[Giggleheimer]

How's this?:


Maria Jackson - 06-10-15 14:55:00.59 Service Pack 2
ComboFix 06.10.14.1 - Running from: "C:\Documents and Settings\Maria Jackson\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-15 to 2006-10-15 ))))))))))))))))))))))))))))))))))


2006-10-07 20:34 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2006-10-05 17:54 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2006-10-05 17:54 40,960 --a------ C:\WINDOWS\SYSTEM32\swsc.exe
2006-10-05 17:54 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2006-10-05 17:54 135,168 --a------ C:\WINDOWS\SYSTEM32\swreg.exe
2006-09-26 11:34 6,144 --a------ C:\WINDOWS\SYSTEM32\ff_vfw.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-15 14:53 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-06 21:29 -------- d-------- C:\Program Files\Grisoft
2006-10-02 20:52 -------- d-------- C:\Program Files\WordReferenceEnFr
2006-09-20 20:23 -------- d-------- C:\Documents and Settings\Maria Jackson\Application Data\Google
2006-09-19 09:59 -------- d-------- C:\Program Files\TBONAS
2006-09-19 09:59 -------- d-------- C:\Program Files\Google
2006-09-13 06:01 1084416 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2006-09-11 19:05 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-27 21:10 -------- d-------- C:\Program Files\QuickTime
2006-08-27 14:11 -------- d-------- C:\Program Files\Picasa2
2006-08-25 16:45 617472 --a------ C:\WINDOWS\SYSTEM32\comctl32.dll
2006-08-21 13:21 16896 --a------ C:\WINDOWS\SYSTEM32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\SYSTEM32\fltmc.exe
2006-08-21 10:14 128896 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\fltmgr.sys
2006-08-16 12:58 100352 --a------ C:\WINDOWS\SYSTEM32\6to4svc.dll
2006-08-16 10:37 225664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys
2006-07-27 14:24 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-07-26 14:19 85504 --a------ C:\WINDOWS\SYSTEM32\xjirufh.exe
2006-07-21 09:24 72704 --a------ C:\WINDOWS\SYSTEM32\hlink.dll
2006-07-19 00:01 85504 --a------ C:\WINDOWS\SYSTEM32\yexbnr.exe
2006-07-17 08:20 85504 --a------ C:\WINDOWS\SYSTEM32\azuacyc.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"ares"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
"RealPlayer"="\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe\" /RunUPGToolCommandReBoot"
"Steam"="\"F:\\Program Files\\Steam.exe\" -silent"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"IntelMeM"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"Dell Photo AIO Printer 922"="\"C:\\Program Files\\Dell Photo AIO Printer 922\\dlbtbmgr.exe\""
"vptray"="C:\\Program Files\\Symantec_Client_Security\\Symantec AntiVirus\\vptray.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"iHP-100"="C:\\Program Files\\iRiver\\HSeries\\iHPDetect.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"iTunesHelper"="\"F:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McAfee.com Update Check (D2TDV91J-Owner).job
C:\WINDOWS\tasks\McAfee.com Update Check (MARIA-Maria Jackson).job
C:\WINDOWS\tasks\McAfee.com Update Check (MARIA-Niall Jackson).job
C:\WINDOWS\tasks\McAfee.com Update Check (MARIA-Peter Jackson).job
C:\WINDOWS\tasks\McAfee.com Update Check (MARIA-Shane Jackson).job
C:\WINDOWS\tasks\XoftSpySE.job

Completion time: 06-10-15 14:56:58.95
C:\ComboFix.txt ... 06-10-15 14:56

[Advertisements]

Hi

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

• Save it to your desktop.
• Please double-click Killbox.exe to run it.
• Select:
  • Delete on Reboot
  • then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\WINDOWS\SYSTEM32\xjirufh.exe
  C:\WINDOWS\SYSTEM32\yexbnr.exe
  C:\WINDOWS\SYSTEM32\azuacyc.exe
  
  
  
  
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

[loophole]

Hi

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

• Save it to your desktop.
• Please double-click Killbox.exe to run it.
• Select:
  • Delete on Reboot
  • then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\WINDOWS\SYSTEM32\xjirufh.exe
  C:\WINDOWS\SYSTEM32\yexbnr.exe
  C:\WINDOWS\SYSTEM32\azuacyc.exe
  
  
  
  
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.