Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ad.oindaserver pop-ups, computer supposedly clean otherwise

Started by Soulamei , Sep 26 2006 09:28 AM

  • Please log in to reply

#1
Soulamei
Posted 26 September 2006 - 09:28 AM

Soulamei

    New Member

  • Member
  • Pip
  • 6 posts
Hey all, this is my first post, so I apologize if I'm doing anything wrong. :whistling:

When I am on the internet, I'm 99% of the time on Firefox. After a while, 30 minutes or so, an IE window will pop up from ad.oindaserver (I think that's how it's spelled). They're usually windows of an unsavory nature. Sometimes one will pop up and I will see nothing else of it for hours. Some other times, they'll pop up 30 seconds from each other.

I've run every spyware thing I have, but to no avail. Nothing seems to be coming up. The only remedy that I have found is deleting IE altogether. That's not how I'd like to run permanently, but it's a quick fix on my non-techie end.

Also, I've seen other posts about the ad.oindaserver pop-ups, but none of them seem to match my computer, and I don't want to go screwing things up.

Thanks for any help. I really appreciate it!


This is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:18:36 AM, on 9/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\ECURIT~1\smss.exe
C:\DOCUME~1\ASHLEI~1\APPLIC~1\STEM~1\winspool.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\BitTorrent\btdownloadgui.exe
C:\Documents and Settings\[removed]\Desktop\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
O2 - BHO: (no name) - {ADC0F61F-6BF4-4657-A4D9-651335A96CC8} - C:\WINDOWS\system32\xsxvl.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\ECURIT~1\smss.exe" -vt yazr
O4 - HKCU\..\Run: [Agvamm] C:\DOCUME~1\ASHLEI~1\APPLIC~1\STEM~1\winspool.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {57875390-EAE5-4408-A5D1-592B642FB900} (Whale Attachment Wiper ) - https://ea.nps.gov/i...b?egap=internal
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136652441921
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...635/mcfscan.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  • 0

Advertisements

#2
Jag11
Posted 27 September 2006 - 04:57 AM

Jag11

    Visiting Staff

  • Member
  • PipPipPipPipPip
  • 2,210 posts
Hello,

I notice that you have Windows Defender running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. You can re-enable this when your computer is already clean.

Disable Windows Defender
  • Go to Tools » General Settings
  • Scroll down to Real-time protection options
  • Uncheck Turn on real-time protection (recommended)
Then, in the toolbar across the top there is a little downpointing arrow next to the question mark icon.
Click on that, get a drop down list. One of the options is to exit Windows Defender.
Click on that, and there will be a pop up asking if you are sure you want to exit. Click Yes/OK.

=====================================

Uninstall Programs
  • Click Start » Control Panel » Add/Remove Programs
  • Find and remove the following program(s) (if present):

    Oin
    Yazzle by Oin
    Purityscan by Oin
    Snowballwars by Oin
    Cowabanga by OIN
    * or anything similar with Oin in it *

  • Close Add/Remove Programs window after uninstalling.
  • If there are no entries listed on Add/Remove programs, please download and run this uninstaller: OiUninstaller.exe
  • Then please restart your computer.
=====================================



Please open HijackThis, click Do a system scan only, and then place a checkmark beside each of these entries:

O2 - BHO: (no name) - {ADC0F61F-6BF4-4657-A4D9-651335A96CC8} - C:\WINDOWS\system32\xsxvl.dll

After placing all the checkmarks, close all windows (except HJT), and then hit Fix Checked. When it finishes, exit HJT.

=====================================

Locate and delete the following file(s), if present : C:\WINDOWS\system32\xsxvl.dll
=====================================



I see Viewpoint installed..

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article.

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
=====================================

Update Java
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 8.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_5_0_08-windows-i586-p to install the newest version.
=====================================

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Run an online scan at Panda's ActiveScan
  • Please go here using Internet Explorer.
  • Once you are on the Panda site click the Scan your PC button.
  • A new window will open, click the big Check Now button.
    • Enter your Country.
    • Enter your State/Province.
    • Enter your e-mail address and click send.
    • Select either Home User or Company.
    • Click the big Scan Now button.
  • If it wants to install an ActiveX component allow it.
  • It will start downloading the files it requires for the scan.
  • When the download is complete, click on My Computer to start the scan.
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
  • Post the Panda report along with a new Hijackthis log.

  • 0

#3
Soulamei
Posted 27 September 2006 - 12:28 PM

Soulamei

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you SO much for all your help. Panda has detected a whole mess o'crap. Here are the new log files: (Nota Bene: Sweet Lovin' is My Documents. I'm an odd duck.)

PandaScan:

Incident Status Location

Adware:Adware/PurityScan Not disinfected c:\windows\ecurit~1\smss.exe
Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard1.dat
Adware:adware/wupd Not disinfected Windows Registry
Adware:adware/popper Not disinfected Windows Registry
Spyware:spyware/surfsidekick Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected hkey_classes_root\typelib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}
Spyware:spyware/apropos Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected hkey_classes_root\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0}
Potentially unwanted tool:application/need2find Not disinfected HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}
Adware:adware/sbsoft Not disinfected Windows Registry
Spyware:spyware/new.net Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\[removed]\Application Data\Mozilla\Firefox\Profiles\8tcz6lmr.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\[removed]\Application Data\Mozilla\Firefox\Profiles\8tcz6lmr.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\[removed]\Application Data\Mozilla\Firefox\Profiles\8tcz6lmr.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\[removed]\Cookies\[removed]@doubleclick[1].txt
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\197 Ferrari Photos And Wallpapers.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\1st Network Admin 1.6.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\25 To Life-RELOADED iSO.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\44 Game Loft Games for Your Mobile.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\483 Symbian Apps Games Themes Part 3 of 4.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\70's Grandmaster.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Absolute MP3 Splitter 2.33.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Acronis True Image 9.0 Home.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Advanced URL Catalog v1.22.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Advanced X Video Converter v4.3.5.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Aibase-CS v1.16.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\AnMing MP3 To Ringtone Gold v3.26.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\AnMing MP3 To Ringtone Pro v1.2.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Apollo DivX to DVD Creator 3.0.0.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Apollo DVD Copy v4.6.7.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Area 51.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Arial Sound Recorder v1.35.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Ask the Dust LiMiTED 2006 VCD SCREENER-SaGa.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Asprotect 2.2SKE.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Aurora MPEG To DVD Burner v4.91.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\AutoTyping Pro Edition v2.0.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\AVI DVD Burner 2006 1.1.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Awave Studio 9.5.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Becky! Internet Mail v2.23.00.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Blacksmith 3D Suite v2.2.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Blindwrite Suite v5.2.23.156.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\BT Engine 4.8.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Business Card Designer Pro 4.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Casper XP 3.0.1056.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\CD-DVD Data Recovery v1.0.766.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\ChangeIP 1.1.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Claviscom CRYPTO PRO v5.64.04.3.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Claviscom DATA DRIVE v5.54.08.5.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Claviscom LOGON v5.64.11.3.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Claviscom SHREDDER v5.64.12.3.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\CodeDrawer v1.8.2.0.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\CoffeeCup Flash Firestarter 6.7.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\CuteFTP Pro v7.2.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Deep Sea Tycoon Divers Paradise-PLEX.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Directory Replicator v2.2.5.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\DOOM III iSO.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\EasyPrototype 1.3.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\English Grammar in Use CD.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\EximiousSoft GIF Creator V3.15.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Faces 3.0.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Fast Defrag Professional v2.31.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Folder Guard 7.8.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Four Brothers DVDRip.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Full Speed v2.1.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Ghost Keylogger 3.80.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Ground Zero Genesis of a New World-CRiME.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Guitarz! v6.50.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Hexprobe v1.4.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Hidden Camera v2.20.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Hostage.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Huey PC Remote Control v5.8.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Hustle and Flow DVDRip.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\IBM Lotus Notes 7.0.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Ice Age 2 The Meltdown.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Insure Plus Plus v7.0.6.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Internet Explorer 7 Beta 2 XP SP2, No Validation.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\JokeSleuth v1.0.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\JTest Professional v7.5c.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Kaspersky Internet Security 6.0.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Kingdia CD Extractor 1.2.6.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Kingdia DVD Audio Ripper 1.7.6.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Kylix Ringtone Maker 2.1.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Lord of the Rings Battle for Middle Earth 2 iSO.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Magic ISO Maker 4.8.139.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Me, Myself & Irene.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Meet The Fockers.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\MidiGo 1.0.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Ming Network Monitor v1.1.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Mobile Sounds Mix (2069 MP3).rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Movie DVD Maker v1.5.8.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Mulholland Drive DVDRip.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\MyVideoConverter v1.20.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\n00zn00zn00zn00z.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\NCH Swift Express Burn Plus v2.00.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\NCH Swift Express Dial v1.15.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\NCH Swift VRS Recording System v5.01.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\NLI Time Tracker v2.0.3.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\No1 Video Converter v4.19.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\NOD32 Antivirus System 2.51.26.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Norbyte Downfall v2.6.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\nVidia Gelato Pro 2.0.R4.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\OSL 2000 Boot Manager v8.81.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Oxygen XML Editor Eclipse plugin v7.2.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Pay It Forward DVDRip Xvid.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\PC Error Eliminator v3.00.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\PhotoLine 32 v12.51.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Plato DVD Creator 3.23.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Plato DVD Ripper 4.42.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Plato DVD to MP3 Ripper 4.4.2.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Power AutoPlay Menu Creator 6.4.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Power AutoPlay Menu Creator Professional v6.6.200606.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Power AutoPlay Menu Wizard v3.0.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Predator DVDRip.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Print Helper v2.0.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\PSPaudioware PSP Neon VST DX RTAS v1.1.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Pure CD Ripper v.3.6.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\RapidShare Time Resetter.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Replay SlingCorder v1.04.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Rob Papen LinPlug Albino VSTi v3.0.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Rome Total War iSO.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\RonyaSoft ProPoster v1.01.26.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Roxio MyTV To Go 3.10.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\RSS Wizard 2.66.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\SOATest v4.5.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\SoftX FTP Client 2.2.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Soldier Elite (2006).rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\SphereXP v0.85.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\starQuiz 3.1.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Steganos Security Suite 2006 v8.0.6.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Stepok Recomposit v1.4.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Stubbs the Zombie-RELOADED iSO.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Super MP3 Wav Converter 1.6.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Super Utilities Pro v.6.35.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Super Utilities Pro v6.35.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\SwordSearcher 4.7.1.3.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Terminal Studio Challenger Tetris v1.1.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Terminal Studio Tetris Arena v1.4.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Terminal Studio Tetris Revolution v1.0.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\The Abyss DVDRip Xvid.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\The Best Of Sad Music - 60 Songs.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\The Detonator DVDRip Xvid.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\The New Guy DVDRip.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\The Wild TELECINE XviD-PUKKA.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\TVPaint Animation v8.0.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Tweak-XP Pro 4.07.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Ulead GIF Animator 5.05.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Ultimate ZIP Cracker v7.3.1.7.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Ultra DVD Creator v1.6.0.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Ultra Video Converter 1.6.4.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\VirtualMEC v1.5.1.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Vision Backup Enterprise v10.9.30.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Web Cache Illuminator 4.8.4.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Whos Your Daddy DVDRip Xvid.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Wi-Fi Defense 1.0.2.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\WinDesign v7.0.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Xaimer 3.5.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\XDeskPhoto.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\XQSOFT My Screensaver Maker v3.65.rar[Setup.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\[removed]\Sweet lovin'\Auditory\Music\_\Zend Guard v4.0.1.rar[Setup.exe]
  • 0

#4
Jag11
Posted 28 September 2006 - 07:34 AM

Jag11

    Visiting Staff

  • Member
  • PipPipPipPipPip
  • 2,210 posts
No problem. :whistling:

Ok let's continue:

Locate and delete the following file(s), if present : c:\windows\keyboard1.dat
=====================================

Download Brute Force Uninstaller to your desktop.
  • Right click the file on your Desktop, and choose Extract All.
  • Click Next.
  • In the box to choose where to extract the files to:
  • Click Browse.
  • Click on the + sign next to My Computer
  • Click on Local Disk (C:) or whatever your primary drive is.
  • Click Make New Folder
  • Type in BFU
  • Click Next, and uncheck the Show Extracted Files box and then click Finish.
Right-click Here and choose "Save As" (or "Save Target As") in order to download Alcra Plus Remover.
  • Save it in the same folder you made earlier (c:\BFU)
=====================================

Run Brute Force Uninstaller

Go to Start » My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Beside the white box field, click the folder icon: Posted Image : select alcanshorty.bfu
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
=====================================
  • Click Start » Run » type: Notepad » OK
  • Copy (Ctrl+C) and paste (Ctrl+V) the following text below (inside the box) to Notepad. 

    REGEDIT4

[-hkey_classes_root\typelib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}]

[-hkey_classes_root\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0}]

[-HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}]
  • Make sure there are no black spaces before REGEDIT4 and there should be one blank line at the end.
  • Click File at the top and then choose Save As.
  • Change Save As Type to All Files.
  • Name it FixME.reg and save it on your desktop.
  • Its icon should look like this : Posted Image
  • Double click FixME.reg. It will ask you if you want to merge it to the registry, click Yes.
=====================================

1. Download combofix.exe from one of these locations -

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log in your next reply along with a new Hijackthis log.

NOTE : Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Edited by Jag11, 28 September 2006 - 07:35 AM.

  • 0

#5
Soulamei
Posted 28 September 2006 - 06:31 PM

Soulamei

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I followed your instructions and am posting the ComboFix log and an updated HJT log:

ComboFix:
[removed] - 06-09-28 20:20:23.02 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\[removed]\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\windows

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\[removed]\Application Data\STEM~1
C:\QooBox\Purity\Program Files\Common Files\ECURIT~1
C:\QooBox\Purity\Program Files\Common Files\STEM~1
C:\QooBox\Purity\WINDOWS\ECURIT~1
C:\QooBox\Purity\WINDOWS\RACLE~1
C:\QooBox\Purity\WINDOWS\ECURIT~1\ECURIT~1
C:\QooBox\Purity\WINDOWS\ECURIT~1\ECURIT~1\ctxad-469.0000
C:\QooBox\Purity\WINDOWS\ECURIT~1\ECURIT~1\ctxad-469.0001
C:\QooBox\Purity\WINDOWS\ECURIT~1\ECURIT~1\ctxad-469.0002


((((((((((((((((((((((((((((((( Files Created from 2006-08-28 to 2006-09-28 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-28 20:20 -------- d-------- C:\Program Files\Common Files
2006-09-28 20:11 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-27 20:58 -------- d-------- C:\Program Files\Windows Defender
2006-09-27 20:48 -------- d-------- C:\Program Files\Internet Explorer
2006-09-27 20:43 -------- d-------- C:\Program Files\Apoint
2006-09-27 15:05 -------- d-------- C:\Program Files\AIM
2006-09-27 14:32 -------- d-------- C:\Program Files\Windows Media Player
2006-09-27 13:46 -------- d-------- C:\Program Files\Java
2006-09-27 13:43 -------- d-------- C:\Program Files\Common Files\Java
2006-09-27 13:34 -------- d-------- C:\Program Files\Viewpoint
2006-09-27 13:17 -------- d-------- C:\Program Files\AOD
2006-09-20 18:52 -------- d-------- C:\Documents and Settings\[removed]\Application Data\Kazaa Lite
2006-09-20 18:22 -------- d-------- C:\Documents and Settings\[removed]\Application Data\LimeWire
2006-08-21 08:21 16896 --a------ C:\WINDOWS\SYSTEM32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\SYSTEM32\fltmc.exe
2006-08-21 05:14 128896 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\fltmgr.sys
2006-07-27 09:24 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\SYSTEM32\hlink.dll
2006-06-23 18:46 80090 --a------ C:\Documents and Settings\[removed]\Application Data\SMBIOSSP.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sen"="\"C:\\WINDOWS\\ECURIT~1\\smss.exe\" -vt yazr"
"AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\McAgent.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Internet Explorer\\kybe.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\Windows Media Player\\hoxyta.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,c0
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 9.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 9.0 Tray Icon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^taskmgr.exe]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\taskmgr.exe"
"backup"="C:\\WINDOWS\\pss\\taskmgr.exeCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\taskmgr.exe"
"item"="taskmgr"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Utility Tray.lnk"
"backup"="C:\\WINDOWS\\pss\\Utility Tray.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\SYSTEM32\\sistray.exe "
"item"="Utility Tray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^[removed]^Start Menu^Programs^Startup^Zeno.lnk]
"path"="C:\\Documents and Settings\\[removed]\\Start Menu\\Programs\\Startup\\Zeno.lnk"
"backup"="C:\\WINDOWS\\pss\\Zeno.lnkStartup"
"location"="Startup"
"command"="C:\\WINDOWS\\SYSTEM32\\kwintqez.exe GID003"
"item"="Zeno"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AGRSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AGRSMMSG"
"hkey"="HKLM"
"command"="AGRSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndra"
"hkey"="HKLM"
"command"="C:\\\\dfndra.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\dla]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tfswctrl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kybrd"
"hkey"="HKLM"
"command"="C:\\\\kybrd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"command"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcupdate"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MpfTray"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwnm"
"hkey"="HKLM"
"command"="C:\\\\nwnm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\p2p networking]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="p2pnetworking"
"hkey"="HKLM"
"command"="p2pnetworking.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCMService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCMService"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SiS Windows KeyHook]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="keyhook"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\keyhook.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\squygumA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="squygumA"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\squygumA.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SurfSideKick 3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ssk"
"hkey"="HKLM"
"command"="C:\\Program Files\\SurfSideKick 3\\Ssk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\UpdateManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sgtray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\VirusScan Online]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsshld"
"hkey"="HKLM"
"command"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\VSOCheckTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcmnhdlr"
"hkey"="HKLM"
"command"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"SCardSvr"=dword:00000003
"MpfService"=dword:00000002
"mnmsrvc"=dword:00000003
"MCVSRte"=dword:00000002
"mcupdmgr.exe"=dword:00000003
"McShield"=dword:00000003
"AOL ACS"=dword:00000002
"WANMiniportService"=dword:00000002


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (OZ-[removed]).job
C:\WINDOWS\tasks\McAfee.com Update Check (OZ-[removed]).job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: Thu 09/28/2006 20:21:11.91
ComboFix.txt

HJT:
Logfile of HijackThis v1.99.1
Scan saved at 8:25:06 PM, on 9/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\[removed]\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R3 - Default URLSearchHook is missing
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\ECURIT~1\smss.exe" -vt yazr
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {57875390-EAE5-4408-A5D1-592B642FB900} (Whale Attachment Wiper ) - https://ea.nps.gov/i...b?egap=internal
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136652441921
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...635/mcfscan.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

Please let me know if there's anything else you require before I move forward.
  • 0

#6
Jag11
Posted 28 September 2006 - 06:57 PM

Jag11

    Visiting Staff

  • Member
  • PipPipPipPipPip
  • 2,210 posts
Ok, some more.. :blink:

I notice that you have Windows Defender running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. You can re-enable this when your computer is already clean.

Disable Windows Defender
  • Go to Tools » General Settings
  • Scroll down to Real-time protection options
  • Uncheck Turn on real-time protection (recommended)
Then, in the toolbar across the top there is a little downpointing arrow next to the question mark icon.
Click on that, get a drop down list. One of the options is to exit Windows Defender.
Click on that, and there will be a pop up asking if you are sure you want to exit. Click Yes/OK.

=====================================

I'm suspicious with one of the files in your log.
I need you to submit it to get it scanned.
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the File to upload & scan box on the top of the page:

    C:\Documents and Settings\[removed]\Application Data\SMBIOSSP.exe

  • Click on the Submit button
  • Please post the results in your next reply.
=====================================

Locate and delete the following file(s), if present : C:\WINDOWS\squygumA.exe
=====================================

Locate and delete the following folder(s), if present : C:\Program Files\Viewpoint
C:\\Program Files\SurfSideKick 3
=====================================


Please open HijackThis, click Do a system scan only, and then place a checkmark beside each of these entries:

R3 - Default URLSearchHook is missing
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\ECURIT~1\smss.exe" -vt yazr

After placing all the checkmarks, close all windows (except HJT), and then hit Fix Checked. When it finishes, exit HJT.

=====================================


I attached a file - FixMe.zip.
Please download it by clicking the attachment link at the end of this post. Save it to your Desktop.

Then double-click on FixMe.zip, then double-click FixMe.reg found inside it.
When it asks you if you want to merge it to the registry, click Yes.

Here's the attachment:
Attached File  FixMe.zip   334bytes   119 downloads

=====================================


Post a new Hijackthis log and a new ComboFix log.
And also the Jotti log.

:whistling:

Edited by admin, 09 January 2008 - 11:35 PM.

  • 0

#7
Soulamei
Posted 29 September 2006 - 06:18 PM

Soulamei

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Alrighty. Here's what I have.

ComboFix:
[removed] - 06-09-29 20:14:04.68 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\[removed]\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\[removed]\Application Data\STEM~1
C:\QooBox\Purity\Program Files\Common Files\ECURIT~1
C:\QooBox\Purity\Program Files\Common Files\STEM~1
C:\QooBox\Purity\WINDOWS\ECURIT~1
C:\QooBox\Purity\WINDOWS\RACLE~1
C:\QooBox\Purity\WINDOWS\ECURIT~1\ECURIT~1
C:\QooBox\Purity\WINDOWS\ECURIT~1\ECURIT~1\ctxad-469.0000
C:\QooBox\Purity\WINDOWS\ECURIT~1\ECURIT~1\ctxad-469.0001
C:\QooBox\Purity\WINDOWS\ECURIT~1\ECURIT~1\ctxad-469.0002


((((((((((((((((((((((((((((((( Files Created from 2006-08-29 to 2006-09-29 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-29 19:34 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-28 20:20 -------- d-------- C:\Program Files\Common Files
2006-09-27 20:58 -------- d-------- C:\Program Files\Windows Defender
2006-09-27 20:48 -------- d-------- C:\Program Files\Internet Explorer
2006-09-27 20:43 -------- d-------- C:\Program Files\Apoint
2006-09-27 15:05 -------- d-------- C:\Program Files\AIM
2006-09-27 14:32 -------- d-------- C:\Program Files\Windows Media Player
2006-09-27 13:46 -------- d-------- C:\Program Files\Java
2006-09-27 13:43 -------- d-------- C:\Program Files\Common Files\Java
2006-09-27 13:17 -------- d-------- C:\Program Files\AOD
2006-09-20 18:52 -------- d-------- C:\Documents and Settings\[removed]\Application Data\Kazaa Lite
2006-09-20 18:22 -------- d-------- C:\Documents and Settings\[removed]\Application Data\LimeWire
2006-08-21 08:21 16896 --a------ C:\WINDOWS\SYSTEM32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\SYSTEM32\fltmc.exe
2006-08-21 05:14 128896 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\fltmgr.sys
2006-07-27 09:24 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\SYSTEM32\hlink.dll
2006-06-23 18:46 80090 --a------ C:\Documents and Settings\[removed]\Application Data\SMBIOSSP.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\McAgent.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Internet Explorer\\kybe.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\Windows Media Player\\hoxyta.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,c0
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 9.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 9.0 Tray Icon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^taskmgr.exe]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\taskmgr.exe"
"backup"="C:\\WINDOWS\\pss\\taskmgr.exeCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\taskmgr.exe"
"item"="taskmgr"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Utility Tray.lnk"
"backup"="C:\\WINDOWS\\pss\\Utility Tray.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\SYSTEM32\\sistray.exe "
"item"="Utility Tray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AGRSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AGRSMMSG"
"hkey"="HKLM"
"command"="AGRSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\dla]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tfswctrl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"command"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcupdate"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MpfTray"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCMService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCMService"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SiS Windows KeyHook]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="keyhook"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\keyhook.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\UpdateManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sgtray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\VirusScan Online]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsshld"
"hkey"="HKLM"
"command"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\VSOCheckTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcmnhdlr"
"hkey"="HKLM"
"command"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"SCardSvr"=dword:00000003
"MpfService"=dword:00000002
"mnmsrvc"=dword:00000003
"MCVSRte"=dword:00000002
"mcupdmgr.exe"=dword:00000003
"McShield"=dword:00000003
"AOL ACS"=dword:00000002
"WANMiniportService"=dword:00000002


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (OZ-[removed]).job
C:\WINDOWS\tasks\McAfee.com Update Check (OZ-[removed]).job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: Fri 09/29/2006 20:14:28.05
ComboFix.txt
ComboFix2.txt
ComboFix3.txt

HJT:
Logfile of HijackThis v1.99.1
Scan saved at 8:15:50 PM, on 9/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\[removed]\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {57875390-EAE5-4408-A5D1-592B642FB900} (Whale Attachment Wiper ) - https://ea.nps.gov/i...b?egap=internal
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136652441921
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...635/mcfscan.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

Jotti:
Service load:
0% 100%
File: SMBIOSSP.exe
Status:
OK
MD5 142becfa17d6d229179084e07a8b2ced
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Your instructions made no mention of rebooting before posting these logs, and I haven't. I will, however, reboot and post net HJT and ComboFix logs if you request.

These popups are starting to get annoying... Now it's calling ads from sites that have music and voice-overs.
  • 0

#8
Soulamei
Posted 29 September 2006 - 06:29 PM

Soulamei

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I just rebooted and I'm going to post the HJT and ComboFix logs as text attachments just FYI. Thank you for your help.

Attached Files


Edited by Soulamei, 29 September 2006 - 06:30 PM.

  • 0

#9
Jag11
Posted 30 September 2006 - 07:14 PM

Jag11

    Visiting Staff

  • Member
  • PipPipPipPipPip
  • 2,210 posts
Hello,

We still have to remove New.Net:

First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.

To Get rid of NewDotNet, go to:

Start > Control Panel > Add or Remove Programs and remove the following:

New.Net Applications or New.Net Domains (anything that says New.Net)

If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4.

In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. Check the "I know what I'm doing" button. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.
  • 0

#10
Soulamei
Posted 30 September 2006 - 08:29 PM

Soulamei

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Alright, I followed all instructions. There are no suspicious programs in the Add/Delete Programs. I ran LSPfix as well, and it seemed to have gotten rid of New.net.
There is something I've noticed lately as I've been going through this. There is a little white square, only a few pixels, and it appears in the upper left corner of the desktop when I connect to my wireless internet. (I attatched a print screen, just to show you what I'm talking about.) After it appears, as I'm on the internet, I hear multiple popup sounds (like the sound you hear when IE's dropdown info bar appears). It happens every few minutes, but there's nothing popping up that I can see. All there is is the white pixels and the popup sounds.
Any ideas on what the heck this is?
Thanks so much for all your help so far.

Attached Thumbnails

  • untitled.JPG

  • 0

#11
Jag11
Posted 01 October 2006 - 01:49 AM

Jag11

    Visiting Staff

  • Member
  • PipPipPipPipPip
  • 2,210 posts
I don't know about that white box.. never heard bout that before.
But I'm sure that it wouldn't harm :whistling:

Maybe it's just your wallpaper?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP