Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Over 8,000 Pos___.tmp files [RESOLVED]


  • This topic is locked This topic is locked

#1
shadowkid

shadowkid

    Member

  • Member
  • PipPip
  • 57 posts
Well it started with a outerinfo virus which I was able to get rid of with the help of other people, but then I noticed that more spyware started to appear. There was a storageprotector link that was disguised as Windows Update, and Help and Support center. I was able to get rid of that to but now there seems to be over 8,000 POS___.tmp files all over my C drive, the ___ means random letters or numbers. Some problems I had was when I attempted to open something like My Documents, or My computer nothing happened. I was able to fix it with Smitfraudfix I belive. Here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:17:44 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\system32\kxbyhwle.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Logitech\Video\ManifestEngine.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1137210665\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1137210665\ee\AOLServiceHost.exe
c:\program files\common files\aol\1137210665\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1137210665\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\scan.exe

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F24E143-7A52-4C9E-8F7D-B6677E65CA62} - C:\WINDOWS\system32\awtsq.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {441f5a94-2d20-497b-da54-e7d9f8fb3457} - {7543bf8f-9d7e-45ad-b794-02d249a5f144} - C:\WINDOWS\system32\xivoacag.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7CFE5862-B09D-4802-94DF-9AC7BC7BEDFC} - C:\WINDOWS\system32\mljgh.dll (file missing)
O2 - BHO: (no name) - {89A1E40D-0254-4F99-B9AE-B60A2D8754A9} - C:\WINDOWS\system32\hggeefc.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvxud.dll,startup
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvlum.dll,startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [2439e46b] rundll32.exe "C:\WINDOWS\system32\wpmmwqlx.dll",b
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O23 - Service: DomainService - - C:\WINDOWS\system32\kxbyhwle.exe

--
End of file - 9601 bytes
  • 0

Advertisements


#2
Ryan

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

-Ryan
  • 0

#3
shadowkid

shadowkid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
http://pastebin.com/m77aa8927

the log was to big to post so i uploaded it there.
  • 0

#4
Ryan

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.


Posted Image


Download the file & save it as it's originally named, next to ComboFix.exe.



Posted Image


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.

-Ryan
  • 0

#5
shadowkid

shadowkid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Is this it?

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
  • 0

#6
Ryan

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\SYSTEM32\xlqwmmpw.ini
C:\WINDOWS\SYSTEM32\gxnxgpkd.ini
C:\WINDOWS\SYSTEM32\tmp.reg
C:\WINDOWS\system32\xivoacag.dll
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\drvxud.dll
C:\WINDOWS\system32\drvlum.dll


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

-Ryan
  • 0

#7
shadowkid

shadowkid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Combofix:

ComboFix 08-01-23.1C - tim 2008-01-26 17:20:09.2 - NTFSx86
Running from: C:\Documents and Settings\tim\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\tim\Desktop\Cfscript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.

2008-01-26 17:11 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-01-26 17:11 . 2008-01-26 16:14 211 --a------ C:\Boot.bak
2008-01-26 16:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-26 15:16 . 2008-01-26 15:30 <DIR> d-------- C:\VundoFix Backups
2008-01-26 12:12 . 2008-01-26 12:12 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-26 12:05 . 2008-01-26 14:52 1,142,752 --ahs---- C:\WINDOWS\SYSTEM32\xlqwmmpw.ini
2008-01-26 12:03 . 2008-01-26 12:03 1,142,572 --ahs---- C:\WINDOWS\SYSTEM32\gxnxgpkd.ini
2008-01-26 00:08 . 2008-01-26 00:08 <DIR> d-------- C:\Program Files\AIM Music Link
2008-01-25 23:42 . 2008-01-25 23:42 <DIR> d-------- C:\Program Files\CCleaner
2008-01-25 14:24 . 2008-01-25 17:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-25 00:24 . 2008-01-26 14:26 496 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-01-25 00:18 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2008-01-25 00:18 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2008-01-25 00:18 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
2008-01-25 00:18 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2008-01-25 00:18 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2008-01-25 00:17 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2008-01-24 23:38 . 2008-01-25 23:53 <DIR> d-------- C:\Program Files\XoftSpySE
2008-01-24 23:20 . 2008-01-24 23:20 103,936 --a------ C:\WINDOWS\SYSTEM32\drvxud.dll
2008-01-24 23:20 . 2008-01-24 23:20 18,944 --a------ C:\WINDOWS\SYSTEM32\drvlum.dll
2008-01-24 23:18 . 2008-01-24 23:18 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter
2008-01-24 23:06 . 2007-03-04 06:55 1,936,528 --a------ C:\WINDOWS\SYSTEM32\ltmm15.dll
2008-01-24 23:06 . 2007-03-04 06:55 135,168 --a------ C:\WINDOWS\SYSTEM32\DSKernel2.dll
2008-01-24 23:05 . 2008-01-24 23:04 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-01-24 23:04 . 2008-01-26 14:07 <DIR> d-------- C:\Program Files\Replay Converter
2008-01-24 22:59 . 2008-01-24 22:59 <DIR> d-------- C:\Program Files\Illustrate
2008-01-24 22:59 . 2008-01-24 22:59 4,230,520 --a------ C:\WINDOWS\SYSTEM32\SpoonUninstall.exe
2008-01-24 22:59 . 2008-01-24 22:59 33,846 --a------ C:\WINDOWS\SYSTEM32\SpoonUninstall-dBpoweramp Music Converter.bmp
2008-01-24 22:59 . 2008-01-24 22:59 12,896 --a------ C:\WINDOWS\SYSTEM32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-01-16 22:33 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-01-16 22:31 . 2008-01-24 16:47 <DIR> d-------- C:\Program Files\LimeWire
2008-01-13 18:35 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys
2008-01-13 18:35 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usbprint.sys
2008-01-13 18:35 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
2008-01-13 18:35 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usbscan.sys
2008-01-13 18:34 . 2008-01-13 18:34 <DIR> d-------- C:\Program Files\Common Files\CANON
2008-01-13 18:32 . 2007-03-18 23:00 215,040 --a------ C:\WINDOWS\SYSTEM32\CNMLM8S.DLL
2008-01-13 18:31 . 2008-01-13 18:31 <DIR> d--h----- C:\WINDOWS\SYSTEM32\CanonIJ Uninstaller Information
2008-01-13 18:31 . 2008-01-13 18:31 <DIR> d--h----- C:\Program Files\CanonBJ
2008-01-13 18:31 . 2007-03-23 10:30 1,400,832 --a------ C:\WINDOWS\SYSTEM32\CNC210C.DLL
2008-01-13 18:31 . 2007-03-19 04:16 200,704 --a------ C:\WINDOWS\SYSTEM32\CNC210L.DLL
2008-01-13 18:31 . 2007-03-15 08:12 188,416 --a------ C:\WINDOWS\SYSTEM32\CNC210O.DLL
2008-01-13 18:31 . 2007-03-23 10:29 98,304 --a------ C:\WINDOWS\SYSTEM32\CNC210I.DLL
2008-01-13 18:30 . 2008-01-13 18:36 <DIR> d-------- C:\Program Files\Canon
2007-12-30 22:55 . 2008-01-26 01:00 <DIR> d-------- C:\Program Files\SwiftSwitch
2007-12-30 21:02 . 2007-12-30 21:04 <DIR> d-------- C:\Program Files\AIM6
2007-12-30 21:02 . 2008-01-01 22:44 1,080 --ah----- C:\IPH.PH
2007-12-30 15:21 . 2008-01-12 17:28 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-12-30 15:19 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys
2007-12-30 15:19 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mouhid.sys
2007-12-30 15:19 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys
2007-12-30 15:19 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 22:47 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-01-24 22:40 --------- d-----w C:\Program Files\Java
2008-01-24 21:31 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2007-12-31 03:03 --------- d-----w C:\Program Files\Viewpoint
2007-12-12 02:59 --------- d-----w C:\Program Files\BitTorrent
2007-11-14 07:26 450,560 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2007-10-30 10:16 3,058,688 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-27 23:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
2007-10-27 23:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
2007-10-26 03:36 8,454,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2006-06-25 06:08 0 ----a-w C:\Program Files\MCASVCHOST.EXE
2005-02-26 07:02 0 ----a-w C:\Program Files\AMERICA ONLINE
.

((((((((((((((((((((((((((((( [email protected]_16.49.09.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-26 22:29:48 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-26 23:20:04 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-26 22:29:48 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-26 23:20:04 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-26 22:29:48 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-26 23:20:04 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-26 22:29:48 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-26 23:20:04 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-26 22:29:48 1,454,080 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-26 23:20:04 1,454,080 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-26 22:29:48 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-26 23:20:04 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7543bf8f-9d7e-45ad-b794-02d249a5f144}]
C:\WINDOWS\system32\xivoacag.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CFE5862-B09D-4802-94DF-9AC7BC7BEDFC}]
C:\WINDOWS\system32\mljgh.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-12-18 13:04 50528]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 04:46 196608]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 15:08 67160]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [2005-03-23 16:33 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 20:05 323584]
"YBrowser"="C:\Program Files\Yahoo!\browser\ybrwicon.exe" [2003-07-11 13:51 57344]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-09-22 12:19 143360]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 20:28 196608]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 13:33 1388544]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-12-06 13:47 26112]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 15:33 99480]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15 290816]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-03-23 15:47 1111040]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [2005-03-23 16:33 126976]
"MSDrive"="C:\WINDOWS\system32\drvxud.dll" [2008-01-24 23:20 103936]
"MSDisp32"="C:\WINDOWS\system32\drvlum.dll" [2008-01-24 23:20 18944]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-04-05 14:41 950272]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 04:52 380928]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 08:50 131072]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 08:50 53248]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2005-03-07 15:07 180224]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-03-07 15:05 278528]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 19:11 221184]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 11:03 217088]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09 458752]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 11:23 135168]
"HPHmon03"="C:\WINDOWS\system32\hphmon03.exe" [2001-08-03 20:24 311296]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-08-03 20:24 196608]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2004-12-31 16:14 469824]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 19:00 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 19:50 1603152]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52 339968]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 07:40 34904]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 12:28 684032]
"2439e46b"="C:\WINDOWS\system32\wpmmwqlx.dll" [ ]

C:\Documents and Settings\Sandra Louie\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-01-22 16:03:55 147456]

C:\Documents and Settings\tim\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-01-22 16:03:55 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPTISRV"=3 (0x3)
"Pml Driver"=3 (0x3)
"PACSPTISVR"=3 (0x3)
"MskService"=2 (0x2)
"MpfService"=2 (0x2)
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McShield"=3 (0x3)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"IAANTMon"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)

S3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys [2001-08-03 20:24]
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys [2004-05-21 13:16]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-21 21:54:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-26 00:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (SANDRA-Sandra Louie).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-01-26 23:20:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DCMK4761-Owner).job"
- c:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- c:\PROGRA~1\mcafee.com\agent
"2008-01-26 23:20:00 C:\WINDOWS\Tasks\McAfee.com Update Check (SANDRA-Sandra Louie).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-01-26 23:22:00 C:\WINDOWS\Tasks\McAfee.com Update Check (SANDRA-tim).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 17:22:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-26 17:23:45
ComboFix-quarantined-files.txt 2008-01-26 23:23:42
ComboFix2.txt 2008-01-26 22:49:36
.
2008-01-26 19:59:47 --- E O F ---


Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:24:28 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1137210665\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1137210665\ee\AOLServiceHost.exe
c:\program files\common files\aol\1137210665\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1137210665\ee\AOLServiceHost.exe
C:\Program Files\LimeWire\LimeWire.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\scan.exe

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {441f5a94-2d20-497b-da54-e7d9f8fb3457} - {7543bf8f-9d7e-45ad-b794-02d249a5f144} - C:\WINDOWS\system32\xivoacag.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7CFE5862-B09D-4802-94DF-9AC7BC7BEDFC} - C:\WINDOWS\system32\mljgh.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvxud.dll,startup
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvlum.dll,startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [2439e46b] rundll32.exe "C:\WINDOWS\system32\wpmmwqlx.dll",b
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab

--
End of file - 9256 bytes


  • 0

#8
Ryan

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\SYSTEM32\xlqwmmpw.ini
    C:\WINDOWS\SYSTEM32\gxnxgpkd.ini
    C:\WINDOWS\SYSTEM32\tmp.reg
    C:\WINDOWS\system32\xivoacag.dll
    C:\WINDOWS\system32\mljgh.dll
    C:\WINDOWS\system32\drvxud.dll
    C:\WINDOWS\system32\drvlum.dll


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")


Click "Exit" to close OTMoveIt.

-Ryan
  • 0

#9
shadowkid

shadowkid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
C:\WINDOWS\SYSTEM32\xlqwmmpw.ini moved successfully.
C:\WINDOWS\SYSTEM32\gxnxgpkd.ini moved successfully.
C:\WINDOWS\SYSTEM32\tmp.reg moved successfully.
File/Folder C:\WINDOWS\system32\xivoacag.dll not found.
File/Folder C:\WINDOWS\system32\mljgh.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\drvxud.dll
C:\WINDOWS\system32\drvxud.dll NOT unregistered.
C:\WINDOWS\system32\drvxud.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\drvlum.dll
C:\WINDOWS\system32\drvlum.dll NOT unregistered.
C:\WINDOWS\system32\drvlum.dll moved successfully.

Created on 01/26/2008 17:31:22
  • 0

#10
Ryan

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Please post a HiJack This log, as well as an uninstall list.

To obtain an Uninstall list.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)

-Ryan
  • 0

Advertisements


#11
shadowkid

shadowkid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:34:50 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1137210665\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1137210665\ee\AOLServiceHost.exe
c:\program files\common files\aol\1137210665\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1137210665\ee\AOLServiceHost.exe
C:\Program Files\LimeWire\LimeWire.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\scan.exe

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {441f5a94-2d20-497b-da54-e7d9f8fb3457} - {7543bf8f-9d7e-45ad-b794-02d249a5f144} - C:\WINDOWS\system32\xivoacag.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7CFE5862-B09D-4802-94DF-9AC7BC7BEDFC} - C:\WINDOWS\system32\mljgh.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvxud.dll,startup
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvlum.dll,startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [2439e46b] rundll32.exe "C:\WINDOWS\system32\wpmmwqlx.dll",b
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab

--
End of file - 9335 bytes


Uninstall Manager:

Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 6.0.1
AIM 6
AIM MusicLink 2.1.0.5
AIM Toolbar
AOL Coach Version 1.0(Build:20020823.1)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Deskbar
AOL Instant Messenger
AOL Toolbar
AOL Uninstaller
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Banctec Service Agreement
Broadcom Advanced Control Suite 2
BroadJump Client Foundation
Canon MP Navigator EX 1.0
Canon MP210 series
Canon MP210 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner (remove only)
dBpoweramp Music Converter
Dell Driver Reset Tool
Dell Media Experience
Dell Support
EarthLink setup files
Easy CD Creator 5 Basic
Hijackthis 1.99.1
HijackThis 2.0.2
hp photosmart printer series (Remove only)
Intel Application Accelerator
Internet Explorer Default Page
iPod for Windows 2005-03-23
iTunes
iTunes
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
Java™ 6 Update 2
Java™ 6 Update 3
LimeWire 4.16.3
Logitech Print Service
Logitech QuickCam
Logitech® Camera Driver
MAGIQLIP2
McAfee Personal Firewall Plus
McAfee SecurityCenter
McAfee SpamKiller
McAfee VirusScan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft AntiSpyware
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Mozilla Firefox (1.0.4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
OpenMG Secure Module 3.4.01
Pure Networks Port Magic
QuickTime
RealPlayer Basic
SBC Self Support Tool
SBC Yahoo! Applications
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
SoundMAX
Spybot - Search & Destroy 1.4
SwiftSwitch
TurboTax 2005
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Viewpoint Media Player
WexTech AnswerWorks
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WordPerfect Office 12
Yahoo! Install Manager


  • 0

#12
Ryan

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
== Remove Programs ==

Please go to Add/Remove Programs in the Control Panel, and remove the following programs
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
Java™ 6 Update 2
Java™ 6 Update 3
LimeWire 4.16.3
Reboot your computer.


== Install Latest Java ==

Please go to THIS page, and click on the Download link that is in the Java Runtime Environment (JRE) 6 section.

Click the radio button next to Accept License Agreement after reviewing it. The page will refresh - this is normal.

Download the Windows Offline Installation, Multi-language. You will want to save this to a location you will remember.

Once it has finished downloading, double click it, and follow the prompts to install.

If it asks to reboot, select Yes.


== Fix HiJack This Entries ==

Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)

O2 - BHO: {441f5a94-2d20-497b-da54-e7d9f8fb3457} - {7543bf8f-9d7e-45ad-b794-02d249a5f144} - C:\WINDOWS\system32\xivoacag.dll (file missing)
O2 - BHO: (no name) - {7CFE5862-B09D-4802-94DF-9AC7BC7BEDFC} - C:\WINDOWS\system32\mljgh.dll (file missing)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvxud.dll,startup
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvlum.dll,startup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [2439e46b] rundll32.exe "C:\WINDOWS\system32\wpmmwqlx.dll",b


Close all open windows except for HiJack This and click fix checked.

Reboot your computer.

Please rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. :)

-Ryan
  • 0

#13
shadowkid

shadowkid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:15:02 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1137210665\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1137210665\ee\AOLServiceHost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\common files\aol\1137210665\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1137210665\ee\AOLServiceHost.exe
C:\Program Files\Trend Micro\HijackThis\scan.exe

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab

--
End of file - 8611 bytes


Everything seems to be working at normal speed again, there are no more pop up notifications saying there are viruses on my computer or anything like that. But when I do start up there is a pop up message saying

"Unable to start driver for HPHipm09.exe (HpHipm09.exe)"

If it's all done, I really appreciate the quick responses you gave me :)
  • 0

#14
Ryan

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Almost all done, just one more scan to do, and then if that's clean, you should be all set.

That file looks like it belongs to an HP printer. Repairing or reinstalling the software that came with it should resolve that issue.

== Clear Temporary Files ==

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyClose all Internet Explorer, Firefox, and Opera windows before continuing.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


== Clear System Restore==

Let's make a new restore point and clear the others:Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point.
Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point. Please do this for each hard drive that you have connected to the computer


== Kaspersky Web Scanner ==

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:[list]
  • Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
  • Scan Options:
Scan Archives
Scan Mail Bases

[*]Click OK
[*]Now under select a target to scan:Select My Computer
[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
[*]Save the file to your desktop.
[*]Copy and paste that information in your next post.

-Ryan
  • 0

#15
shadowkid

shadowkid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Took really long for it to update and scan

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, January 26, 2008 8:17:47 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/01/2008
Kaspersky Anti-Virus database records: 533802
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 62386
Number of viruses found: 13
Number of infected objects: 54
Number of suspicious objects: 2
Duration of the scan process: 00:49:38

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Port Magic\log\tim.7.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MalwareAlarm.zip/lsass.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MalwareAlarm.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\6.0\20\1b0842d4-6539e0e4/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\6.0\20\1b0842d4-6539e0e4 ZIP: infected - 1 skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-3b4335cf/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-3b4335cf ZIP: infected - 1 skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\6.0\23\d372ed7-1f2221e8/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\6.0\23\d372ed7-1f2221e8 ZIP: infected - 1 skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\6.0\34\63206922-2b1cc150/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\6.0\34\63206922-2b1cc150 ZIP: infected - 1 skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-4a21eb84/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-4a21eb84 ZIP: infected - 1 skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\6.0\49\49820371-6d95ef5e/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\6.0\49\49820371-6d95ef5e ZIP: infected - 1 skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\6.0\52\1c9644b4-1b33c8a9/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\6.0\52\1c9644b4-1b33c8a9 ZIP: infected - 1 skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3b070a2d-3beaa857.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3b070a2d-3beaa857.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4972fc1f-431a2b68.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4972fc1f-431a2b68.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4a8e6058-75682296.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4a8e6058-75682296.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5f2e21cd-35dc5689.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5f2e21cd-35dc5689.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b44b06f-4c98765f.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b44b06f-4c98765f.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d691a6b-272bb640.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d691a6b-272bb640.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-bb35ef1-55702a2f.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Sandra Louie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-bb35ef1-55702a2f.zip ZIP: infected - 1 skipped
C:\Documents and Settings\tim\Application Data\acccore\nss\cert8.db Object is locked skipped
C:\Documents and Settings\tim\Application Data\acccore\nss\key3.db Object is locked skipped
C:\Documents and Settings\tim\Application Data\Aim\kqopehyk\shadowkid817\cert8.db Object is locked skipped
C:\Documents and Settings\tim\Application Data\Aim\kqopehyk\shadowkid817\key3.db Object is locked skipped
C:\Documents and Settings\tim\Application Data\Mozilla\Firefox\Profiles\2pmk0b6d.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\tim\Application Data\Mozilla\Firefox\Profiles\2pmk0b6d.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\tim\Application Data\Mozilla\Firefox\Profiles\2pmk0b6d.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\tim\Application Data\Mozilla\Firefox\Profiles\2pmk0b6d.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\tim\Application Data\Mozilla\Firefox\Profiles\2pmk0b6d.default\history.dat Object is locked skipped
C:\Documents and Settings\tim\Application Data\Mozilla\Firefox\Profiles\2pmk0b6d.default\parent.lock Object is locked skipped
C:\Documents and Settings\tim\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\tim\Desktop\Mario - Turning Point - 11 - Like Me Real Hard.mp3 Object is locked skipped
C:\Documents and Settings\tim\Desktop\Mario Winans - I Don't Wanna Know.mp3 Object is locked skipped
C:\Documents and Settings\tim\Desktop\Mario Winans - Stay With Me.mp3 Object is locked skipped
C:\Documents and Settings\tim\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\tim\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\tim\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\tim\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\tim\keygen.exe Infected: Trojan-Downloader.Win32.Agent.htu skipped
C:\Documents and Settings\tim\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\tim\Local Settings\Application Data\AOL OCP\AIM\Storage\data\shadowkid817\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\tim\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini.inuse Object is locked skipped
C:\Documents and Settings\tim\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\tim\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\tim\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\tim\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\tim\Local Settings\History\History.IE5\MSHist012008012620080127\index.dat Object is locked skipped
C:\Documents and Settings\tim\Local Settings\Temp\Perflib_Perfdata_528.dat Object is locked skipped
C:\Documents and Settings\tim\Local Settings\Temp\~DFBFEC.tmp Object is locked skipped
C:\Documents and Settings\tim\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\tim\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped
C:\Documents and Settings\tim\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\tim\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\SBC Self Support Tool\SmartBridge\AlertFilter.log Object is locked skipped
C:\Program Files\SBC Self Support Tool\SmartBridge\log\httpclient.log Object is locked skipped
C:\Program Files\SBC Self Support Tool\SmartBridge\SmartBridge.log Object is locked skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080125-233701-790.dll Infected: Trojan-Downloader.Win32.BHO.cf skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080126-142526-780.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080126-142621-730.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OinFP.exe.vir Infected: Trojan-Downloader.Win32.Agent.hjs skipped
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.gn skipped
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hggeefc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dux skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kxbyhwle.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\SDFix\SDFix\backups_old1\backups.zip/backups/Helper9.dll Infected: Trojan-Downloader.Win32.BHO.cf skipped
C:\SDFix\SDFix\backups_old1\backups.zip/backups/install.exe Infected: Virus.Win32.Virut.av skipped
C:\SDFix\SDFix\backups_old1\backups.zip/backups/winemx32.dll Infected: Trojan.Win32.Dialer.yz skipped
C:\SDFix\SDFix\backups_old1\backups.zip ZIP: infected - 3 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\change.log Object is locked skipped
C:\VundoFix Backups\efcaxwu.dll.bad Infected: Trojan-Downloader.Win32.Small.hsj skipped
C:\VundoFix Backups\hggeefc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dux skipped
C:\VundoFix Backups\kxbyhwle.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\obrnhhef.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\VundoFix Backups\opnonno.dll.bad Infected: Trojan-Downloader.Win32.Small.hsj skipped
C:\VundoFix Backups\zfbdseni.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{037514A4-32E3-4E5D-921B-5BB193C5CC7C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\drvlum.dll Infected: Trojan.Win32.Dialer.yz skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\drvxud.dll Infected: Trojan.Win32.Dialer.yz skipped

Scan process completed.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP