Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Adware from Outerinfo


  • This topic is locked This topic is locked

#16
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
C:\QooBox
C:\WINDOWS\system32\OTFUZLUVZCGN

Please delete the above folders. The Qoobox folder is under your C:\ drive and the OTFUZLUVZCGN is in the system32 folder.

Now that your computer is clean, we can proceed with downloading Service Pack 2. You can get it from here:

http://www.microsoft...p2/default.mspx

Install it and then please post a new HijackThis log.
  • 0

Advertisements


#17
misscoco

misscoco

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I can't find the 2nd file
  • 0

#18
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Look again after doing this:

Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.
  • 0

#19
misscoco

misscoco

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
New Hijack This Log


Logfile of HijackThis v1.99.1
Scan saved at 05:25, on 06-10-12
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\PROMon.exe
C:\WINDOWS\GWMDMMSG.exe
C:\WINDOWS\GWMDMpi.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1160690526031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160690505921
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...856/mcfscan.cab
O20 - AppInit_DLLs:
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
  • 0

#20
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
I wanted to see a log after you installed Service Pack 2, but hold off on that for now, a new empty entry appeared in your log.

Open HijackThis and click Scan. Put a check next to this:

O20 - AppInit_DLLs:

Close all other windows except HijackThis and click Fix Checked.

Reboot and please post a new HijackThis log.
  • 0

#21
misscoco

misscoco

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
HiJack This Log


Logfile of HijackThis v1.99.1
Scan saved at 19:26, on 06-10-15
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\PROMon.exe
C:\WINDOWS\GWMDMMSG.exe
C:\WINDOWS\GWMDMpi.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1160690526031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160690505921
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...856/mcfscan.cab
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
  • 0

#22
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Ok, good. Now please download Service Pack 2 and after that please post a new log.

http://www.microsoft...p2/default.mspx
  • 0

#23
misscoco

misscoco

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
New Log

Logfile of HijackThis v1.99.1
Scan saved at 09:06, on 06-10-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\GWMDMMSG.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\GWMDMpi.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: (no name) - {b72c506c-92f6-49af-aa72-92aeeaed8fa3} - C:\WINDOWS\system32\dxdell.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1160690526031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160690505921
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...856/mcfscan.cab
O20 - Winlogon Notify: dxdell - C:\WINDOWS\SYSTEM32\dxdell.dll
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
  • 0

#24
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Uh oh, you got a new infection there.

Please download VundoFix.exe
to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.
  • 0

#25
misscoco

misscoco

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
It didn't find any files. So what else can I do?
  • 0

Advertisements


#26
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
go to start --> run and copy/paste in the following:

"%userprofile%\desktop\combofix.exe" /v dxdell

Then post the combofix log and a new HijackThis log.
  • 0

#27
misscoco

misscoco

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Combo Fix Log


Courtnie - 06-10-19 7:54:02.46 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Courtnie\desktop"
Command switches used :: /v dxdell

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\dxdell.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((( Files Created from 2006-09-19 to 2006-10-19 ))))))))))))))))))))))))))))))))))


2006-10-16 08:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-10-15 10:13 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2006-10-13 03:19 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2006-10-13 03:19 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-10-13 03:19 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2006-10-12 17:13 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-10-12 17:09 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-10-12 17:09 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-10-12 17:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2006-10-12 17:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-10-12 17:04 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-10-12 17:03 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-10-12 17:03 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-10-12 17:03 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-10-12 17:03 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-10-12 17:03 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-10-12 17:03 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-10-12 05:34 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2006-10-10 08:21 96,256 --a-s---- C:\WINDOWS\system32\druid1.exe
2006-10-04 08:52 96,768 --a------ C:\WINDOWS\system32\psbase.dll
2006-10-04 08:52 937,984 --------- C:\WINDOWS\system32\winbrand.dll
2006-10-04 08:52 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-10-04 08:52 92,672 --a------ C:\WINDOWS\system32\wlnotify.dll
2006-10-04 08:52 92,168 --a------ C:\WINDOWS\system32\rdpdd.dll
2006-10-04 08:52 91,648 --a------ C:\WINDOWS\system32\xactsrv.dll
2006-10-04 08:52 90,624 --a------ C:\WINDOWS\system32\trkwks.dll
2006-10-04 08:52 9,216 --a------ C:\WINDOWS\system32\scrnsave.scr
2006-10-04 08:52 89,600 --a------ C:\WINDOWS\system32\smlogsvc.exe
2006-10-04 08:52 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-10-04 08:52 809,984 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-04 08:52 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
2006-10-04 08:52 77,312 --a------ C:\WINDOWS\system32\sdbinst.exe
2006-10-04 08:52 77,312 --a------ C:\WINDOWS\system32\rtcshare.exe
2006-10-04 08:52 759,296 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-04 08:52 75,776 --a------ C:\WINDOWS\system32\telnet.exe
2006-10-04 08:52 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-10-04 08:52 74,752 --a------ C:\WINDOWS\system32\spoolss.dll
2006-10-04 08:52 713,728 --a------ C:\WINDOWS\system32\opengl32.dll
2006-10-04 08:52 71,680 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2006-10-04 08:52 704,512 --a------ C:\WINDOWS\system32\ss3dfo.scr
2006-10-04 08:52 70,144 --a------ C:\WINDOWS\system32\sigverif.exe
2006-10-04 08:52 69,632 --a------ C:\WINDOWS\system32\raschap.dll
2006-10-04 08:52 69,632 --a------ C:\WINDOWS\system32\odbcconf.exe
2006-10-04 08:52 68,096 --a------ C:\WINDOWS\system32\shgina.dll
2006-10-04 08:52 679,936 --a------ C:\WINDOWS\system32\sstext3d.scr
2006-10-04 08:52 670,720 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-10-04 08:52 67,584 --a------ C:\WINDOWS\system32\sti.dll
2006-10-04 08:52 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-10-04 08:52 65,536 --a------ C:\WINDOWS\system32\wextract.exe
2006-10-04 08:52 65,536 --a------ C:\WINDOWS\system32\shimeng.dll
2006-10-04 08:52 65,536 --a------ C:\WINDOWS\system32\odbccu32.dll
2006-10-04 08:52 65,536 --a------ C:\WINDOWS\system32\odbccr32.dll
2006-10-04 08:52 62,976 --a------ C:\WINDOWS\system32\pautoenr.dll
2006-10-04 08:52 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-10-04 08:52 610,304 --a------ C:\WINDOWS\system32\sspipes.scr
2006-10-04 08:52 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-10-04 08:52 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-10-04 08:52 6,656 --a------ C:\WINDOWS\system32\sensapi.dll
2006-10-04 08:52 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2006-10-04 08:52 58,368 --a------ C:\WINDOWS\system32\packager.exe
2006-10-04 08:52 562,176 --a------ C:\WINDOWS\system32\qedit.dll
2006-10-04 08:52 55,808 --a------ C:\WINDOWS\system32\secur32.dll
2006-10-04 08:52 54,784 --a------ C:\WINDOWS\system32\npptools.dll
2006-10-04 08:52 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-10-04 08:52 53,760 --a------ C:\WINDOWS\system32\winsta.dll
2006-10-04 08:52 51,712 --a------ C:\WINDOWS\system32\wzcsapi.dll
2006-10-04 08:52 51,712 --a------ C:\WINDOWS\system32\vdmredir.dll
2006-10-04 08:52 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2006-10-04 08:52 50,176 --a------ C:\WINDOWS\system32\utilman.exe
2006-10-04 08:52 50,176 --a------ C:\WINDOWS\system32\reg.exe
2006-10-04 08:52 49,664 --a------ C:\WINDOWS\system32\regapi.dll
2006-10-04 08:52 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2006-10-04 08:52 442,368 --a------ C:\WINDOWS\system32\sqlsrv32.dll
2006-10-04 08:52 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-10-04 08:52 438,272 --a------ C:\WINDOWS\system32\shimgvw.dll
2006-10-04 08:52 435,200 --a------ C:\WINDOWS\system32\ntmssvc.dll
2006-10-04 08:52 431,616 --a------ C:\WINDOWS\system32\riched20.dll
2006-10-04 08:52 430,592 --a------ C:\WINDOWS\system32\vssapi.dll
2006-10-04 08:52 43,520 --a------ C:\WINDOWS\system32\ntlanman.dll
2006-10-04 08:52 42,496 --a------ C:\WINDOWS\system32\wsnmp32.dll
2006-10-04 08:52 42,496 --a------ C:\WINDOWS\system32\shmgrate.exe
2006-10-04 08:52 417,792 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-04 08:52 408,064 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-10-04 08:52 406,528 --a------ C:\WINDOWS\system32\usp10.dll
2006-10-04 08:52 40,960 --a------ C:\WINDOWS\system32\ntmsapi.dll
2006-10-04 08:52 393,216 --a------ C:\WINDOWS\system32\ssflwbox.scr
2006-10-04 08:52 385,536 --a------ C:\WINDOWS\system32\themeui.dll
2006-10-04 08:52 385,024 --a------ C:\WINDOWS\system32\qdvd.dll
2006-10-04 08:52 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-10-04 08:52 38,912 --a------ C:\WINDOWS\system32\sens.dll
2006-10-04 08:52 378,368 --a------ C:\WINDOWS\system32\wzcdlg.dll
2006-10-04 08:52 37,888 --a------ C:\WINDOWS\system32\url.dll
2006-10-04 08:52 363,008 --a------ C:\WINDOWS\system32\smlogcfg.dll
2006-10-04 08:52 359,936 --a------ C:\WINDOWS\system32\wzcsvc.dll
2006-10-04 08:52 35,840 --a------ C:\WINDOWS\system32\umandlg.dll
2006-10-04 08:52 35,840 --a------ C:\WINDOWS\system32\rcimlby.exe
2006-10-04 08:52 35,328 --a------ C:\WINDOWS\system32\pid.dll
2006-10-04 08:52 34,816 --a------ C:\WINDOWS\system32\ssdpapi.dll
2006-10-04 08:52 337,920 --a------ C:\WINDOWS\system32\zipfldr.dll
2006-10-04 08:52 333,312 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-10-04 08:52 33,840 --a------ C:\WINDOWS\system32\ntio.sys
2006-10-04 08:52 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe
2006-10-04 08:52 313,856 --a------ C:\WINDOWS\system32\scesrv.dll
2006-10-04 08:52 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2006-10-04 08:52 303,616 --a------ C:\WINDOWS\system32\wmstream.dll
2006-10-04 08:52 3,338 --a------ C:\WINDOWS\system32\redir.exe
2006-10-04 08:52 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-10-04 08:52 283,648 --a------ C:\WINDOWS\winhlp32.exe
2006-10-04 08:52 283,648 --a------ C:\WINDOWS\system32\pdh.dll
2006-10-04 08:52 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-10-04 08:52 276,480 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-04 08:52 270,848 --------- C:\WINDOWS\system32\sbe.dll
2006-10-04 08:52 264,192 --a------ C:\WINDOWS\system32\wow32.dll
2006-10-04 08:52 26,624 --------- C:\WINDOWS\system32\drivers\usbehci.sys
2006-10-04 08:52 26,112 --a------ C:\WINDOWS\system32\skeys.exe
2006-10-04 08:52 25,600 --a------ C:\WINDOWS\system32\udhisapi.dll
2006-10-04 08:52 25,088 --a------ C:\WINDOWS\system32\slayerxp.dll
2006-10-04 08:52 25,088 --a------ C:\WINDOWS\system32\shfolder.dll
2006-10-04 08:52 249,856 --a------ C:\WINDOWS\system32\odbc32.dll
2006-10-04 08:52 248,832 --a------ C:\WINDOWS\system32\newdev.dll
2006-10-04 08:52 246,302 --a------ C:\WINDOWS\system32\strmdll.dll
2006-10-04 08:52 24,576 --a------ C:\WINDOWS\system32\odbcbcp.dll
2006-10-04 08:52 239,616 --a------ C:\WINDOWS\system32\upnpui.dll
2006-10-04 08:52 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-10-04 08:52 230,400 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-04 08:52 23,040 --a------ C:\WINDOWS\system32\setup.exe
2006-10-04 08:52 23,040 --a------ C:\WINDOWS\system32\psapi.dll
2006-10-04 08:52 218,624 --a------ C:\WINDOWS\system32\uxtheme.dll
2006-10-04 08:52 215,552 --a------ C:\WINDOWS\system32\osk.exe
2006-10-04 08:52 206,336 --a------ C:\WINDOWS\system32\rasppp.dll
2006-10-04 08:52 20,992 --a------ C:\WINDOWS\system32\ssmarque.scr
2006-10-04 08:52 20,480 --a------ C:\WINDOWS\system32\wmpui.dll
2006-10-04 08:52 20,480 --a------ C:\WINDOWS\system32\wmpcore.dll
2006-10-04 08:52 20,480 --a------ C:\WINDOWS\system32\wmpcd.dll
2006-10-04 08:52 2,940,928 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-04 08:52 2,105,344 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-04 08:52 192,512 --a------ C:\WINDOWS\system32\qcap.dll
2006-10-04 08:52 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-10-04 08:52 19,968 --a------ C:\WINDOWS\system32\ssbezier.scr
2006-10-04 08:52 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-10-04 08:52 187,392 --------- C:\WINDOWS\system32\xpsp1res.dll
2006-10-04 08:52 185,344 --a------ C:\WINDOWS\system32\upnphost.dll
2006-10-04 08:52 181,760 --a------ C:\WINDOWS\system32\tapi32.dll
2006-10-04 08:52 180,224 --a------ C:\WINDOWS\system32\scecli.dll
2006-10-04 08:52 18,944 --a------ C:\WINDOWS\system32\ssmyst.scr
2006-10-04 08:52 18,944 --a------ C:\WINDOWS\system32\snmpapi.dll
2006-10-04 08:52 18,432 --a------ C:\WINDOWS\system32\wtsapi32.dll
2006-10-04 08:52 18,432 --a------ C:\WINDOWS\system32\ups.exe
2006-10-04 08:52 179,712 --a------ C:\WINDOWS\system32\ntmsdba.dll
2006-10-04 08:52 176,128 --a------ C:\WINDOWS\system32\winmm.dll
2006-10-04 08:52 174,592 --a------ C:\WINDOWS\system32\w32time.dll
2006-10-04 08:52 174,200 --a------ C:\WINDOWS\system32\xenroll.dll
2006-10-04 08:52 172,032 --a------ C:\WINDOWS\system32\wldap32.dll
2006-10-04 08:52 171,008 --a------ C:\WINDOWS\system32\sccsccp.dll
2006-10-04 08:52 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-10-04 08:52 17,920 --a------ C:\WINDOWS\system32\ping.exe
2006-10-04 08:52 17,664 --a------ C:\WINDOWS\system32\watchdog.sys
2006-10-04 08:52 169,984 --a------ C:\WINDOWS\system32\sccbase.dll
2006-10-04 08:52 16,896 --a------ C:\WINDOWS\system32\rassapi.dll
2006-10-04 08:52 16,384 --a------ C:\WINDOWS\system32\odbc32gt.dll
2006-10-04 08:52 159,232 --------- C:\WINDOWS\system32\sbeio.dll
2006-10-04 08:52 152,576 --a------ C:\WINDOWS\system32\rsaenh.dll
2006-10-04 08:52 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-10-04 08:52 147,456 --a------ C:\WINDOWS\system32\odbctrac.dll
2006-10-04 08:52 146,432 --a------ C:\WINDOWS\regedit.exe
2006-10-04 08:52 143,872 --a------ C:\WINDOWS\system32\ntshrui.dll
2006-10-04 08:52 140,288 --a------ C:\WINDOWS\system32\sfc_os.dll
2006-10-04 08:52 14,336 --a------ C:\WINDOWS\system32\ssstars.scr
2006-10-04 08:52 14,336 --a------ C:\WINDOWS\system32\runonce.exe
2006-10-04 08:52 136,704 --a------ C:\WINDOWS\system32\sti_ci.dll
2006-10-04 08:52 135,680 --a------ C:\WINDOWS\system32\webvw.dll
2006-10-04 08:52 135,680 --a------ C:\WINDOWS\system32\taskmgr.exe
2006-10-04 08:52 135,168 --a------ C:\WINDOWS\system32\odbcconf.dll
2006-10-04 08:52 132,608 --a------ C:\WINDOWS\system32\upnp.dll
2006-10-04 08:52 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-10-04 08:52 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2006-10-04 08:52 13,312 --a------ C:\WINDOWS\system32\sigtab.dll
2006-10-04 08:52 124,416 --a------ C:\WINDOWS\system32\wiadss.dll
2006-10-04 08:52 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-10-04 08:52 121,856 --a------ C:\WINDOWS\system32\stobject.dll
2006-10-04 08:52 120,832 --a------ C:\WINDOWS\system32\offfilt.dll
2006-10-04 08:52 12,288 --a------ C:\WINDOWS\system32\tracert.exe
2006-10-04 08:52 12,288 --a------ C:\WINDOWS\system32\odbcp32r.dll
2006-10-04 08:52 118,784 --a------ C:\WINDOWS\system32\ntmarta.dll
2006-10-04 08:52 115,200 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2006-10-04 08:52 112,128 --a------ C:\WINDOWS\system32\rastls.dll
2006-10-04 08:52 107,008 --a------ C:\WINDOWS\system32\oleprn.dll
2006-10-04 08:52 106,496 --a------ C:\WINDOWS\system32\odbccp32.dll
2006-10-04 08:52 103,936 --a------ C:\WINDOWS\system32\nlhtml.dll
2006-10-04 08:52 102,400 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-04 08:52 10,752 --a------ C:\WINDOWS\hh.exe
2006-10-04 08:52 1,677,312 --------- C:\WINDOWS\system32\wmvcore2.dll
2006-10-04 08:52 1,580,544 --a------ C:\WINDOWS\system32\sfcfiles.dll
2006-10-04 08:52 1,435,648 --a------ C:\WINDOWS\system32\query.dll
2006-10-04 08:52 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-10-04 08:52 1,050,624 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-10-04 08:51 875,008 --a------ C:\WINDOWS\system32\netplwiz.dll
2006-10-04 08:51 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2006-10-04 08:51 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
2006-10-04 08:51 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2006-10-04 08:51 701,440 --a------ C:\WINDOWS\system32\msxml2.dll
2006-10-04 08:51 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-10-04 08:51 7,168 --------- C:\WINDOWS\system32\hccoin.dll
2006-10-04 08:51 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-10-04 08:51 69,120 --a------ C:\WINDOWS\system32\msctfp.dll
2006-10-04 08:51 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-10-04 08:51 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2006-10-04 08:51 622,080 --a------ C:\WINDOWS\system32\netcfgx.dll
2006-10-04 08:51 6,656 --a------ C:\WINDOWS\system32\laprxy.dll
2006-10-04 08:51 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-10-04 08:51 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2006-10-04 08:51 56,832 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-04 08:51 552,989 --a------ C:\WINDOWS\system32\msrepl40.dll
2006-10-04 08:51 537,088 --------- C:\WINDOWS\system32\msftedit.dll
2006-10-04 08:51 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2006-10-04 08:51 514,560 --a------ C:\WINDOWS\system32\logonui.exe
2006-10-04 08:51 512,029 --a------ C:\WINDOWS\system32\msexch40.dll
2006-10-04 08:51 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-10-04 08:51 421,919 --a------ C:\WINDOWS\system32\msrd2x40.dll
2006-10-04 08:51 42,496 --a------ C:\WINDOWS\system32\net.exe
2006-10-04 08:51 413,696 --a------ C:\WINDOWS\system32\msvcp60.dll
2006-10-04 08:51 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-10-04 08:51 407,040 --a------ C:\WINDOWS\system32\netlogon.dll
2006-10-04 08:51 4,608 --a------ C:\WINDOWS\system32\msimg32.dll
2006-10-04 08:51 4,126 --a------ C:\WINDOWS\system32\msdxmlc.dll
2006-10-04 08:51 4,096 --------- C:\WINDOWS\system32\dsprpres.dll
2006-10-04 08:51 399,872 --a------ C:\WINDOWS\system32\lmrt.dll
2006-10-04 08:51 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2006-10-04 08:51 368,710 --a------ C:\WINDOWS\system32\msisam11.dll
2006-10-04 08:51 36,352 --a------ C:\WINDOWS\system32\ncobjapi.dll
2006-10-04 08:51 358,976 --a------ C:\WINDOWS\system32\msjetoledb40.dll
2006-10-04 08:51 356,352 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-04 08:51 348,189 --a------ C:\WINDOWS\system32\msxbde40.dll
2006-10-04 08:51 348,189 --a------ C:\WINDOWS\system32\mspbde40.dll
2006-10-04 08:51 343,040 --a------ C:\WINDOWS\system32\msvcrt.dll
2006-10-04 08:51 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-10-04 08:51 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-10-04 08:51 329,728 --a------ C:\WINDOWS\system32\netsetup.exe
2006-10-04 08:51 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2006-10-04 08:51 319,517 --a------ C:\WINDOWS\system32\msexcl40.dll
2006-10-04 08:51 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2006-10-04 08:51 294,400 --a------ C:\WINDOWS\system32\msctf.dll
2006-10-04 08:51 290,816 --a------ C:\WINDOWS\system32\msnsspc.dll
2006-10-04 08:51 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2006-10-04 08:51 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-10-04 08:51 271,360 --a------ C:\WINDOWS\system32\msihnd.dll
2006-10-04 08:51 259,072 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-04 08:51 258,077 --a------ C:\WINDOWS\system32\mstext40.dll
2006-10-04 08:51 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-10-04 08:51 25,088 --a------ C:\WINDOWS\system32\mslbui.dll
2006-10-04 08:51 248,832 --a------ C:\WINDOWS\system32\msieftp.dll
2006-10-04 08:51 241,725 --a------ C:\WINDOWS\system32\msuni11.dll
2006-10-04 08:51 241,693 --a------ C:\WINDOWS\system32\msjtes40.dll
2006-10-04 08:51 240,640 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-10-04 08:51 220,672 --a------ C:\WINDOWS\system32\logon.scr
2006-10-04 08:51 22,016 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-04 08:51 216,064 --a------ C:\WINDOWS\system32\moricons.dll
2006-10-04 08:51 213,023 --a------ C:\WINDOWS\system32\msltus40.dll
2006-10-04 08:51 207,360 --a------ C:\WINDOWS\system32\mobsync.dll
2006-10-04 08:51 204,288 --a------ C:\WINDOWS\system32\mswebdvd.dll
2006-10-04 08:51 201,728 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-04 08:51 201,728 --------- C:\WINDOWS\system32\ati2dvag.dll
2006-10-04 08:51 20,992 --------- C:\WINDOWS\system32\faxpatch.exe
2006-10-04 08:51 20,480 --------- C:\WINDOWS\system32\encapi.dll
2006-10-04 08:51 2,890,240 --a------ C:\WINDOWS\system32\msi.dll
2006-10-04 08:51 195,072 --a------ C:\WINDOWS\system32\msutb.dll
2006-10-04 08:51 186,368 --------- C:\WINDOWS\system32\encdec.dll
2006-10-04 08:51 18,944 --a------ C:\WINDOWS\system32\nddenb32.dll
2006-10-04 08:51 163,840 --a------ C:\WINDOWS\system32\mindex.dll
2006-10-04 08:51 159,232 --a------ C:\WINDOWS\system32\msimtf.dll
2006-10-04 08:51 151,552 --a------ C:\WINDOWS\system32\msdart.dll
2006-10-04 08:51 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2006-10-04 08:51 143,360 --a------ C:\WINDOWS\system32\msorcl32.dll
2006-10-04 08:51 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2006-10-04 08:51 134,656 --------- C:\WINDOWS\system32\mssap.dll
2006-10-04 08:51 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2006-10-04 08:51 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2006-10-04 08:51 124,928 --a------ C:\WINDOWS\system32\net1.exe
2006-10-04 08:51 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-10-04 08:51 120,832 --a------ C:\WINDOWS\system32\msvfw32.dll
2006-10-04 08:51 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2006-10-04 08:51 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-10-04 08:51 12,288 --a------ C:\WINDOWS\system32\mscpx32r.dll
2006-10-04 08:51 111,104 --a------ C:\WINDOWS\system32\netdde.exe
2006-10-04 08:51 11,776 --a------ C:\WINDOWS\system32\localui.dll
2006-10-04 08:51 11,264 --a------ C:\WINDOWS\system32\msrle32.dll
2006-10-04 08:51 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2006-10-04 08:51 103,936 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-04 08:51 1,708,032 --a------ C:\WINDOWS\system32\netshell.dll
2006-10-04 08:51 1,507,356 --a------ C:\WINDOWS\system32\msjet40.dll
2006-10-04 08:51 1,428,480 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-10-04 08:51 1,192,960 --a------ C:\WINDOWS\system32\mmcndmgr.dll
2006-10-04 08:51 1,057,760 --------- C:\WINDOWS\system32\ati3d2ag.dll
2006-10-04 08:50 97,280 --a------ C:\WINDOWS\system32\dpcdll.dll
2006-10-04 08:50 9,344 --a------ C:\WINDOWS\system32\framebuf.dll
2006-10-04 08:50 87,040 --a------ C:\WINDOWS\system32\drmstor.dll
2006-10-04 08:50 83,456 --a------ C:\WINDOWS\system32\dpvsetup.exe
2006-10-04 08:50 82,432 --a------ C:\WINDOWS\system32\dmscript.dll
2006-10-04 08:50 82,432 --a------ C:\WINDOWS\system32\dfrgfat.exe
2006-10-04 08:50 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-10-04 08:50 80,384 --a------ C:\WINDOWS\system32\faultrep.dll
2006-10-04 08:50 7,424 --a------ C:\WINDOWS\system32\kd1394.dll
2006-10-04 08:50 695,296 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-04 08:50 68,608 --a------ C:\WINDOWS\system32\digest.dll
2006-10-04 08:50 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-10-04 08:50 62,976 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-04 08:50 61,440 --a------ C:\WINDOWS\system32\dmcompos.dll
2006-10-04 08:50 60,928 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2006-10-04 08:50 57,344 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-10-04 08:50 55,808 --a------ C:\WINDOWS\system32\ipconfig.exe
2006-10-04 08:50 55,808 --a------ C:\WINDOWS\system32\eventlog.dll
2006-10-04 08:50 54,272 --a------ C:\WINDOWS\system32\ixsso.dll
2006-10-04 08:50 498,205 --a------ C:\WINDOWS\system32\dxmasf.dll
2006-10-04 08:50 48,128 --a------ C:\WINDOWS\system32\docprop2.dll
2006-10-04 08:50 42,537 --a------ C:\WINDOWS\system32\keyboard.sys
2006-10-04 08:50 41,472 --a------ C:\WINDOWS\system32\hhsetup.dll
2006-10-04 08:50 380,957 --a------ C:\WINDOWS\system32\expsrv.dll
2006-10-04 08:50 38,912 --a------ C:\WINDOWS\system32\dfrgsnap.dll
2006-10-04 08:50 375,296 --a------ C:\WINDOWS\system32\dpnet.dll
2006-10-04 08:50 36,921 --a------ C:\WINDOWS\system32\imeshare.dll
2006-10-04 08:50 35,840 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-04 08:50 35,840 --a------ C:\WINDOWS\system32\dmloader.dll
2006-10-04 08:50 35,328 --a------ C:\WINDOWS\system32\dpnhpast.dll
2006-10-04 08:50 344,064 --a------ C:\WINDOWS\system32\hnetcfg.dll
2006-10-04 08:50 34,304 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-04 08:50 330,752 --a------ C:\WINDOWS\system32\ippromon.dll
2006-10-04 08:50 323,584 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-04 08:50 304,128 --a------ C:\WINDOWS\system32\duser.dll
2006-10-04 08:50 299,520 --a------ C:\WINDOWS\system32\drmclien.dll
2006-10-04 08:50 282,624 --a------ C:\WINDOWS\system32\devmgr.dll
2006-10-04 08:50 28,672 --a------ C:\WINDOWS\system32\dmband.dll
2006-10-04 08:50 28,672 --a------ C:\WINDOWS\system32\dfsshlex.dll
2006-10-04 08:50 25,088 --a------ C:\WINDOWS\system32\defrag.exe
2006-10-04 08:50 24,064 --a------ C:\WINDOWS\system32\pidgen.dll
2006-10-04 08:50 239,104 --a------ C:\WINDOWS\system32\dsquery.dll
2006-10-04 08:50 23,040 --a------ C:\WINDOWS\system32\ersvc.dll
2006-10-04 08:50 216,576 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-04 08:50 212,480 --a------ C:\WINDOWS\system32\dpvoice.dll
2006-10-04 08:50 20,992 --a------ C:\WINDOWS\system32\fontview.exe
2006-10-04 08:50 193,024 --a------ C:\WINDOWS\system32\eudcedit.exe
2006-10-04 08:50 183,296 --a------ C:\WINDOWS\system32\els.dll
2006-10-04 08:50 181,760 --a------ C:\WINDOWS\system32\dinput8.dll
2006-10-04 08:50 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2006-10-04 08:50 180,224 --a------ C:\WINDOWS\system32\dwwin.exe
2006-10-04 08:50 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll
2006-10-04 08:50 159,232 --a------ C:\WINDOWS\system32\dinput.dll
2006-10-04 08:50 155,136 --a------ C:\WINDOWS\system32\itircl.dll
2006-10-04 08:50 150,016 --a------ C:\WINDOWS\system32\imapi.exe
2006-10-04 08:50 142,336 --a------ C:\WINDOWS\system32\dsprop.dll
2006-10-04 08:50 139,264 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-04 08:50 137,216 --a------ C:\WINDOWS\system32\itss.dll
2006-10-04 08:50 137,216 --a------ C:\WINDOWS\system32\dssenh.dll
2006-10-04 08:50 123,904 --a------ C:\WINDOWS\system32\dfrgui.dll
2006-10-04 08:50 123,392 --a------ C:\WINDOWS\system32\input.dll
2006-10-04 08:50 120,832 --a------ C:\WINDOWS\system32\idq.dll
2006-10-04 08:50 111,104 --a------ C:\WINDOWS\system32\dgnet.dll
2006-10-04 08:50 110,080 --a------ C:\WINDOWS\system32\imm32.dll
2006-10-04 08:50 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-10-04 08:50 105,984 --a------ C:\WINDOWS\system32\dmstyle.dll
2006-10-04 08:50 104,448 --a------ C:\WINDOWS\system32\dmusic.dll
2006-10-04 08:50 10,752 --a------ C:\WINDOWS\system32\dumprep.exe
2006-10-04 08:50 1,298,432 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-10-04 08:50 1,032,192 --a------ C:\WINDOWS\explorer.exe
2006-10-04 08:49 99,840 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-04 08:49 98,304 --a------ C:\WINDOWS\system32\ahui.exe
2006-10-04 08:49 84,992 --a------ C:\WINDOWS\system32\avifil32.dll
2006-10-04 08:49 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-10-04 08:49 8,192 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-04 08:49 78,336 --a------ C:\WINDOWS\system32\browsewm.dll
2006-10-04 08:49 77,312 --a------ C:\WINDOWS\system32\browser.dll
2006-10-04 08:49 75,544 --a------ C:\WINDOWS\system32\cdm.dll
2006-10-04 08:49 74,752 --a------ C:\WINDOWS\system32\cryptdlg.dll
2006-10-04 08:49 69,120 --a------ C:\WINDOWS\system32\ciodm.dll
2006-10-04 08:49 68,096 --a------ C:\WINDOWS\system32\adsmsext.dll
2006-10-04 08:49 640,000 --a------ C:\WINDOWS\system32\dbghelp.dll
2006-10-04 08:49 63,488 --a------ C:\WINDOWS\system32\browselc.dll
2006-10-04 08:49 60,416 --a------ C:\WINDOWS\system32\cryptsvc.dll
2006-10-04 08:49 59,904 --a------ C:\WINDOWS\system32\cabinet.dll
2006-10-04 08:49 58,880 --a------ C:\WINDOWS\system32\atl.dll
2006-10-04 08:49 57,856 --a------ C:\WINDOWS\system32\clusapi.dll
2006-10-04 08:49 512,512 --a------ C:\WINDOWS\system32\cryptui.dll
2006-10-04 08:49 47,104 --a------ C:\WINDOWS\system32\cmdl32.exe
2006-10-04 08:49 44,544 --a------ C:\WINDOWS\system32\alg.exe
2006-10-04 08:49 42,496 --a------ C:\WINDOWS\system32\audiosrv.dll
2006-10-04 08:49 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-10-04 08:49 37,376 --------- C:\WINDOWS\system32\drivers\amdk7.sys
2006-10-04 08:49 343,040 --a------ C:\WINDOWS\system32\cmdial32.dll
2006-10-04 08:49 326,656 --a------ C:\WINDOWS\system32\cscui.dll
2006-10-04 08:49 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll
2006-10-04 08:49 27,648 --a------ C:\WINDOWS\system32\conime.exe
2006-10-04 08:49 266,240 --a------ C:\WINDOWS\system32\ddraw.dll
2006-10-04 08:49 263,680 --a------ C:\WINDOWS\system32\adsnt.dll
2006-10-04 08:49 252,928 --a------ C:\WINDOWS\system32\compatui.dll
2006-10-04 08:49 25,088 --a------ C:\WINDOWS\system32\at.exe
2006-10-04 08:49 24,576 --a------ C:\WINDOWS\system32\dbmsvinn.dll
2006-10-04 08:49 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll
2006-10-04 08:49 20,480 --a------ C:\WINDOWS\system32\dbmsadsn.dll
2006-10-04 08:49 194,560 --a------ C:\WINDOWS\system32\certcli.dll
2006-10-04 08:49 175,616 --a------ C:\WINDOWS\system32\adsldp.dll
2006-10-04 08:49 163,840 --a------ C:\WINDOWS\system32\credui.dll
2006-10-04 08:49 159,232 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-04 08:49 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2006-10-04 08:49 143,360 --a------ C:\WINDOWS\system32\adsldpc.dll
2006-10-04 08:49 126,976 --a------ C:\WINDOWS\system32\apphelp.dll
2006-10-04 08:49 110,592 --a------ C:\WINDOWS\system32\dbnetlib.dll
2006-10-04 08:49 11,264 --a------ C:\WINDOWS\system32\autolfn.exe
2006-10-04 08:49 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-10-04 08:49 1,179,648 --a------ C:\WINDOWS\system32\d3d8.dll
2006-09-30 00:11 45,056 --a------ C:\WINDOWS\system32\regapi.exe
2006-09-21 22:53 <DIR> d-------- C:\WINDOWS\McAfee.com


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-18 09:06 -------- d-------- C:\Program Files\Hijackthis
2006-10-18 08:44 -------- d-------- C:\Program Files\Messenger
2006-10-18 08:44 -------- d-------- C:\Program Files\Common Files\System
2006-10-18 08:41 -------- d-------- C:\Program Files\Internet Explorer
2006-10-18 08:38 -------- d-------- C:\Program Files\Outlook Express
2006-10-16 17:37 -------- d---s---- C:\Documents and Settings\Courtnie\Application Data\Microsoft
2006-10-16 08:45 -------- d-------- C:\Program Files\Windows Media Player
2006-10-16 08:42 -------- d-------- C:\Program Files\Movie Maker
2006-10-16 08:35 -------- d-------- C:\Program Files\Windows NT
2006-10-16 08:35 -------- d-------- C:\Program Files\NetMeeting
2006-10-12 17:03 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-11 05:58 25600 --a------ C:\WINDOWS\UpdReg.EXE
2006-10-11 05:58 25600 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-10-11 05:58 25600 --a------ C:\WINDOWS\GWMDMpi.exe
2006-10-02 20:55 -------- d-------- C:\Program Files\LimeWire
2006-09-13 20:50 -------- d-------- C:\Program Files\Yahoo!
2006-09-13 20:50 -------- d-------- C:\Program Files\Common Files\Scanner
2006-09-13 00:09 1110528 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-10 10:03 -------- d-------- C:\Documents and Settings\Courtnie\Application Data\Yahoo!
2006-09-03 09:14 -------- d-------- C:\Program Files\Common Files
2006-08-25 10:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 04:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 06:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-21 03:30 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PROMon.exe"="PROMon.exe"
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"GWMDMMSG"="GWMDMMSG.exe"
"GWMDMpi"="C:\\WINDOWS\\GWMDMpi.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"Jet Detection"="C:\\Program Files\\Creative\\SBAudigy\\PROGRAM\\ADGJDet.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,ea,00,00,00,00,00,00,00,16,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 06-10-19 7:55:52.90
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
  • 0

#28
misscoco

misscoco

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
HiJackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 08:00, on 06-10-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1160690526031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160690505921
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...856/mcfscan.cab
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
  • 0

#29
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Delete these files:

C:\WINDOWS\system32\druid1.exe
C:\WINDOWS\system32\regapi.exe

Is everything running ok now?
  • 0

#30
misscoco

misscoco

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Everything seems to be ok no more pop ups! Thank you so much!!!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP