Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

antispywareupdates.net virus/ HELP please! [RESOLVED]

Started by Cave66man , Feb 12 2008 05:18 PM

  • This topic is locked This topic is locked

#1
Cave66man
Posted 12 February 2008 - 05:18 PM

Cave66man

    Member

  • Member
  • PipPip
  • 12 posts
:)
Please be patient with me but I have several things happening all at once.

1. I keep getting pop-ups from antispywareupdates.net(virus for sure)

2. My task manager is greyed-out and won't let me do anything. Whenever I try elsewhere, it tells me I'm not the administrator but I am signed as an administrator.

3. I'm also getting pop-ups from Windows Security Center(which is a fake and another virus)

4. I've tried McAfee and OneCare free scan but it hasn't done a thing to it. HELP PLEASE!!

Here is my "hijackthis" log: THANKS FOR ANY HELP!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:57 PM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Local Settings\Temporary Internet Files\Content.IE5\7GOQJCM8\HiJackThis[1].exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - (no file)
O2 - BHO: (no name) - {fb612e5e-1dd1-11b2-9835-bdb57d8756c5} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: .protected
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...227/mcfscan.cab
O21 - SSODL: breadthes - {5c4f2cbc-f32d-4a03-9812-86f39379811b} - (no file)
O22 - SharedTaskScheduler: breadthes - {5c4f2cbc-f32d-4a03-9812-86f39379811b} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: WUSB54Gv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 10657 bytes
  • 0

Advertisements

#2
kahdah
Posted 12 February 2008 - 07:44 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Cave66man

Welcome to G2Go. :)
==================
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
Cave66man
Posted 12 February 2008 - 11:38 PM

Cave66man

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks for thehelp Kahdah!!!

Combofix log:

ComboFix 08-02-13.2 - Carl Neto 2008-02-12 21:14:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.97 [GMT -8:00]
Running from: C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Local Settings\Temporary Internet Files\Content.IE5\KFFSD9UJ\ComboFix[1].exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\.protected
C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\DOBE~1
C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\FNTS~1
C:\Documents and Settings\Jordan Neto.NETOSDESKTOP\Application Data\FunWebProducts
C:\Documents and Settings\Jordan Neto.NETOSDESKTOP\Application Data\FunWebProducts\Data\Jordan Neto\avatar.dat
C:\Documents and Settings\Jordan Neto.NETOSDESKTOP\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Jordan Neto.NETOSDESKTOP\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Jordan Neto.NETOSDESKTOP\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\NetMon
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\NetMon\log.txt
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\Common Files\{A4ACF~1
C:\Program Files\Common Files\mbols~1
C:\Program Files\Common Files\mbols~1\??mbols\
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\wnsxs~1
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\components
C:\WINDOWS\system32\conf.dat
C:\WINDOWS\system32\drivers\etc\.protected
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wcpit.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.

2008-02-12 16:15 . 2008-02-12 16:15 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-12 16:15 . 2008-02-12 16:16 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-02-12 16:14 . 2008-02-12 16:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-12 14:58 . 2008-02-12 14:58 <DIR> d-------- C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\McAfee
2008-02-12 14:43 . 2008-02-12 14:44 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-02-12 10:51 . 2008-02-12 10:53 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-11 22:26 . 2008-02-12 19:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-11 22:26 . 2008-02-11 22:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-11 21:51 . 2001-08-17 22:37 24,576 --a--c--- C:\WINDOWS\system32\dllcache\agcgauge.ax
2008-02-11 21:46 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-02-11 15:31 . 2008-02-11 15:31 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-02-11 15:10 . 2008-02-12 19:50 5,579 --a------ C:\WINDOWS\system32\Config.MPF
2008-02-11 15:08 . 2008-02-11 15:09 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-02-11 15:08 . 2008-02-11 15:08 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\SiteAdvisor
2008-02-11 15:08 . 2008-02-11 21:37 <DIR> d-------- C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\SiteAdvisor
2008-02-11 15:08 . 2008-02-11 15:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SiteAdvisor
2008-02-11 15:07 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-02-11 15:05 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-02-11 15:05 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-02-11 15:05 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-02-11 15:05 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-02-11 15:05 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-02-11 15:04 . 2008-02-11 15:04 <DIR> d-------- C:\Program Files\McAfee.com
2008-02-11 15:04 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-02-11 15:03 . 2008-02-12 09:59 <DIR> d-------- C:\Program Files\McAfee
2008-02-11 15:03 . 2008-02-11 15:04 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-02-10 00:43 . 2008-02-12 21:08 91,484 --a------ C:\VETlog.dmp
2008-02-10 00:43 . 2008-02-12 19:47 105 --a------ C:\WINDOWS\win.ini
2008-02-09 19:04 . 2007-03-29 04:56 409,600 -----c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-02-09 19:04 . 2007-03-29 04:56 18,944 -----c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-02-09 19:04 . 2007-03-29 04:56 8,192 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-02-09 19:04 . 2007-03-29 04:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-02-09 19:04 . 2007-03-29 04:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-02-09 19:04 . 2007-03-29 04:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-02-09 17:16 . 2008-02-09 17:16 91,667 --a------ C:\WINDOWS\system32\rxjddnvj.exe
2008-02-09 17:16 . 2008-02-10 17:17 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-02-09 13:58 . 2008-02-09 13:58 1 --a------ C:\WINDOWS\system32\rc.dat
2008-02-09 13:58 . 2008-02-09 13:58 1 --a------ C:\WINDOWS\system32\ps1.dat
2008-02-09 13:58 . 2008-02-09 13:58 1 --a------ C:\WINDOWS\system32\cs.dat
2008-02-09 13:13 . 2008-02-09 13:13 54,764 --a------ C:\WINDOWS\system32\4fdw.dll
2008-01-13 19:36 . 2008-01-20 01:20 <DIR> d-------- C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Incomplete

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 05:20 23,808 ----a-w C:\WINDOWS\764.exe
2008-02-13 03:55 --------- d-----w C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\Move Networks
2008-02-11 23:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2008-02-11 03:44 --------- d-----w C:\Program Files\PokerStars.NET
2008-02-10 07:59 15,360 ----a-w C:\WINDOWS\TASKMAN.EXE
2008-02-10 01:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-23 14:51 --------- d-----w C:\Program Files\Common Files\Real
2008-01-23 08:05 --------- d-----w C:\Program Files\iTunes
2008-01-23 08:04 --------- d-----w C:\Program Files\iPod
2008-01-23 08:02 --------- d-----w C:\Program Files\QuickTime
2008-01-20 08:33 --------- d-----w C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\LimeWire
2008-01-12 06:04 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2008-01-12 06:04 --------- d-----w C:\Program Files\Real
2008-01-12 04:33 --------- d-----w C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\Viewpoint
2007-12-30 21:32 --------- d-----w C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\Apple Computer
2007-12-28 07:41 --------- d-----w C:\Program Files\Ring Factory
2007-12-26 18:21 --------- d-----w C:\Program Files\Viewpoint
2007-12-26 18:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2007-12-14 19:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-14 04:08 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-14 04:08 --------- d--h--r C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\SecuROM
2007-12-14 03:31 --------- d-----w C:\Program Files\PopCap Games
2007-12-14 03:26 --------- d-----w C:\Program Files\Java
2007-11-09 04:00 35,720 ----a-w C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\GDIPFONTCACHEV1.DAT
2005-05-12 07:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2003-07-09 21:17 179 ---ha-w C:\Documents and Settings\Wendy Neto\hpothb07.dat
2003-06-17 03:12 178 ---ha-w C:\Documents and Settings\Carl Neto\hpothb07.dat
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 69,632 2001-10-12 22:45:06 C:\Program Files\Analog Devices\SoundMAX\bak\Smtray.exe

----a-w 50,760 2006-05-10 00:24:16 C:\Program Files\Common Files\AOL\1124609082\ee\bak\AOLSoftware.exe
----a-w 50,736 2006-09-26 00:52:48 C:\Program Files\Common Files\AOL\1124609082\ee\AOLSoftware.exe

----a-w 50,736 2006-09-26 00:52:48 C:\Program Files\Common Files\AOL\1168410013\EE\bak\AOLSoftware.exe

----a-r 71,216 2006-10-23 12:50:37 C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe

----a-w 50,688 2003-06-07 11:32:32 C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe

----a-w 90,112 2002-10-07 07:23:20 C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe

----a-w 69,632 2002-04-17 17:42:56 C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe

----a-w 49,152 2005-05-12 07:12:54 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe

----a-w 229,952 2006-09-25 21:54:24 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-01-15 11:22:56 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 36,975 2005-11-10 21:03:52 C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe

----a-w 49,263 2006-11-09 23:07:30 C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe

----a-w 20,480 2006-12-27 00:26:52 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\BackWeb-8876480.exe

----a-w 36,864 2006-04-28 03:55:24 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe

----a-w 458,752 2005-06-08 22:24:32 C:\Program Files\Logitech\Video\bak\ISStart.exe

----a-w 217,088 2005-06-08 22:14:44 C:\Program Files\Logitech\Video\bak\LogiTray.exe

----a-w 196,608 2005-06-08 21:44:14 C:\Program Files\Logitech\Video\bak\ManifestEngine.exe

----a-w 28,739 2000-07-13 19:00:00 C:\Program Files\Microsoft Works\bak\WkDetect.exe

----a-w 24,576 2000-07-13 19:00:00 C:\Program Files\Microsoft Works\bak\wkfud.exe

----a-w 311,350 2000-07-13 19:00:00 C:\Program Files\Microsoft Works\bak\WksSb.exe

----a-w 282,624 2006-09-24 10:24:54 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 385,024 2008-01-10 23:27:36 C:\Program Files\QuickTime\QTTask.exe

----a-w 176,128 2005-03-08 04:42:09 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb12.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"AOL Fast Start"="C:\Program Files\America Online 9.0b\AOL.exe" [2005-07-25 13:30 50776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-01-11 22:04 26112]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 13:57 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29 1160480]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 01:01 437160]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)


*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2008-02-06 06:19:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-11 23:04:27 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-11 23:04:25 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-08-31 15:13:50 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 21:22:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\ESHOPEE.exe 16384 bytes
C:\WINDOWS\system32\vxddsk.exe 28160 bytes
C:\WINDOWS\system32\wml.exe 12800 bytes
C:\WINDOWS\system32\msole32.exe 14080 bytes

scan completed successfully
hidden files: 4

**************************************************************************
.
Completion time: 2008-02-12 21:26:20
ComboFix-quarantined-files.txt 2008-02-13 05:26:16
.
2008-02-10 11:05:59 --- E O F ---






Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:57 PM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Local Settings\Temporary Internet Files\Content.IE5\7GOQJCM8\HiJackThis[1].exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - (no file)
O2 - BHO: (no name) - {fb612e5e-1dd1-11b2-9835-bdb57d8756c5} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: .protected
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...227/mcfscan.cab
O21 - SSODL: breadthes - {5c4f2cbc-f32d-4a03-9812-86f39379811b} - (no file)
O22 - SharedTaskScheduler: breadthes - {5c4f2cbc-f32d-4a03-9812-86f39379811b} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: WUSB54Gv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 10657 bytes



THANKS!!!!
  • 0

#4
kahdah
Posted 13 February 2008 - 03:27 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Becasue Hijackthis is running from a temporary location I will need you to redownload it.

* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\Hijack This.
  • Click on I agree

After that click on "Do a system scan only"
Then place a check mark next to these entries below:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - (no file)
O2 - BHO: (no name) - {fb612e5e-1dd1-11b2-9835-bdb57d8756c5} - (no file)
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - Global Startup: .protected
O21 - SSODL: breadthes - {5c4f2cbc-f32d-4a03-9812-86f39379811b} - (no file)
O22 - SharedTaskScheduler: breadthes - {5c4f2cbc-f32d-4a03-9812-86f39379811b} - (no file)


Now click on Fix Checked and then close Hijackthis.
====================================
Becasue Combofix is running from a temporary location I will need you to redownload it and save it to your desktop.
Then:
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\rc.dat
C:\WINDOWS\system32\ps1.dat
C:\WINDOWS\system32\cs.dat
C:\WINDOWS\system32\4fdw.dll
C:\WINDOWS\764.exe
C:\WINDOWS\system32\ESHOPEE.exe 
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe 
C:\WINDOWS\system32\msole32.exe
c:\documents and settings\All Users\start menu\programs\startup\.protected
Folder::
C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\Viewpoint
C:\Program Files\Viewpoint
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
Driver::
4fdw


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
=============================
You have a downloader trojan called Downloader.Agent.awf or Downloader.Agent.ayy. This trojan replaces legitimate files that are common on most computers with an infected file. It then moves the legitimate file to a "bak" or backup folder. Please follow the directions below to run FindAWF so we can identify the files that have been infected and the backups then restore them.

Download FindAWF.exe from here or here, and save it to your desktop.
  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • You will be presented with a Menu.

    1. Press 1 then Enter to scan for bak folders
    2. Press 2 then Enter to restore files from bak folders
    3. Press 3 then Enter to remove bak folders
    4. Press 4 then Enter to reset domain zones
    5. Press E then Enter to EXIT

  • Press 1, then press Enter
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in notepad called AWF.txt.
  • Please copy and paste the contents of the AWF.txt file in your next reply.

  • 0

#5
Cave66man
Posted 13 February 2008 - 12:50 PM

Cave66man

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks you so much for your help so far!! I appreciate your help, I really do. Here are the logs you've requested:

new Combofix log:

ComboFix 08-02-13.2 - Carl Neto 2008-02-13 10:07:34.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.226 [GMT -8:00]
Running from: C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
c:\documents and settings\All Users\start menu\programs\startup\.protected
C:\WINDOWS\764.exe
C:\WINDOWS\system32\4fdw.dll
C:\WINDOWS\system32\cs.dat
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\ps1.dat
C:\WINDOWS\system32\rc.dat
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\wml.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll
C:\WINDOWS\system32\4fdw.dll
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\Viewpoint
C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini
C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini
C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini
C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\1007280907.mtx
C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini
C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\UpdateVersionList_v2.mtx
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305001C.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
C:\Program Files\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus\FLFBootStrap.mtx
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\4fdw.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\cs.dat
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\ps1.dat
C:\WINDOWS\system32\rc.dat
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
C:\Program Files\Viewpoint

----- BITS: Possible infected sites -----

hxxp://auơj+|Cü¤̀›v÷+È@™JŸ:®½‰NêGD_©½ºD˜QÄ{¶ÀzÎƯcxLÍØ÷J‚ï…SÀ¶@Ä;]ñ¹3ÔE¿ ³èÖ0gWU Client Download S-1-5-18`€HT4?? 6ÚVwoQZC¬¬D¢HÿóM6ÚVwoQZC¬¬D¢HÿóMXuÂB—nÈÂB—nÈÂB—nÈđ­ºÂB—nÈ
ÂÂÄđÍ´Èđ­ºƯcxLÍØ÷J‚ï…SÀ¶@ÄGD_©½ºD˜QÄ{¶ÀzÎGD_©½ºD˜QÄ{¶ÀzÎGD_©½ºD˜QÄ{¶ÀzÎ÷+È@™
JŸ:®½‰Nêơj+|Cü¤̀›vblob•
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\4fdw


((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.

2008-02-13 10:15 . 2008-02-13 10:15 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-13 10:15 . 2008-02-13 10:15 <DIR> d-------- C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\Viewpoint
2008-02-13 10:13 . 2008-02-13 10:19 <DIR> d-------- C:\WINDOWS\system32\acespy
2008-02-13 10:13 . 2008-02-13 10:19 <DIR> d-------- C:\Program Files\p2pnetworks
2008-02-13 10:13 . 2008-02-13 10:19 <DIR> d-------- C:\Program Files\e-zshopper
2008-02-13 10:13 . 2008-02-13 10:19 <DIR> d-------- C:\Program Files\amsys
2008-02-13 10:13 . 2008-02-13 10:19 <DIR> d-------- C:\Program Files\akl
2008-02-13 10:13 . 2008-02-13 10:19 <DIR> d-------- C:\Program Files\Accoona
2008-02-13 10:13 . 2008-02-13 10:19 <DIR> d-------- C:\Program Files\3721
2008-02-13 09:39 . 2008-02-13 09:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-12 16:15 . 2008-02-12 16:15 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-12 16:15 . 2008-02-12 16:16 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-02-12 16:14 . 2008-02-12 16:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-12 14:58 . 2008-02-12 14:58 <DIR> d-------- C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\McAfee
2008-02-12 14:43 . 2008-02-12 14:44 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-02-12 10:51 . 2008-02-12 10:53 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-11 22:26 . 2008-02-13 10:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-11 22:26 . 2008-02-11 22:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-11 21:51 . 2001-08-17 22:37 24,576 --a--c--- C:\WINDOWS\system32\dllcache\agcgauge.ax
2008-02-11 21:46 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-02-11 15:31 . 2008-02-11 15:31 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-02-11 15:10 . 2008-02-13 10:17 5,699 --a------ C:\WINDOWS\system32\Config.MPF
2008-02-11 15:08 . 2008-02-11 15:09 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-02-11 15:08 . 2008-02-11 15:08 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\SiteAdvisor
2008-02-11 15:08 . 2008-02-11 21:37 <DIR> d-------- C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\SiteAdvisor
2008-02-11 15:08 . 2008-02-11 15:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SiteAdvisor
2008-02-11 15:07 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-02-11 15:05 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-02-11 15:05 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-02-11 15:05 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-02-11 15:05 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-02-11 15:05 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-02-11 15:04 . 2008-02-11 15:04 <DIR> d-------- C:\Program Files\McAfee.com
2008-02-11 15:04 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-02-11 15:03 . 2008-02-13 04:24 <DIR> d-------- C:\Program Files\McAfee
2008-02-11 15:03 . 2008-02-11 15:04 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-02-10 00:43 . 2008-02-13 10:00 50,845 --a------ C:\VETlog.dmp
2008-02-10 00:43 . 2008-02-13 10:19 105 --a------ C:\WINDOWS\win.ini
2008-02-09 19:04 . 2007-03-29 04:56 409,600 -----c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-02-09 19:04 . 2007-03-29 04:56 18,944 -----c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-02-09 19:04 . 2007-03-29 04:56 8,192 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-02-09 19:04 . 2007-03-29 04:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-02-09 19:04 . 2007-03-29 04:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-02-09 19:04 . 2007-03-29 04:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-01-13 19:36 . 2008-01-20 01:20 <DIR> d-------- C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Incomplete

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 18:14 30,720 ----a-w C:\WINDOWS\liqui.exe
2008-02-13 18:14 29,440 ----a-w C:\WINDOWS\eventlowg.dll
2008-02-13 18:14 26,368 ----a-w C:\WINDOWS\liqui-Uninstaller.exe
2008-02-13 18:14 20,224 ----a-w C:\WINDOWS\daxtime.dll
2008-02-13 18:14 15,872 ----a-w C:\WINDOWS\liqui.dll
2008-02-13 18:13 8,960 ----a-w C:\WINDOWS\spredirect.dll
2008-02-13 18:13 8,448 ----a-w C:\WINDOWS\kkcomp$.exe
2008-02-13 18:13 8,192 ----a-w C:\WINDOWS\kvnab.exe
2008-02-13 18:13 32,512 ----a-w C:\WINDOWS\liqad.exe
2008-02-13 18:13 31,744 ----a-w C:\WINDOWS\adbar.dll
2008-02-13 18:13 31,488 ----a-w C:\WINDOWS\liqad$.exe
2008-02-13 18:13 30,976 ----a-w C:\WINDOWS\7search.dll
2008-02-13 18:13 27,648 ----a-w C:\WINDOWS\pbsysie.dll
2008-02-13 18:13 27,136 ----a-w C:\WINDOWS\kvnab$.exe
2008-02-13 18:13 26,624 ----a-w C:\WINDOWS\dp0.dll
2008-02-13 18:13 25,856 ----a-w C:\WINDOWS\fhfmm-Uninstaller.exe
2008-02-13 18:13 25,088 ----a-w C:\WINDOWS\aconti.exe
2008-02-13 18:13 24,064 ----a-w C:\WINDOWS\flt.dll
2008-02-13 18:13 23,296 ----a-w C:\WINDOWS\wbeCheck.exe
2008-02-13 18:13 21,504 ----a-w C:\WINDOWS\wml.exe
2008-02-13 18:13 21,248 ----a-w C:\WINDOWS\xxxvideo.exe
2008-02-13 18:13 20,736 ----a-w C:\WINDOWS\jd2002.dll
2008-02-13 18:13 20,224 ----a-w C:\WINDOWS\kkcomp.dll
2008-02-13 18:13 19,456 ----a-w C:\WINDOWS\iexplorr23.dll
2008-02-13 18:13 19,456 ----a-w C:\WINDOWS\hotporn.exe
2008-02-13 18:13 18,688 ----a-w C:\WINDOWS\ngd.dll
2008-02-13 18:13 17,920 ----a-w C:\WINDOWS\wbeInst$.exe
2008-02-13 18:13 17,920 ----a-w C:\WINDOWS\ie_32.exe
2008-02-13 18:13 17,408 ----a-w C:\WINDOWS\xadbrk_.exe
2008-02-13 18:13 17,408 ----a-w C:\WINDOWS\kkcomp.exe
2008-02-13 18:13 17,408 ----a-w C:\WINDOWS\764.exe
2008-02-13 18:13 16,640 ----a-w C:\WINDOWS\fhfmm.exe
2008-02-13 18:13 14,848 ----a-w C:\WINDOWS\cbinst$.exe
2008-02-13 18:13 13,568 ----a-w C:\WINDOWS\xadbrk.exe
2008-02-13 18:13 13,056 ----a-w C:\WINDOWS\kvnab.dll
2008-02-13 18:13 12,032 ----a-w C:\WINDOWS\liqad.dll
2008-02-13 18:13 11,264 ----a-w C:\WINDOWS\xadbrk.dll
2008-02-13 18:13 11,264 ----a-w C:\WINDOWS\vxddsk.exe
2008-02-13 18:13 11,264 ----a-w C:\WINDOWS\settn.dll
2008-02-13 18:13 11,264 ----a-w C:\WINDOWS\hcwprn.exe
2008-02-13 18:13 10,752 ----a-w C:\WINDOWS\pbar.dll
2008-02-13 03:55 --------- d-----w C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\Move Networks
2008-02-11 23:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2008-02-11 03:44 --------- d-----w C:\Program Files\PokerStars.NET
2008-02-10 07:59 15,360 ----a-w C:\WINDOWS\TASKMAN.EXE
2008-02-10 01:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-23 14:51 --------- d-----w C:\Program Files\Common Files\Real
2008-01-23 08:05 --------- d-----w C:\Program Files\iTunes
2008-01-23 08:04 --------- d-----w C:\Program Files\iPod
2008-01-23 08:02 --------- d-----w C:\Program Files\QuickTime
2008-01-20 08:33 --------- d-----w C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\LimeWire
2008-01-12 06:04 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2008-01-12 06:04 --------- d-----w C:\Program Files\Real
2007-12-30 21:32 --------- d-----w C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\Apple Computer
2007-12-28 07:41 --------- d-----w C:\Program Files\Ring Factory
2007-12-26 18:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-14 19:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-14 04:08 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-14 04:08 --------- d--h--r C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\SecuROM
2007-12-14 03:31 --------- d-----w C:\Program Files\PopCap Games
2007-12-14 03:26 --------- d-----w C:\Program Files\Java
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-09 04:00 35,720 ----a-w C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\GDIPFONTCACHEV1.DAT
2005-05-12 07:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2003-07-09 21:17 179 ---ha-w C:\Documents and Settings\Wendy Neto\hpothb07.dat
2003-06-17 03:12 178 ---ha-w C:\Documents and Settings\Carl Neto\hpothb07.dat
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 69,632 2001-10-12 22:45:06 C:\Program Files\Analog Devices\SoundMAX\bak\Smtray.exe

----a-w 50,760 2006-05-10 00:24:16 C:\Program Files\Common Files\AOL\1124609082\ee\bak\AOLSoftware.exe
----a-w 50,736 2006-09-26 00:52:48 C:\Program Files\Common Files\AOL\1124609082\ee\AOLSoftware.exe

----a-w 50,736 2006-09-26 00:52:48 C:\Program Files\Common Files\AOL\1168410013\EE\bak\AOLSoftware.exe

----a-r 71,216 2006-10-23 12:50:37 C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe

----a-w 50,688 2003-06-07 11:32:32 C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe

----a-w 90,112 2002-10-07 07:23:20 C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe

----a-w 69,632 2002-04-17 17:42:56 C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe

----a-w 49,152 2005-05-12 07:12:54 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe

----a-w 229,952 2006-09-25 21:54:24 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-01-15 11:22:56 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 36,975 2005-11-10 21:03:52 C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe

----a-w 49,263 2006-11-09 23:07:30 C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe

----a-w 20,480 2006-12-27 00:26:52 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\BackWeb-8876480.exe

----a-w 36,864 2006-04-28 03:55:24 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe

----a-w 458,752 2005-06-08 22:24:32 C:\Program Files\Logitech\Video\bak\ISStart.exe

----a-w 217,088 2005-06-08 22:14:44 C:\Program Files\Logitech\Video\bak\LogiTray.exe

----a-w 196,608 2005-06-08 21:44:14 C:\Program Files\Logitech\Video\bak\ManifestEngine.exe

----a-w 28,739 2000-07-13 19:00:00 C:\Program Files\Microsoft Works\bak\WkDetect.exe

----a-w 24,576 2000-07-13 19:00:00 C:\Program Files\Microsoft Works\bak\wkfud.exe

----a-w 311,350 2000-07-13 19:00:00 C:\Program Files\Microsoft Works\bak\WksSb.exe

----a-w 282,624 2006-09-24 10:24:54 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 385,024 2008-01-10 23:27:36 C:\Program Files\QuickTime\QTTask.exe

----a-w 176,128 2005-03-08 04:42:09 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb12.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"AOL Fast Start"="C:\Program Files\America Online 9.0b\AOL.exe" [2005-07-25 13:30 50776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-01-11 22:04 26112]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 13:57 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29 1160480]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 01:01 437160]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

S2 0208451202905470mcinstcleanup;McAfee Application Installer Cleanup (0208451202905470);C:\WINDOWS\TEMP\020845~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []

*Newly Created Service* - 0208451202905470MCINSTCLEANUP
.
Contents of the 'Scheduled Tasks' folder
"2008-02-13 06:19:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-11 23:04:27 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-11 23:04:25 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-08-31 15:13:50 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 10:20:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\America Online 9.0b\shellmon.exe
.
**************************************************************************
.
Completion time: 2008-02-13 10:25:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-13 18:25:45
ComboFix2.txt 2008-02-13 05:26:21
.
2008-02-13 11:06:43 --- E O F ---






New hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:22 AM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...227/mcfscan.cab
O23 - Service: McAfee Application Installer Cleanup (0208451202905470) (0208451202905470mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\020845~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: WUSB54Gv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 7613 bytes




FindAWF LOG





Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Wed 02/13/2008
The current time is: 10:38:08.64


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ITUNES\BAK

09/25/2006 01:54 PM 229,952 iTunesHelper.exe
1 File(s) 229,952 bytes

Directory of C:\PROGRA~1\MIF2B0~1\BAK

07/13/2000 11:00 AM 28,739 WkDetect.exe
07/13/2000 11:00 AM 24,576 wkfud.exe
07/13/2000 11:00 AM 311,350 WksSb.exe
3 File(s) 364,665 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

09/24/2006 02:24 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

10/12/2001 02:45 PM 69,632 Smtray.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\COMMON~1\WFWM\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSHAR~1\BAK

04/17/2002 09:42 AM 69,632 hpgs2wnd.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

05/11/2005 11:12 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\LOGITECH\VIDEO\BAK

06/08/2005 02:24 PM 458,752 ISStart.exe
06/08/2005 02:14 PM 217,088 LogiTray.exe
06/08/2005 01:44 PM 196,608 ManifestEngine.exe
3 File(s) 872,448 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\ACS\BAK

10/23/2006 04:50 AM 71,216 AOLDial.exe
1 File(s) 71,216 bytes

Directory of C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\BAK

06/07/2003 03:32 AM 50,688 WkUFind.exe
1 File(s) 50,688 bytes

Directory of C:\PROGRA~1\HEWLET~1\DIGITA~1\UNLOAD\BAK

10/06/2002 11:23 PM 90,112 hpqcmon.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_1\BIN\BAK

11/09/2006 03:07 PM 49,263 jusched.exe
1 File(s) 49,263 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~2.0_0\BIN\BAK

11/10/2005 01:03 PM 36,975 jusched.exe
1 File(s) 36,975 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\112460~1\EE\BAK

05/09/2006 04:24 PM 50,760 AOLSoftware.exe
1 File(s) 50,760 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\116841~1\EE\BAK

09/25/2006 04:52 PM 50,736 AOLSoftware.exe
1 File(s) 50,736 bytes

Directory of C:\PROGRA~1\LOGITECH\DESKTO~1\8876480\PROGRAM\BAK

12/26/2006 04:26 PM 20,480 BackWeb-8876480.exe
04/27/2006 07:55 PM 36,864 LogitechDesktopMessenger.exe
2 File(s) 57,344 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

03/07/2005 08:42 PM 176,128 hpztsb12.exe
1 File(s) 176,128 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

256576 Oct 30 2006 "C:\Program Files\iTunes\iTunesHelper.exe1168393973"
229952 Sep 25 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Jan 23 2008 "C:\WINDOWS\Installer\{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}\iTunesIco.exe"
108096 Oct 30 2006 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe"
79144 Jan 22 2008 "C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 7.6.0.29\iTunesSetupAdmin.exe"
28739 Jul 13 2000 "C:\Program Files\Microsoft Works\bak\WkDetect.exe"
24576 Jul 13 2000 "C:\Program Files\Microsoft Works\bak\wkfud.exe"
311350 Jul 13 2000 "C:\Program Files\Microsoft Works\bak\WksSb.exe"
385024 Jan 10 2008 "C:\Program Files\QuickTime\QTTask.exe"
282624 Sep 24 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
69632 Oct 12 2001 "C:\Program Files\Analog Devices\SoundMAX\bak\Smtray.exe"
69632 Oct 12 2001 "C:\COMPAQ\AUDIO\ADI\SOUNDMAX CONTROL PANEL\SYS\SMTRAY.EXE"
69632 Apr 17 2002 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe"
49152 May 11 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
458752 Jun 8 2005 "C:\Program Files\Logitech\Video\bak\ISStart.exe"
217088 Jun 8 2005 "C:\Program Files\Logitech\Video\bak\LogiTray.exe"
196608 Jun 8 2005 "C:\Program Files\Logitech\Video\bak\ManifestEngine.exe"
71216 Oct 23 2006 "C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe"
50688 Jun 7 2003 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe"
90112 Oct 6 2002 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe"
36975 Mar 4 2005 "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe"
36975 Mar 4 2005 "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe"
50736 Sep 25 2006 "C:\Program Files\AIM6\aolsoftware.exe"
50736 Sep 25 2006 "C:\Program Files\Common Files\AOL\1124609082\ee\AOLSoftware.exe"
50760 May 9 2006 "C:\Program Files\Common Files\AOL\1124609082\ee\bak\AOLSoftware.exe"
50736 Sep 25 2006 "C:\Program Files\Common Files\AOL\1168410013\EE\bak\AOLSoftware.exe"
50736 Sep 25 2006 "C:\Program Files\AIM6\aolsoftware.exe"
50736 Sep 25 2006 "C:\Program Files\Common Files\AOL\1124609082\ee\AOLSoftware.exe"
50760 May 9 2006 "C:\Program Files\Common Files\AOL\1124609082\ee\bak\AOLSoftware.exe"
50736 Sep 25 2006 "C:\Program Files\Common Files\AOL\1168410013\EE\bak\AOLSoftware.exe"
20480 Dec 26 2006 "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\BackWeb-8876480.exe"
36864 Apr 27 2006 "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe"
176128 Mar 7 2005 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb12.exe"


end of report


THANKS AGAIN!!!
  • 0

#6
kahdah
Posted 13 February 2008 - 07:59 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\Viewpoint
C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\Viewpoint
C:\WINDOWS\system32\acespy
C:\Program Files\p2pnetworks
C:\Program Files\e-zshopper
C:\Program Files\amsys
C:\Program Files\akl
C:\Program Files\Accoona
C:\Program Files\3721
C:\WINDOWS\liqui.exe
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\liqui.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\liqad$.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\dp0.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\aconti.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xxxvideo.exe
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\764.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\liqad.dll
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\settn.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\pbar.dll
C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
================================
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


    "C:\Program Files\iTunes\bak\iTunesHelper.exe"
    "C:\Program Files\Microsoft Works\bak\WkDetect.exe"
    "C:\Program Files\Microsoft Works\bak\wkfud.exe"
    "C:\Program Files\Microsoft Works\bak\WksSb.exe"
    "C:\Program Files\QuickTime\bak\qttask.exe"
    "C:\Program Files\Analog Devices\SoundMAX\bak\Smtray.exe"
    "C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe"
    "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
    "C:\Program Files\Logitech\Video\bak\ISStart.exe"
    "C:\Program Files\Logitech\Video\bak\LogiTray.exe"
    "C:\Program Files\Logitech\Video\bak\ManifestEngine.exe"
    "C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe"
    "C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe"
    "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe"
    "C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe"
    "C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe"
    "C:\Program Files\Common Files\AOL\1124609082\ee\bak\AOLSoftware.exe"
    "C:\Program Files\Common Files\AOL\1168410013\EE\bak\AOLSoftware.exe"
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\BackWeb-8876480.exe"
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe"
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb12.exe"

  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • You will be presented with a Menu.

    1. Press 1 then Enter to scan for bak folders
    2. Press 2 then Enter to restore files from bak folders
    3. Press 3 then Enter to remove bak folders
    4. Press 4 then Enter to reset domain zones
    5. Press E then Enter to EXIT

  • Press 2, then press Enter.
  • Press any key to continue.
  • A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of files to be restored.
  • Right click below this line and select Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
  • The program will proceed to move the legit files and will perform another scan for .bak folder
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in notepad called AWF.txt.
  • Please copy and paste the contents of the AWF.txt file in your next reply.

  • 0

#7
Cave66man
Posted 14 February 2008 - 02:11 AM

Cave66man

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks again. I had tried everything but had no success on my own before. THANKS! :)

After I sent my last email with the log files I restarted my computer and it's perfect now. Should I still follow your last email's directions or... since it's fine now I should just leave it alone?

My task manager is back, my wallpaper returned and all the pop up and internet explorer hijacks stopped! I'm shocked but happy! You guys rock! Thank you!
  • 0

#8
kahdah
Posted 14 February 2008 - 02:55 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes please follow the rest of the instructions as you still have active infections that we need to take care of.
  • 0

#9
Cave66man
Posted 14 February 2008 - 12:42 PM

Cave66man

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks kahdah! :)

Here's the log:

Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Thu 02/14/2008
The current time is: 9:33:37.37


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ITUNES\BAK

09/25/2006 01:54 PM 229,952 iTunesHelper.exe
1 File(s) 229,952 bytes

Directory of C:\PROGRA~1\MIF2B0~1\BAK

07/13/2000 11:00 AM 28,739 WkDetect.exe
07/13/2000 11:00 AM 24,576 wkfud.exe
07/13/2000 11:00 AM 311,350 WksSb.exe
3 File(s) 364,665 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

09/24/2006 02:24 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

10/12/2001 02:45 PM 69,632 Smtray.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\COMMON~1\WFWM\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSHAR~1\BAK

04/17/2002 09:42 AM 69,632 hpgs2wnd.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

05/11/2005 11:12 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\LOGITECH\VIDEO\BAK

06/08/2005 02:24 PM 458,752 ISStart.exe
06/08/2005 02:14 PM 217,088 LogiTray.exe
06/08/2005 01:44 PM 196,608 ManifestEngine.exe
3 File(s) 872,448 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\ACS\BAK

10/23/2006 04:50 AM 71,216 AOLDial.exe
1 File(s) 71,216 bytes

Directory of C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\BAK

06/07/2003 03:32 AM 50,688 WkUFind.exe
1 File(s) 50,688 bytes

Directory of C:\PROGRA~1\HEWLET~1\DIGITA~1\UNLOAD\BAK

10/06/2002 11:23 PM 90,112 hpqcmon.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_1\BIN\BAK

11/09/2006 03:07 PM 49,263 jusched.exe
1 File(s) 49,263 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~2.0_0\BIN\BAK

11/10/2005 01:03 PM 36,975 jusched.exe
1 File(s) 36,975 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\112460~1\EE\BAK

05/09/2006 04:24 PM 50,760 AOLSoftware.exe
1 File(s) 50,760 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\116841~1\EE\BAK

09/25/2006 04:52 PM 50,736 AOLSoftware.exe
1 File(s) 50,736 bytes

Directory of C:\PROGRA~1\LOGITECH\DESKTO~1\8876480\PROGRAM\BAK

12/26/2006 04:26 PM 20,480 BackWeb-8876480.exe
04/27/2006 07:55 PM 36,864 LogitechDesktopMessenger.exe
2 File(s) 57,344 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

03/07/2005 08:42 PM 176,128 hpztsb12.exe
1 File(s) 176,128 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

256576 Oct 30 2006 "C:\Program Files\iTunes\iTunesHelper.exe1168393973"
229952 Sep 25 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Jan 23 2008 "C:\WINDOWS\Installer\{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}\iTunesIco.exe"
108096 Oct 30 2006 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe"
79144 Jan 22 2008 "C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 7.6.0.29\iTunesSetupAdmin.exe"
28739 Jul 13 2000 "C:\Program Files\Microsoft Works\WkDetect.exe"
28739 Jul 13 2000 "C:\Program Files\Microsoft Works\bak\WkDetect.exe"
24576 Jul 13 2000 "C:\Program Files\Microsoft Works\wkfud.exe"
24576 Jul 13 2000 "C:\Program Files\Microsoft Works\bak\wkfud.exe"
311350 Jul 13 2000 "C:\Program Files\Microsoft Works\WksSb.exe"
311350 Jul 13 2000 "C:\Program Files\Microsoft Works\bak\WksSb.exe"
385024 Jan 10 2008 "C:\Program Files\QuickTime\QTTask.exe"
282624 Sep 24 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
69632 Oct 12 2001 "C:\Program Files\Analog Devices\SoundMAX\Smtray.exe"
69632 Oct 12 2001 "C:\Program Files\Analog Devices\SoundMAX\bak\Smtray.exe"
69632 Oct 12 2001 "C:\COMPAQ\AUDIO\ADI\SOUNDMAX CONTROL PANEL\SYS\SMTRAY.EXE"
69632 Apr 17 2002 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
69632 Apr 17 2002 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe"
49152 May 11 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 May 11 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
458752 Jun 8 2005 "C:\Program Files\Logitech\Video\ISStart.exe"
458752 Jun 8 2005 "C:\Program Files\Logitech\Video\bak\ISStart.exe"
217088 Jun 8 2005 "C:\Program Files\Logitech\Video\LogiTray.exe"
217088 Jun 8 2005 "C:\Program Files\Logitech\Video\bak\LogiTray.exe"
196608 Jun 8 2005 "C:\Program Files\Logitech\Video\ManifestEngine.exe"
196608 Jun 8 2005 "C:\Program Files\Logitech\Video\bak\ManifestEngine.exe"
71216 Oct 23 2006 "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
71216 Oct 23 2006 "C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe"
50688 Jun 7 2003 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
50688 Jun 7 2003 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe"
90112 Oct 6 2002 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
90112 Oct 6 2002 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe"
36975 Mar 4 2005 "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe"
36975 Mar 4 2005 "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe"
50736 Sep 25 2006 "C:\Program Files\AIM6\aolsoftware.exe"
50760 May 9 2006 "C:\Program Files\Common Files\AOL\1124609082\ee\AOLSoftware.exe"
50736 Sep 25 2006 "C:\Program Files\Common Files\AOL\1168410013\EE\AOLSoftware.exe"
50760 May 9 2006 "C:\Program Files\Common Files\AOL\1124609082\ee\bak\AOLSoftware.exe"
50736 Sep 25 2006 "C:\Program Files\Common Files\AOL\1168410013\EE\bak\AOLSoftware.exe"
50736 Sep 25 2006 "C:\Program Files\AIM6\aolsoftware.exe"
50760 May 9 2006 "C:\Program Files\Common Files\AOL\1124609082\ee\AOLSoftware.exe"
50736 Sep 25 2006 "C:\Program Files\Common Files\AOL\1168410013\EE\AOLSoftware.exe"
50760 May 9 2006 "C:\Program Files\Common Files\AOL\1124609082\ee\bak\AOLSoftware.exe"
50736 Sep 25 2006 "C:\Program Files\Common Files\AOL\1168410013\EE\bak\AOLSoftware.exe"
20480 Dec 26 2006 "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe"
20480 Dec 26 2006 "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\BackWeb-8876480.exe"
36864 Apr 27 2006 "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
36864 Apr 27 2006 "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe"
176128 Mar 7 2005 "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe"
176128 Mar 7 2005 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb12.exe"


end of report
  • 0

#10
kahdah
Posted 14 February 2008 - 06:41 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
COuld you post the log from the OTMove it 2 please as instructed in this post Here
Thank you.
==============================================

  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


    C:\Program Files\iTunes\bak
    C:\Program Files\Microsoft Works\bak
    C:\Program Files\QuickTime\bak
    C:\Program Files\Analog Devices\SoundMAX\bak
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak
    C:\Program Files\Logitech\Video\bak
    C:\Program Files\Common Files\AOL\ACS\bak
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak
    C:\Program Files\Java\jre1.5.0_10\bin\bak
    C:\Program Files\Common Files\AOL\1124609082\ee\bak
    C:\Program Files\Common Files\AOL\1168410013\EE\bak
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak
    C:\WINDOWS\system32\spool\drivers\w32x86\3\bak
    C:\Program Files\MSNMESSENGER\BAK
    C:\WINDOWS\SYSTEM32\BAK
    C:\Program Files\Java\jre1.5.0_06\bin\bak

  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • You will be presented with a Menu.

    1. Press 1 then Enter to scan for bak folders
    2. Press 2 then Enter to restore files from bak folders
    3. Press 3 then Enter to remove bak folders
    4. Press 4 then Enter to reset domain zones
    5. Press E then Enter to EXIT

  • Press 3, then press Enter.
  • Press any key to continue.
  • A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of folders to be removed.
  • Right click below this line and select Paste, to paste the list of folders copied to the clipboard earlier. Save and close the document.
  • The program will proceed to remove the bad folders and will perform another scan for .bak folder
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in notepad called AWF.txt.
  • Please copy and paste the contents of the AWF.txt file in your next reply.

  • 0

Advertisements

#11
Cave66man
Posted 15 February 2008 - 03:43 PM

Cave66man

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks again! I appreciate the help!

OTMoveIt2 log


C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components moved successfully.
Folder move failed. C:\Program Files\Viewpoint\Viewpoint Experience Technology scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Viewpoint scheduled to be moved on reboot.
File/Folder C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Application Data\Viewpoint not found.
File/Folder C:\WINDOWS\system32\acespy not found.
File/Folder C:\Program Files\p2pnetworks not found.
File/Folder C:\Program Files\e-zshopper not found.
File/Folder C:\Program Files\amsys not found.
File/Folder C:\Program Files\akl not found.
File/Folder C:\Program Files\Accoona not found.
File/Folder C:\Program Files\3721 not found.
File/Folder C:\WINDOWS\liqui.exe not found.
File/Folder C:\WINDOWS\eventlowg.dll not found.
File/Folder C:\WINDOWS\liqui-Uninstaller.exe not found.
File/Folder C:\WINDOWS\daxtime.dll not found.
File/Folder C:\WINDOWS\liqui.dll not found.
File/Folder C:\WINDOWS\spredirect.dll not found.
File/Folder C:\WINDOWS\kkcomp$.exe not found.
File/Folder C:\WINDOWS\kvnab.exe not found.
File/Folder C:\WINDOWS\liqad.exe not found.
File/Folder C:\WINDOWS\adbar.dll not found.
File/Folder C:\WINDOWS\liqad$.exe not found.
File/Folder C:\WINDOWS\7search.dll not found.
File/Folder C:\WINDOWS\pbsysie.dll not found.
File/Folder C:\WINDOWS\kvnab$.exe not found.
File/Folder C:\WINDOWS\dp0.dll not found.
File/Folder C:\WINDOWS\fhfmm-Uninstaller.exe not found.
File/Folder C:\WINDOWS\aconti.exe not found.
File/Folder C:\WINDOWS\flt.dll not found.
File/Folder C:\WINDOWS\wbeCheck.exe not found.
File/Folder C:\WINDOWS\wml.exe not found.
File/Folder C:\WINDOWS\xxxvideo.exe not found.
File/Folder C:\WINDOWS\jd2002.dll not found.
File/Folder C:\WINDOWS\kkcomp.dll not found.
File/Folder C:\WINDOWS\iexplorr23.dll not found.
File/Folder C:\WINDOWS\hotporn.exe not found.
File/Folder C:\WINDOWS\ngd.dll not found.
File/Folder C:\WINDOWS\wbeInst$.exe not found.
File/Folder C:\WINDOWS\ie_32.exe not found.
File/Folder C:\WINDOWS\xadbrk_.exe not found.
File/Folder C:\WINDOWS\kkcomp.exe not found.
File/Folder C:\WINDOWS\764.exe not found.
File/Folder C:\WINDOWS\fhfmm.exe not found.
File/Folder C:\WINDOWS\cbinst$.exe not found.
File/Folder C:\WINDOWS\xadbrk.exe not found.
File/Folder C:\WINDOWS\kvnab.dll not found.
File/Folder C:\WINDOWS\liqad.dll not found.
File/Folder C:\WINDOWS\xadbrk.dll not found.
File/Folder C:\WINDOWS\vxddsk.exe not found.
File/Folder C:\WINDOWS\settn.dll not found.
File/Folder C:\WINDOWS\hcwprn.exe not found.
File/Folder C:\WINDOWS\pbar.dll not found.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint\Viewpoint Experience Technology\Resources moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint\Viewpoint Experience Technology moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint moved successfully.

OTMoveIt2 v1.0.20 log created on 02152008_123307




Findawf LOG


Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: Fri 02/15/2008
The current time is: 12:49:08.01


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\COMMON~1\WFWM\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

05/11/2005 11:12 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\ACS\BAK

10/23/2006 04:50 AM 71,216 AOLDial.exe
1 File(s) 71,216 bytes

Directory of C:\PROGRA~1\HEWLET~1\DIGITA~1\UNLOAD\BAK

10/06/2002 11:23 PM 90,112 hpqcmon.exe
1 File(s) 90,112 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

49152 May 11 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 May 11 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
71216 Oct 23 2006 "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
71216 Oct 23 2006 "C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe"
90112 Oct 6 2002 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
90112 Oct 6 2002 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe"


end of report
  • 0

#12
kahdah
Posted 15 February 2008 - 06:45 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Once more with option 2.

  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


    "C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe"
    "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
    "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe"

  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • You will be presented with a Menu.

    1. Press 1 then Enter to scan for bak folders
    2. Press 2 then Enter to restore files from bak folders
    3. Press 3 then Enter to remove bak folders
    4. Press 4 then Enter to reset domain zones
    5. Press E then Enter to EXIT

  • Press 2, then press Enter.
  • Press any key to continue.
  • A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of files to be restored.
  • Right click below this line and select Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
  • The program will proceed to move the legit files and will perform another scan for .bak folder
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in notepad called AWF.txt.
  • Please copy and paste the contents of the AWF.txt file in your next reply.

  • 0

#13
Cave66man
Posted 16 February 2008 - 01:58 PM

Cave66man

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thank you again!


Here it is:


Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Sat 02/16/2008
The current time is: 11:50:49.25


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\COMMON~1\WFWM\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

05/11/2005 11:12 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\ACS\BAK

10/23/2006 04:50 AM 71,216 AOLDial.exe
1 File(s) 71,216 bytes

Directory of C:\PROGRA~1\HEWLET~1\DIGITA~1\UNLOAD\BAK

10/06/2002 11:23 PM 90,112 hpqcmon.exe
1 File(s) 90,112 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

49152 May 11 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 May 11 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
71216 Oct 23 2006 "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
71216 Oct 23 2006 "C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe"
90112 Oct 6 2002 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
90112 Oct 6 2002 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe"


end of report
  • 0

#14
kahdah
Posted 16 February 2008 - 02:11 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\PROGRA~1\MSNMES~1\BAK
C:\PROGRA~1\COMMON~1\WFWM\BAK
C:\PROGRA~1\HP\HPSOFT~1\BAK
C:\PROGRA~1\COMMON~1\AOL\ACS\BAK
C:\PROGRA~1\HEWLET~1\DIGITA~1\UNLOAD\BAK
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
==================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post along with the OTMoveit 2 log and a new Hijackthis log.

  • 0

#15
Cave66man
Posted 17 February 2008 - 02:18 PM

Cave66man

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks! I will post the first 2 logs here(OtMoveit2 and Hijackthis) and I will post the Kaspersky log on a different post since it's too long and it won;t allow me to put it here. Thanks again!

OTMoveit2 Log:

C:\PROGRA~1\MSNMES~1\BAK moved successfully.
C:\PROGRA~1\COMMON~1\WFWM\BAK moved successfully.
C:\PROGRA~1\HP\HPSOFT~1\BAK moved successfully.
C:\PROGRA~1\COMMON~1\AOL\ACS\BAK moved successfully.
C:\PROGRA~1\HEWLET~1\DIGITA~1\UNLOAD\BAK moved successfully.

OTMoveIt2 v1.0.20 log created on 02162008_133317


Hijackthis Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:35 PM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1168410013\ee\aolsoftware.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKCU\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\DOCUME~1\CARLNE~1.NET\LOCALS~1\TEMPOR~1\Content.IE5\4VRN66UC\OPEN_W~1.SH!
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Carl Neto.NETOSDESKTOP\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...227/mcfscan.cab
O23 - Service: McAfee Application Installer Cleanup (0079221203162406) (0079221203162406mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\007922~1.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: WUSB54Gv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 8699 bytes
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP