\common files\aol\1124472623\ee\aolsoftware.exe F:\WINDOWS\system32\winlogon.exe F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe F:\WINDOWS\system32\wuauclt.exe f:\program files\common files\aol\1124472623\ee\aolsoftware.exe F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\qiawpbjj.exe,F:\WINDOWS\system32\userinit.exe O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file) O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file) O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file) O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file) O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file) O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file) O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file) O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file) O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file) O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file) O2 - BHO: (no name) - {66E72884-4FD2-464F-A6B8-468F31C40E36} - (no file) O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file) O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file) O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file) O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file) O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file) O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file) O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file) O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file) O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file) O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file) O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file) O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - f:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" O4 - HKLM\..\Run: [DIAGENT] "F:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE" startup O4 - HKLM\..\Run: [AHQInit] "F:\Program Files\Creative\SBLive\Program\AHQInit.exe" O4 - HKLM\..\Run: [VSOCheckTask] "f:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "f:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] f:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] F:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MPFExe] F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [AOLDialer] "F:\Program Files\Common Files\AOL\ACS\AOLDial.exe" O4 - HKLM\..\Run: [AOL Spyware Protection] "F:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [HostManager] "F:\Program Files\Common Files\AOL\1124472623\ee\AOLSoftware.exe" O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ViewMgr] "F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" O4 - HKLM\..\Run: [CICache] CICache.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" O4 - HKLM\..\Run: [KernelFaultCheck] F:\WINDOWS\system32\dumprep 0 -k O4 - HKLM\..\Run: [SpySweeper] F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKCU\..\Run: [AIM] "F:\Program Files\AIM\aim.exe" -cnetwait.odl O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Aim6] "F:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [swg] "F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-436374069-1035525444-725345543-1007\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background (User 'Sarah McGorry') O4 - HKUS\S-1-5-21-436374069-1035525444-725345543-1007\..\Run: [System Support] system32.exe (User 'Sarah McGorry') O4 - HKUS\S-1-5-21-436374069-1035525444-725345543-1007\..\Run: [Aim6] "F:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'Sarah McGorry') O4 - HKUS\S-1-5-21-436374069-1035525444-725345543-1007\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User 'Sarah McGorry') O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = F:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Save Image to Folder - res://F:\Program Files\AskBar\bar\bin\askBar.dll/saveimagetofolder.html O8 - Extra context menu item: &Save Image to MyStuff - res://F:\Program Files\AskBar\bar\bin\askBar.dll/saveimages.html O8 - Extra context menu item: &Save Link to Folder - res://F:\Program Files\AskBar\bar\bin\askBar.dll/saveltof.html O8 - Extra context menu item: &Save Link to MyStuff - res://F:\Program Files\AskBar\bar\bin\askBar.dll/savelink.html O8 - Extra context menu item: &Save Page to Folder... - res://F:\Program Files\AskBar\bar\bin\askBar.dll/savepagetofolder.html O8 - Extra context menu item: &Save this Page to MyStuff - res://F:\Program Files\AskBar\bar\bin\askBar.dll/savewebpage.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Microsoft AntiSpyware helper - {99868720-F4B1-4636-88C3-1BC09F510657} - F:\WINDOWS\System32\wldr.dll (file missing) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {99868720-F4B1-4636-88C3-1BC09F510657} - F:\WINDOWS\System32\wldr.dll (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .asx: F:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll O12 - Plugin for .wmv: F:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1119890110780 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab O21 - SSODL: E404Helper - {cd1a382a-ef49-4ac6-8ca1-b17d9c1c35f6} - e404d.dll (file missing) O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - F:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - F:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - F:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - F:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - f:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - F:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - f:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - F:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - F:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - F:\WINDOWS\wanmpsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 13187 bytes

Rorschach112 View Member Profile	Jan 17 2008, 02:41 PM Post #2
GeekU Teacher Posts: 34,385 From: Dublin OS: XP	Hello Download ComboFix from one of the locations below, and save it to your Desktop. Link 1 Link 2 Link 3 Double click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall

FX3 View Member Profile	Jan 17 2008, 04:38 PM Post #3
Member Posts: 12 OS: Windows XP	Thanks for your reply. Heres a log from ComboFix ComboFix 08-01-18.1 - Franny 2008-01-18 17:14:25.2 - NTFSx86 Running from: F:\Documents and Settings\Franny\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin3.zip F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin4.zip F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin5.zip F:\Program Files\3721 F:\Program Files\3721\assist\asbar.dll F:\Program Files\3721\helper.dll F:\Program Files\Accoona F:\Program Files\Accoona\ASearchAssist.dll F:\Program Files\akl F:\Program Files\akl\akl.dll F:\Program Files\akl\akl.exe F:\Program Files\akl\curlog.htm F:\Program Files\akl\keylog.txt F:\Program Files\akl\readme.txt F:\Program Files\akl\uninstall.exe F:\Program Files\akl\unsetup.dat F:\Program Files\akl\unsetup.exe F:\Program Files\amsys F:\Program Files\amsys\awmsg.dat F:\Program Files\amsys\guid.dat F:\Program Files\amsys\ijl15.dll F:\Program Files\amsys\mfc42.dll F:\Program Files\amsys\msvcrt.dll F:\Program Files\amsys\unins000.dat F:\Program Files\amsys\unis000.exe F:\Program Files\amsys\winam.dat F:\Program Files\e-zshopper F:\Program Files\e-zshopper\BarLcher.dll F:\Program Files\p2pnetworks F:\Program Files\p2pnetworks\amp2pl.exe F:\WINDOWS\764.exe F:\WINDOWS\7search.dll F:\WINDOWS\absolute key logger.lnk F:\WINDOWS\aconti.exe F:\WINDOWS\aconti.ini F:\WINDOWS\aconti.log F:\WINDOWS\aconti.sdb F:\WINDOWS\acontidialer.txt F:\WINDOWS\adbar.dll F:\WINDOWS\cbinst$.exe F:\WINDOWS\daxtime.dll F:\WINDOWS\default.htm F:\WINDOWS\dp0.dll F:\WINDOWS\eventlowg.dll F:\WINDOWS\fhfmm-Uninstaller.exe F:\WINDOWS\fhfmm.exe F:\WINDOWS\flt.dll F:\WINDOWS\hcwprn.exe F:\WINDOWS\hotporn.exe F:\WINDOWS\ie_32.exe F:\WINDOWS\iexplorr23.dll F:\WINDOWS\jd2002.dll F:\WINDOWS\kkcomp$.exe F:\WINDOWS\kkcomp.dll F:\WINDOWS\kkcomp.exe F:\WINDOWS\kvnab$.exe F:\WINDOWS\kvnab.dll F:\WINDOWS\kvnab.exe F:\WINDOWS\liqad$.exe F:\WINDOWS\liqad.dll F:\WINDOWS\liqad.exe F:\WINDOWS\liqui-Uninstaller.exe F:\WINDOWS\liqui.dll F:\WINDOWS\liqui.exe F:\WINDOWS\ngd.dll F:\WINDOWS\pbar.dll F:\WINDOWS\pbsysie.dll F:\WINDOWS\settn.dll F:\WINDOWS\spredirect.dll F:\WINDOWS\system32\ace16win.dll F:\WINDOWS\system32\acespy F:\WINDOWS\system32\acespy\__acelog.ndx F:\WINDOWS\system32\acespy\systune.exe F:\WINDOWS\system32\din.ip F:\WINDOWS\system32\drivers\4_stars.gif F:\WINDOWS\system32\drivers\5_stars.gif F:\WINDOWS\system32\drivers\alert_icon.gif F:\WINDOWS\system32\drivers\arrow.gif F:\WINDOWS\system32\drivers\buy_btn.gif F:\WINDOWS\system32\drivers\close_icon.gif F:\WINDOWS\system32\drivers\detect.htm F:\WINDOWS\system32\drivers\download_btn.gif F:\WINDOWS\system32\drivers\features.gif F:\WINDOWS\system32\drivers\header_bg.gif F:\WINDOWS\system32\drivers\icon_warning.gif F:\WINDOWS\system32\drivers\logo_bg.gif F:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg F:\WINDOWS\system32\drivers\perfect_cleaner_box_small.jpg F:\WINDOWS\system32\drivers\perfect_cleaner_header.gif F:\WINDOWS\system32\drivers\perfect_cleaner_header_small.gif F:\WINDOWS\system32\drivers\protect.gif F:\WINDOWS\system32\drivers\s_detect.htm F:\WINDOWS\system32\drivers\secuity_center_logo.gif F:\WINDOWS\system32\drivers\spy_away_box.jpg F:\WINDOWS\system32\drivers\spy_away_box_small.jpg F:\WINDOWS\system32\drivers\spy_away_header.gif F:\WINDOWS\system32\drivers\spy_away_header_small.gif F:\WINDOWS\system32\drivers\users_rating.gif F:\WINDOWS\system32\drivers\v.gif F:\WINDOWS\system32\drivers\x.gif F:\WINDOWS\system32\ESHOPEE.exe F:\WINDOWS\system32\gtv_sd.bin F:\WINDOWS\system32\jofstvyt.sbin F:\WINDOWS\system32\msole32.exe F:\WINDOWS\system32\prrbpgbr.sys F:\WINDOWS\system32\stfv.bin F:\WINDOWS\system32\sznf.ascii F:\WINDOWS\system32\vxddsk.exe F:\WINDOWS\system32\wml.exe F:\WINDOWS\vxddsk.exe F:\WINDOWS\wbeCheck.exe F:\WINDOWS\wbeInst$.exe F:\WINDOWS\winh32.exe F:\WINDOWS\wml.exe F:\WINDOWS\xadbrk.dll F:\WINDOWS\xadbrk.exe F:\WINDOWS\xadbrk_.exe F:\WINDOWS\xxxvideo.exe . ((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))) . 2008-01-18 17:24 . 2008-01-18 17:24 <DIR> d-------- F:\Program Files\e-zshopper 2008-01-18 17:24 . 2008-01-18 17:24 <DIR> d-------- F:\Program Files\amsys 2008-01-18 17:23 . 2008-01-18 17:24 <DIR> d-------- F:\WINDOWS\system32\acespy 2008-01-18 17:23 . 2008-01-18 17:25 <DIR> d-------- F:\Program Files\p2pnetworks 2008-01-18 17:23 . 2008-01-18 17:25 <DIR> d-------- F:\Program Files\akl 2008-01-18 17:23 . 2008-01-18 17:25 <DIR> d-------- F:\Program Files\Accoona 2008-01-18 17:23 . 2008-01-18 17:25 <DIR> d-------- F:\Program Files\3721 2008-01-17 16:58 . 2000-08-31 08:00 51,200 --a------ F:\WINDOWS\NirCmd.exe 2008-01-16 16:47 . 2008-01-16 16:47 <DIR> d-------- F:\Program Files\Trend Micro 2008-01-16 13:43 . 2008-01-16 13:43 <DIR> d-------- F:\Documents and Settings\NetworkService\Application Data\Webroot 2008-01-16 13:30 . 2008-01-16 13:30 <DIR> d-------- F:\Program Files\Common Files\Symantec Shared 2008-01-16 13:30 . 2008-01-16 13:30 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Symantec 2008-01-14 19:44 . 2008-01-14 19:44 54,156 --ah----- F:\WINDOWS\QTFont.qfn 2008-01-14 19:44 . 2008-01-14 19:44 1,409 --a------ F:\WINDOWS\QTFont.for 2008-01-12 20:34 . 2008-01-12 20:34 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\acccore 2008-01-12 15:47 . 2008-01-12 15:47 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Webroot 2008-01-05 13:56 . 2008-01-05 13:56 <DIR> d-------- F:\Documents and Settings\Franny\Application Data\Webroot 2008-01-05 11:52 . 2008-01-05 11:52 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Webroot 2008-01-05 11:52 . 2007-10-01 16:40 1,526,072 --a------ F:\WINDOWS\WRSetup.dll 2008-01-05 11:52 . 2007-10-01 16:24 20,280 --a------ F:\WINDOWS\system32\drivers\SSFS0BB9.sys 2008-01-04 22:42 . 2008-01-05 11:51 164 --a------ F:\install.dat 2008-01-01 17:18 . 2008-01-01 17:18 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Apple Computer 2007-12-26 11:09 . 2007-12-26 11:09 <DIR> d-------- F:\Documents and Settings\Franny\Application Data\ArcSoft 2007-12-26 10:59 . 2007-12-26 11:00 <DIR> d-------- F:\My Videos 2007-12-25 10:46 . 2006-10-04 09:06 1,197,294 -----c--- F:\WINDOWS\system32\dllcache\sysmain.sdb 2007-12-25 10:46 . 2006-10-04 09:06 764,868 -----c--- F:\WINDOWS\system32\dllcache\apph_sp.sdb 2007-12-25 10:46 . 2006-10-04 09:06 217,118 -----c--- F:\WINDOWS\system32\dllcache\apphelp.sdb 2007-12-25 10:45 . 2008-01-10 19:26 870,128 --a------ F:\WINDOWS\system32\mcs.rma 2007-12-25 10:45 . 2008-01-10 19:26 4 --a------ F:\WINDOWS\system32\BEB8A3 2007-12-25 10:41 . 2007-12-25 11:41 <DIR> d-------- F:\WINDOWS\system32\drivers\UMDF 2007-12-25 10:35 . 2007-12-25 10:35 8,413 --a------ F:\WINDOWS\system32\drivers\mcstrm.sys 2007-12-25 10:21 . 2007-12-25 12:15 <DIR> d-------- F:\Program Files\Best Buy Rhapsody 2007-12-25 10:16 . 2007-12-25 10:16 <DIR> d-------- F:\Program Files\Common Files\ArcSoft 2007-12-25 10:16 . 2007-12-25 10:16 <DIR> d-------- F:\Program Files\ArcSoft 2007-12-25 10:16 . 2006-01-24 10:20 1,645,320 --a------ F:\WINDOWS\system32\GdiPlus.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-18 22:24 9,984 ----a-w F:\WINDOWS\kvnab$.exe 2008-01-18 22:24 9,728 ----a-w F:\WINDOWS\kvnab.dll 2008-01-18 22:24 9,472 ----a-w F:\WINDOWS\liqad.exe 2008-01-18 22:24 32,256 ----a-w F:\WINDOWS\wbeInst$.exe 2008-01-18 22:24 32,256 ----a-w F:\WINDOWS\hcwprn.exe 2008-01-18 22:24 32,000 ----a-w F:\WINDOWS\settn.dll 2008-01-18 22:24 31,744 ----a-w F:\WINDOWS\kvnab.exe 2008-01-18 22:24 30,464 ----a-w F:\WINDOWS\xadbrk.exe 2008-01-18 22:24 30,464 ----a-w F:\WINDOWS\system32\ESHOPEE.exe 2008-01-18 22:24 29,440 ----a-w F:\WINDOWS\xadbrk_.exe 2008-01-18 22:24 29,184 ----a-w F:\WINDOWS\liqad.dll 2008-01-18 22:24 28,672 ----a-w F:\WINDOWS\liqad$.exe 2008-01-18 22:24 28,672 ----a-w F:\WINDOWS\jd2002.dll 2008-01-18 22:24 28,672 ----a-w F:\WINDOWS\eventlowg.dll 2008-01-18 22:24 27,904 ----a-w F:\WINDOWS\iexplorr23.dll 2008-01-18 22:24 26,624 ----a-w F:\WINDOWS\xadbrk.dll 2008-01-18 22:24 26,624 ----a-w F:\WINDOWS\wbeCheck.exe 2008-01-18 22:24 26,112 ----a-w F:\WINDOWS\liqui-Uninstaller.exe 2008-01-18 22:24 25,088 ----a-w F:\WINDOWS\adbar.dll 2008-01-18 22:24 24,832 ----a-w F:\WINDOWS\kkcomp.exe 2008-01-18 22:24 24,832 ----a-w F:\WINDOWS\cbinst$.exe 2008-01-18 22:24 24,320 ----a-w F:\WINDOWS\spredirect.dll 2008-01-18 22:24 23,552 ----a-w F:\WINDOWS\fhfmm.exe 2008-01-18 22:24 23,040 ----a-w F:\WINDOWS\pbsysie.dll 2008-01-18 22:24 21,248 ----a-w F:\WINDOWS\daxtime.dll 2008-01-18 22:24 18,432 ----a-w F:\WINDOWS\kkcomp$.exe 2008-01-18 22:24 15,360 ----a-w F:\WINDOWS\liqui.exe 2008-01-18 22:24 15,360 ----a-w F:\WINDOWS\liqui.dll 2008-01-18 22:24 14,592 ----a-w F:\WINDOWS\system32\msole32.exe 2008-01-18 22:24 14,592 ----a-w F:\WINDOWS\kkcomp.dll 2008-01-18 22:24 13,568 ----a-w F:\WINDOWS\fhfmm-Uninstaller.exe 2008-01-18 22:23 26,624 ----a-w F:\WINDOWS\hotporn.exe 2008-01-18 22:23 26,368 ----a-w F:\WINDOWS\wml.exe 2008-01-18 22:23 25,856 ----a-w F:\WINDOWS\flt.dll 2008-01-18 22:23 24,320 ----a-w F:\WINDOWS\xxxvideo.exe 2008-01-18 22:23 23,808 ----a-w F:\WINDOWS\ie_32.exe 2008-01-18 22:23 23,552 ----a-w F:\WINDOWS\dp0.dll 2008-01-18 22:23 22,528 ----a-w F:\WINDOWS\7search.dll 2008-01-18 22:23 20,992 ----a-w F:\WINDOWS\ngd.dll 2008-01-18 22:23 18,944 ----a-w F:\WINDOWS\system32\wml.exe 2008-01-18 22:23 18,432 ----a-w F:\WINDOWS\system32\ace16win.dll 2008-01-18 22:23 15,104 ----a-w F:\WINDOWS\system32\vxddsk.exe 2008-01-18 22:23 12,800 ----a-w F:\WINDOWS\vxddsk.exe 2008-01-18 22:23 12,800 ----a-w F:\WINDOWS\pbar.dll 2008-01-18 22:22 13,056 ----a-w F:\WINDOWS\764.exe 2008-01-17 03:12 13,568 ----a-w F:\WINDOWS\system32\drivers\USBCRFT.SYS 2008-01-11 01:45 --------- d-----w F:\Program Files\Google 2008-01-10 21:27 --------- d-----w F:\Documents and Settings\Franny\Application Data\LimeWire 2008-01-09 20:39 --------- d--h--w F:\Program Files\InstallShield Installation Information 2007-12-29 16:08 --------- d-----w F:\Documents and Settings\Franny\Application Data\U3 2007-12-25 15:24 --------- d-----w F:\Program Files\Real 2007-12-25 13:33 --------- d-----w F:\Documents and Settings\All Users\Application Data\Viewpoint 2007-12-24 19:19 --------- d-----w F:\Program Files\Pure Networks 2007-12-24 06:35 --------- d-----w F:\Documents and Settings\Faith McGorry\Application Data\Lavasoft 2007-12-24 06:32 --------- d-----w F:\Program Files\QuickTime 2007-12-24 06:03 --------- d-----w F:\Program Files\Microsoft AntiSpyware 2007-12-24 05:39 --------- d-----w F:\Program Files\Creative 2007-12-24 05:39 --------- d-----w F:\Program Files\Common Files\aolshare 2007-12-24 05:39 --------- d-----w F:\Program Files\Common Files\AOL 2007-12-24 05:38 --------- d-----w F:\Program Files\America Online 9.0 2007-12-24 05:36 --------- d-----w F:\Program Files\Common Files\Adobe 2007-12-15 17:06 --------- d-----w F:\Documents and Settings\Faith McGorry\Application Data\U3 2007-11-30 22:15 131,592 ----a-w F:\WINDOWS\system32\qiawpbjj.exe 2007-11-07 09:26 721,920 ----a-w F:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:43 1,287,680 ----a-w F:\WINDOWS\system32\quartz.dll 2007-10-27 22:40 222,720 ----a-w F:\WINDOWS\system32\wmasf.dll 2007-03-19 22:58 20,992 ----a-w F:\Documents and Settings\Franny\Application Data\GDIPFONTCACHEV1.DAT 2006-12-13 21:56 21,296 ----a-w F:\Documents and Settings\sean\Application Data\GDIPFONTCACHEV1.DAT 2005-04-10 17:03 20,520 ----a-w F:\Documents and Settings\Faith McGorry\Application Data\GDIPFONTCACHEV1.DAT 2001-08-18 12:00 94,784 --sh--w F:\WINDOWS\twain.dll 2004-08-04 04:56 50,688 --sh--w F:\WINDOWS\twain_32.dll 2004-08-04 04:56 54,784 --sha-w F:\WINDOWS\system32\msvcirt.dll 2004-08-04 04:56 343,040 --sha-w F:\WINDOWS\system32\msvcrt.dll 2007-05-17 11:28 549,376 --sh--w F:\WINDOWS\system32\oleaut32.dll 2004-08-04 04:56 83,456 --sh--w F:\WINDOWS\system32\olepro32.dll 2004-08-04 04:56 11,776 --sh--w F:\WINDOWS\system32\regsvr32.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66E72884-4FD2-464F-A6B8-468F31C40E36}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AIM"="F:\Program Files\AIM\aim.exe" [2006-08-01 14:35 67112] "MSMSGS"="F:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208] "Aim6"="F:\Program Files\AIM6\aim6.exe" [2007-09-29 15:22 50528] "swg"="F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-08 19:43 68856] "ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Share-to-Web Namespace Daemon"="F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 12:11 57344] "DIAGENT"="F:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.exe" [2001-08-30 04:00 172122] "AHQInit"="F:\Program Files\Creative\SBLive\Program\AHQInit.exe" [2001-03-27 20:00 102400] "VSOCheckTask"="f:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 21:02 122880] "VirusScan Online"="f:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2003-08-18 00:50 163840] "MCAgentExe"="f:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2003-08-27 14:00 245760] "MCUpdateExe"="F:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2003-08-21 21:10 180224] "MPFExe"="F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-04-19 10:29 1187899] "AOLDialer"="F:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50 71216] "AOL Spyware Protection"="F:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 13:17 78960] "HostManager"="F:\Program Files\Common Files\AOL\1124472623\ee\AOLSoftware.exe" [2006-09-25 19:52 50736] "TkBellExe"="F:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-07-04 21:52 180269] "QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624] "iTunesHelper"="F:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576] "ViewMgr"="F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [2004-11-10 23:15 111816] "CICache"="CICache.exe" [2002-09-05 14:21 24576 F:\WINDOWS\CICache.exe] "Dit"="Dit.exe" [2004-04-27 14:34 86016 F:\WINDOWS\Dit.exe] "Adobe Photo Downloader"="F:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 07:55 61440] "KernelFaultCheck"="F:\WINDOWS\system32\dumprep 0 -k" [ ] "SpySweeper"="F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40 5367608] F:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HPAiODevice(hp officejet 7100 series) - 1.lnk - F:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe [2002-11-23 19:55:48] Kodak EasyShare software.lnk - F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-09-03 06:45:28] Kodak software updater.lnk - F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08] Microsoft Office.lnk - F:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 04:01:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "<NO NAME>"= 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "E404Helper"= {cd1a382a-ef49-4ac6-8ca1-b17d9c1c35f6} - e404d.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 11:24 1694208 F:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup] R2 Viewpoint Manager Service;Viewpoint Manager Service;"F:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38] S3 bfastfao;bfastfao;F:\DOCUME~1\sean\LOCALS~1\Temp\bfastfao.sys [2001-09-19 23:07] S3 CardReaderFilter;Card Reader Filter;F:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-01-16 22:12] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\LaunchU3.exe -a Newly Created Service - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2008-01-15 17:26:00 F:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - F:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-01-18 22:29:00 F:\WINDOWS\Tasks\McAfee.com Update Check (PHILADEL-K4X8AA-Faith McGorry).job" - F:\PROGRA~1\mcafee.com\agent\mcupdate.ex - F:\PROGRA~1\mcafee.com\agent "2008-01-18 22:25:00 F:\WINDOWS\Tasks\McAfee.com Update Check (PHILADEL-K4X8AA-Fran McGorry).job" - F:\PROGRA~1\mcafee.com\agent\mcupdate.ex - F:\PROGRA~1\mcafee.com\agent "2008-01-18 22:26:00 F:\WINDOWS\Tasks\McAfee.com Update Check (PHILADEL-K4X8AA-Fran).job" - F:\PROGRA~1\mcafee.com\agent\mcupdate.ex - F:\PROGRA~1\mcafee.com\agent "2008-01-18 22:28:00 F:\WINDOWS\Tasks\McAfee.com Update Check (PHILADEL-K4X8AA-Franny McGorry).job" - F:\PROGRA~1\mcafee.com\agent\mcupdate.ex - F:\PROGRA~1\mcafee.com\agent "2008-01-18 22:25:00 F:\WINDOWS\Tasks\McAfee.com Update Check (PHILADEL-K4X8AA-Franny).job" - F:\PROGRA~1\mcafee.com\agent\mcupdate.ex - F:\PROGRA~1\mcafee.com\agent.FrannyYMcAfee SecurityCenter periodically checks for updates for your McAfee Security Services. "2008-01-18 22:25:00 F:\WINDOWS\Tasks\McAfee.com Update Check (PHILADEL-K4X8AA-Sarah McGorry).job" - F:\PROGRA~1\mcafee.com\agent\mcupdate.ex - F:\PROGRA~1\mcafee.com\agent "2008-01-18 22:25:00 F:\WINDOWS\Tasks\McAfee.com Update Check (PHILADEL-K4X8AA-sean).job" - F:\PROGRA~1\mcafee.com\agent\mcupdate.ex - F:\PROGRA~1\mcafee.com\agent "2008-01-18 22:25:00 F:\WINDOWS\Tasks\McAfee.com Update Check (PHILADEL-K4X8AA-Stephen McGorry).job" - F:\PROGRA~1\mcafee.com\agent\mcupdate.ex - F:\PROGRA~1\mcafee.com\agent "2008-01-18 22:29:00 F:\WINDOWS\Tasks\McAfee.com Update Check (PHILADEL-K4X8AA-Steve).job" - F:\PROGRA~1\mcafee.com\agent\mcupdate.ex - F:\PROGRA~1\mcafee.com\agent "2008-01-15 04:00:00 F:\WINDOWS\Tasks\wrSpySweeper_L8E29693CA260428AA2A8269F7784436E.job" - F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe>/ScheduleSweep=wrSpySweeper_L8E29693CA260428AA2A8269F7784436E - F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex - A:\ . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-18 17:25:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... F:\WINDOWS\system32\vxddsk.exe 20736 bytes F:\WINDOWS\system32\wml.exe 21248 bytes F:\WINDOWS\system32\msole32.exe 23808 bytes scan completed successfully hidden files: 3 ************************************************************************ . Completion time: 2008-01-18 17:29:36 ComboFix-quarantined-files.txt 2008-01-18 22:29:23 . 2008-01-10 08:03:22 --- E O F --- AND here is HijackThis Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:38:09 PM, on 1/18/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\system32\qiawpbjj.exe F:\WINDOWS\system32\devldr32.exe F:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe F:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe F:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE F:\PROGRA~1\mcafee.com\vso\mcvsshld.exe F:\PROGRA~1\mcafee.com\agent\mcagent.exe f:\progra~1\mcafee.com\vso\mcvsescn.exe F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe F:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe F:\Program Files\Common Files\AOL\1124472623\ee\AOLSoftware.exe F:\Program Files\iTunes\iTunesHelper.exe F:\WINDOWS\System32\CTsvcCDA.EXE F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe F:\WINDOWS\Dit.exe F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe F:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe F:\Program Files\Messenger\msmsgs.exe f:\PROGRA~1\mcafee.com\vso\mcvsrte.exe F:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe F:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe F:\WINDOWS\system32\ctfmon.exe F:\WINDOWS\System32\svchost.exe F:\Program Files\Viewpoint\Common\ViewpointService.exe F:\WINDOWS\wanmpsvc.exe F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe f:\progra~1\mcafee.com\vso\mcvsftsn.exe F:\Program Files\Microsoft Office\Office10\msoffice.exe F:\WINDOWS\System32\MsPMSPSv.exe F:\Program Files\iPod\bin\iPodService.exe F:\Program Files\Webroot\Spy Sweeper\SSU.EXE F:\Program Files\Trend Micro\HijackThis\HijackThis.exe f:\program files\common files\aol\1124472623\ee\aolsoftware.exe F:\WINDOWS\system32\winlogon.exe F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe F:\WINDOWS\system32\wuauclt.exe F:\Program Files\AIM6\aolsoftware.exe F:\WINDOWS\system32\wscntfy.exe F:\WINDOWS\Explorer.exe f:\program files\common files\aol\1124472623\ee\aolsoftware.exe O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file) O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file) O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file) O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file) O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file) O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file) O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file) O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file) O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file) O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file) O2 - BHO: (no name) - {66E72884-4FD2-464F-A6B8-468F31C40E36} - (no file) O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file) O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file) O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file) O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file) O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file) O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file) O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file) O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file) O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file) O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file) O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file) O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - f:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" O4 - HKLM\..\Run: [DIAGENT] "F:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE" startup O4 - HKLM\..\Run: [AHQInit] "F:\Program Files\Creative\SBLive\Program\AHQInit.exe" O4 - HKLM\..\Run: [VSOCheckTask] "f:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "f:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] f:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] F:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MPFExe] F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [AOLDialer] "F:\Program Files\Common Files\AOL\ACS\AOLDial.exe" O4 - HKLM\..\Run: [AOL Spyware Protection] "F:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [HostManager] "F:\Program Files\Common Files\AOL\1124472623\ee\AOLSoftware.exe" O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ViewMgr] "F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" O4 - HKLM\..\Run: [CICache] CICache.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" O4 - HKLM\..\Run: [SpySweeper] F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKCU\..\Run: [AIM] "F:\Program Files\AIM\aim.exe" -cnetwait.odl O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Aim6] "F:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [swg] "F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-436374069-1035525444-725345543-1007\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background (User 'Sarah McGorry') O4 - HKUS\S-1-5-21-436374069-1035525444-725345543-1007\..\Run: [System Support] system32.exe (User 'Sarah McGorry') O4 - HKUS\S-1-5-21-436374069-1035525444-725345543-1007\..\Run: [Aim6] "F:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'Sarah McGorry') O4 - HKUS\S-1-5-21-436374069-1035525444-725345543-1007\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User 'Sarah McGorry') O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = F:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Save Image to Folder - res://F:\Program Files\AskBar\bar\bin\askBar.dll/saveimagetofolder.html O8 - Extra context menu item: &Save Image to MyStuff - res://F:\Program Files\AskBar\bar\bin\askBar.dll/saveimages.html O8 - Extra context menu item: &Save Link to Folder - res://F:\Program Files\AskBar\bar\bin\askBar.dll/saveltof.html O8 - Extra context menu item: &Save Link to MyStuff - res://F:\Program Files\AskBar\bar\bin\askBar.dll/savelink.html O8 - Extra context menu item: &Save Page to Folder... - res://F:\Program Files\AskBar\bar\bin\askBar.dll/savepagetofolder.html O8 - Extra context menu item: &Save this Page to MyStuff - res://F:\Program Files\AskBar\bar\bin\askBar.dll/savewebpage.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Microsoft AntiSpyware helper - {99868720-F4B1-4636-88C3-1BC09F510657} - F:\WINDOWS\System32\wldr.dll (file missing) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {99868720-F4B1-4636-88C3-1BC09F510657} - F:\WINDOWS\System32\wldr.dll (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .asx: F:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll O12 - Plugin for .wmv: F:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1119890110780 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab O21 - SSODL: E404Helper - {cd1a382a-ef49-4ac6-8ca1-b17d9c1c35f6} - e404d.dll (file missing) O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - F:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - F:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - F:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - F:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - f:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - F:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - f:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - F:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - F:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - F:\WINDOWS\wanmpsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 13050 bytes

Rorschach112 View Member Profile	Jan 17 2008, 05:01 PM Post #4
GeekU Teacher Posts: 34,385 From: Dublin OS: XP	Hello 1. Close any open browsers. 2. Open notepad and copy/paste the text in the quotebox below into it: QUOTE File:: F:\WINDOWS\kvnab$.exe F:\WINDOWS\kvnab.dll F:\WINDOWS\liqad.exe F:\WINDOWS\wbeInst$.exe F:\WINDOWS\hcwprn.exe F:\WINDOWS\settn.dll F:\WINDOWS\kvnab.exe F:\WINDOWS\xadbrk.exe F:\WINDOWS\system32\ESHOPEE.exe F:\WINDOWS\xadbrk_.exe F:\WINDOWS\liqad.dll F:\WINDOWS\liqad$.exe F:\WINDOWS\jd2002.dll F:\WINDOWS\eventlowg.dll F:\WINDOWS\iexplorr23.dll F:\WINDOWS\xadbrk.dll F:\WINDOWS\wbeCheck.exe F:\WINDOWS\liqui-Uninstaller.exe F:\WINDOWS\adbar.dll F:\WINDOWS\kkcomp.exe F:\WINDOWS\cbinst$.exe F:\WINDOWS\spredirect.dll F:\WINDOWS\fhfmm.exe F:\WINDOWS\pbsysie.dll F:\WINDOWS\daxtime.dll F:\WINDOWS\kkcomp$.exe F:\WINDOWS\liqui.exe F:\WINDOWS\liqui.dll F:\WINDOWS\system32\msole32.exe F:\WINDOWS\kkcomp.dll F:\WINDOWS\fhfmm-Uninstaller.exe F:\WINDOWS\hotporn.exe F:\WINDOWS\wml.exe F:\WINDOWS\flt.dll F:\WINDOWS\xxxvideo.exe F:\WINDOWS\ie_32.exe F:\WINDOWS\dp0.dll F:\WINDOWS\7search.dll F:\WINDOWS\ngd.dll F:\WINDOWS\system32\wml.exe F:\WINDOWS\system32\ace16win.dll F:\WINDOWS\system32\vxddsk.exe F:\WINDOWS\vxddsk.exe F:\WINDOWS\pbar.dll F:\WINDOWS\764.exe F:\WINDOWS\system32\qiawpbjj.exe F:\WINDOWS\system32\vxddsk.exe 20736 bytes F:\WINDOWS\system32\wml.exe F:\WINDOWS\system32\msole32.exe F:\DOCUME~1\sean\LOCALS~1\Temp\bfastfao.sys Folder:: F:\Program Files\e-zshopper F:\Program Files\amsys F:\WINDOWS\system32\acespy F:\Program Files\p2pnetworks F:\Program Files\akl F:\Program Files\Accoona F:\Program Files\3721 Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] Driver:: bfastfao Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at "C:\ComboFix.txt" Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Reboot and post a new HijackThis log

FX3 View Member Profile	Jan 17 2008, 06:11 PM Post #5
Member Posts: 12 OS: Windows XP	Thanks again, Heres the latest HijackThis Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:08:54 PM, on 1/18/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\system32\devldr32.exe F:\WINDOWS\Explorer.EXE F:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe F:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe F:\WINDOWS\System32\CTsvcCDA.EXE f:\PROGRA~1\mcafee.com\vso\mcvsrte.exe F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe F:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE F:\PROGRA~1\mcafee.com\vso\mcvsshld.exe F:\PROGRA~1\mcafee.com\agent\mcagent.exe f:\progra~1\mcafee.com\vso\mcvsescn.exe F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe F:\Program Files\Common Files\AOL\ACS\AOLDial.exe F:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe F:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe F:\Program Files\Common Files\AOL\1124472623\ee\AOLSoftware.exe F:\Program Files\iTunes\iTunesHelper.exe F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe F:\WINDOWS\Dit.exe F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe F:\Program Files\Messenger\msmsgs.exe F:\Program Files\AIM6\aim6.exe F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe F:\WINDOWS\system32\ctfmon.exe F:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe F:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe F:\WINDOWS\System32\svchost.exe F:\Program Files\Viewpoint\Common\ViewpointService.exe F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe F:\WINDOWS\wanmpsvc.exe F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe F:\Program Files\Microsoft Office\Office10\msoffice.exe f:\progra~1\mcafee.com\vso\mcvsftsn.exe F:\WINDOWS\System32\MsPMSPSv.exe F:\Program Files\AIM6\aolsoftware.exe f:\PROGRA~1\mcafee.com\vso\mcshield.exe F:\Program Files\iPod\bin\iPodService.exe F:\WINDOWS\system32\wuauclt.exe F:\WINDOWS\system32\wuauclt.exe F:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - f:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" O4 - HKLM\..\Run: [DIAGENT] "F:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE" startup O4 - HKLM\..\Run: [AHQInit] "F:\Program Files\Creative\SBLive\Program\AHQInit.exe" O4 - HKLM\..\Run: [VSOCheckTask] "f:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "f:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] f:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] F:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MPFExe] F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [AOLDialer] "F:\Program Files\Common Files\AOL\ACS\AOLDial.exe" O4 - HKLM\..\Run: [AOL Spyware Protection] "F:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [HostManager] "F:\Program Files\Common Files\AOL\1124472623\ee\AOLSoftware.exe" O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ViewMgr] "F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" O4 - HKLM\..\Run: [CICache] CICache.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" O4 - HKLM\..\Run: [SpySweeper] F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKCU\..\Run: [AIM] F:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Aim6] "F:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = F:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Save Image to Folder - res://F:\Program Files\AskBar\bar\bin\askBar.dll/saveimagetofolder.html O8 - Extra context menu item: &Save Image to MyStuff - res://F:\Program Files\AskBar\bar\bin\askBar.dll/saveimages.html O8 - Extra context menu item: &Save Link to Folder - res://F:\Program Files\AskBar\bar\bin\askBar.dll/saveltof.html O8 - Extra context menu item: &Save Link to MyStuff - res://F:\Program Files\AskBar\bar\bin\askBar.dll/savelink.html O8 - Extra context menu item: &Save Page to Folder... - res://F:\Program Files\AskBar\bar\bin\askBar.dll/savepagetofolder.html O8 - Extra context menu item: &Save this Page to MyStuff - res://F:\Program Files\AskBar\bar\bin\askBar.dll/savewebpage.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Microsoft AntiSpyware helper - {99868720-F4B1-4636-88C3-1BC09F510657} - F:\WINDOWS\System32\wldr.dll (file missing) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {99868720-F4B1-4636-88C3-1BC09F510657} - F:\WINDOWS\System32\wldr.dll (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .asx: F:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll O12 - Plugin for .wmv: F:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1119890110780 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab O21 - SSODL: E404Helper - {cd1a382a-ef49-4ac6-8ca1-b17d9c1c35f6} - e404d.dll (file missing) O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - F:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - F:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - F:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - F:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - f:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - F:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - f:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - F:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - F:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - F:\WINDOWS\wanmpsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 10596 bytes

Rorschach112 View Member Profile	Jan 17 2008, 06:19 PM Post #6
GeekU Teacher Posts: 34,385 From: Dublin OS: XP	Hello 1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present): O9 - Extra button: Microsoft AntiSpyware helper - {99868720-F4B1-4636-88C3-1BC09F510657} - F:\WINDOWS\System32\wldr.dll (file missing) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {99868720-F4B1-4636-88C3-1BC09F510657} - F:\WINDOWS\System32\wldr.dll (file missing) O21 - SSODL: E404Helper - {cd1a382a-ef49-4ac6-8ca1-b17d9c1c35f6} - e404d.dll (file missing) 2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis. Reboot and do this Please download Deckard's System Scanner (DSS) and save it to your Desktop. Close all other windows before proceeding. Double-click on dss.exe and follow the prompts. If your anti-virus or firewall complains, please allow this script to run as it is not malicious. When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Rorschach112 View Member Profile	Jan 17 2008, 07:13 PM Post #8
GeekU Teacher Posts: 34,385 From: Dublin OS: XP	Hello Backup Your Registry with ERUNT Please use the following link and scroll down to ERUNT and download it. http://aumha.org/freeware/freeware.php For version with the Installer: Use the setup program to install ERUNT on your computer For the zipped version: Unzip all the files into a folder of your choice. Click Erunt.exe to backup your registry to the folder of your choice. Note: to restore your registry, go to the folder and start ERDNT.exe Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop. CODE Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup] Then double click on the fix.reg file, when it prompts to merge click "Yes". Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner and click Accept You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. Reboot and post a new DSS log

Rorschach112 View Member Profile	Jan 18 2008, 11:46 AM Post #10
GeekU Teacher Posts: 34,385 From: Dublin OS: XP	Do this instead Download and scan with SUPERAntiSpyware Free for Home Users Double-click SUPERAntiSpyware.exe and use the default settings for installation. An icon will be created on your desktop. Double-click that icon to launch the program. If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.) Under "*Configuration and Preferences", click the Preferences* button. Click the Scanning Control tab. Under Scanner Options make sure the following are checked (leave all others unchecked): Close browsers before scanning. Scan for tracking cookies. Terminate memory threats before quarantining. Click the "Close" button to leave the control center screen. Back on the main screen, under "*Scan for Harmful Software" click Scan your computer. On the left, make sure you check C:\Fixed Drive. On the right, under "Complete Scan", choose Perform Complete Scan. Click "Next" to start the scan. Please be patient while it scans your computer. After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". Make sure everything has a checkmark next to it and click "Next". A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. If asked if you want to reboot, click "Yes". To retrieve the removal information after reboot, launch SUPERAntispyware again. Click Preferences, then click the Statistics/Logs tab.* Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. Please copy and paste the Scan Log results in your next reply. Click Close to exit the program. Also tell me how your PC is running

FX3 View Member Profile	Jan 18 2008, 01:51 PM Post #11
Member Posts: 12 OS: Windows XP	It said there was no detections but i remember that when i ran Kaspersky scan there was. My computer is working pretty well. There is no pop-ups telling me i have TrojandDownloader.NX and task manager works again. Heres the Log anyway.... SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/19/2008 at 01:37 PM Application Version : 3.9.1008 Core Rules Database Version : 3143 Trace Rules Database Version: 1159 Scan type : Complete Scan Total Scan Time : 00:19:14 Memory items scanned : 582 Memory threats detected : 0 Registry items scanned : 5751 Registry threats detected : 0 File items scanned : 9927 File threats detected : 0

Rorschach112 View Member Profile	Jan 18 2008, 01:53 PM Post #12
GeekU Teacher Posts: 34,385 From: Dublin OS: XP	Your logs look good ! We need to do a few things You can delete the tools that we used Now we need to create a new System Restore point. Click Start Menu > Run > type (or copy and paste) %SystemRoot%\System32\restore\rstrui.exe Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close. Next goto Start Menu > Run > type cleanmgr Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created. To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window. You now need to update your Java and remove your older versions. Please follow these steps to remove older version Java components. * Click Start > Control Panel. * Click Add/Remove Programs. * Check any item with Java Runtime Environment (JRE) in the name. * Click the Remove or Change/Remove button. Download the latest version of Java Runtime Environment (JRE), and install it to your computer from here Below I have included a number of recommendations for how to protect your computer against malware infections. * Keep Windows updated by regularly checking their website at : http://windowsupdate.microsoft.com/ This will ensure your computer has always the latest security updates available installed on your computer. * To reduce re-infection for malware in the future, I strongly recommend installing these free programs: SpywareBlaster protects against bad ActiveX IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all Have a look at this tutorial for IE-Spyad here * SpywareGuard offers realtime protection from spyware installation attempts. Make Internet Explorer more secure Click Start > Run Type Inetcpl.cpl & click OK Click on the Security tab Click Reset all zones to default level Make sure the Internet Zone is selected & Click Custom level In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Next Click OK, then Apply button and then OK to exit the Internet Properties page. * MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. * Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here * Take a good look at the following suggestions for malware prevention by reading Tony Klein�s article 'How Did I Get Infected In The First Place' Here Thank you for your patience, and performing all of the procedures requested.

FX3 View Member Profile	Jan 18 2008, 02:41 PM Post #13
Member Posts: 12 OS: Windows XP	I got a question. Can i uninstall the SUPERAntiSpyware program we used or do i need to keep it. Also, do i need to download all the free programs you told me to? Thanks

Rorschach112 View Member Profile	Jan 18 2008, 06:35 PM Post #14
GeekU Teacher Posts: 34,385 From: Dublin OS: XP	You can uninstall SUPERAntiSpyware if you want, however that would not be a smart idea. QUOTE Also, do i need to download all the free programs you told me to? Well do you want to be infected in the future ?

FX3 View Member Profile	Jan 18 2008, 08:49 PM Post #15
Member Posts: 12 OS: Windows XP	Ok. Just checking. You been a big help the last couple of days. Thank you so much for fixing my computer. Your the man!!!

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal cant remove mediaaccK.exe[RESOLVED] 12	28 / 11,524	19th April 2005 - 12:19 PM panaceabeachbum started - last by ScHwErV
Virus, Spyware and Trojan Removal cant remove some entries [RESOLVED]	9 / 888	19th July 2005 - 08:22 AM phooey started - last by tampabelle
Virus, Spyware and Trojan Removal cant remove trojans [RESOLVED]	10 / 416	12th September 2006 - 02:13 AM getz started - last by Crustyoldbloke
Virus, Spyware and Trojan Removal Trojan Horse Agent2.LFN cant remove[Resolved] [Solved]	3 / 525	25th June 2009 - 04:17 PM Slink started - last by Rorschach112