Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer slow, kernel errors, pop-ups galore [RESOLVED]


  • This topic is locked This topic is locked

#1
integral_apparel

integral_apparel

    Member

  • Member
  • PipPip
  • 14 posts
Hey everyone, I have always tried to fix things on my own by reading this forums, but now I need help for real. My computer seems to taken over! I can't even use IE now because of how many pop-ups come up, I mean over 20 in a couple seconds, so now I use Firefox and it seemed to help, but then all these kernel erros, and debugg errors have been coming up completely slowing down my computer.

Also my C: in my computer icon has changed to a red x.

And once in awhile while in firefox, some internet images will change to same random blinking graphic saying its scanning my computer and I need to click to stop shut down. I never click it, but I know something is totally wrong with my computer. Please help as much as you can, I am freelance graphic designer so access to my computer and programs without all these problems would help business and my hair I keep pulling out!

Thanks in advance for your replies. Here is my log file from HJT
=======================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:22:34 PM, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\JavaCore\JavaCore .exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
F3 - REG:win.ini: load=C:\WINDOWS\system32\mljgf.exe
O1 - Hosts: 127.0.0.2 http://www.minneapolis-nightlife.com
O1 - Hosts: 127.0.0.3 http://moneypalaceca...4026_1486_12667
O1 - Hosts: 127.0.0.4 http://www.ifare.com/
O1 - Hosts: 127.0.0.5 http://www.arizonagu....net/index.html
O1 - Hosts: 127.0.0.6 http://www.nightlifetelevision.com/
O1 - Hosts: 127.0.0.7 http://www.setthetrend.com # x client host
O1 - Hosts: 127.0.0.8 http://www.homestead.com/
O1 - Hosts: 127.0.0.9 http://blogworldsports.smacchat.com/
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected]
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [f0fe17ba] rundll32.exe "C:\WINDOWS\system32\kwagalvj.dll",b
O4 - HKLM\..\Run: [BMf3cd2426] Rundll32.exe "C:\WINDOWS\system32\fscajwfm.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [MapEDC] C:\Program Files\MapEDC\MapEDC.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{F0FE1715-0AE9-1033-1108-040416200001}] "C:\Program Files\Common Files\{F0FE1715-0AE9-1033-1108-040416200001}\Update.exe" mc-110-12-0000488 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{F0FE1715-0AE9-1033-1108-040416200001}] "C:\Program Files\Common Files\{F0FE1715-0AE9-1033-1108-040416200001}\Update.exe" mc-110-12-0000488 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1199043603484
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1199043459062
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\lemtmpkx.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Print Spooler Service (SpoolSvc207) - Unknown owner - C:\WINDOWS\TEMP\cjnr4r47205535.exe (file missing)
O23 - Service: Service Logon Protocol (SVSLOG) - Unknown owner - C:\WINDOWS\svslogon.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\progyb.html

--
End of file - 11937 bytes
  • 0

Advertisements


#2
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hello and Welcome to Geekstogo! :)

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
integral_apparel

integral_apparel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thank you for the quick response!
Here are the items you requested..
First the ComboFix.exe Log
--------------------------------------
ComboFix 08-03-01.3 - rc 2008-03-01 15:33:00.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.273 [GMT -6:00]
Running from: C:\Documents and Settings\rc\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\rc\My Documents\ASKS~1
C:\Documents and Settings\rc\My Documents\RACLE~1
C:\Documents and Settings\rc\My Documents\SCURIT~1
C:\Program Files\Common Files\{F0FE1~1
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\crosof~1
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\inetget2
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\MSN Gaming Zone\progyb.html
C:\Program Files\Temporary
C:\Program Files\Temporary\InsiDERInst.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\b128.exe
C:\WINDOWS\b149.exe
C:\WINDOWS\b153.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M2210NetInstaller.exe
C:\WINDOWS\racle~1
C:\WINDOWS\racle~1\?racle\
C:\WINDOWS\system32\aycdd.ini2
C:\WINDOWS\system32\bcbmlkym.ini
C:\WINDOWS\system32\cmtvnehf.ini
C:\WINDOWS\system32\drivers\core.cache(10).dsk
C:\WINDOWS\system32\drivers\core.cache(11).dsk
C:\WINDOWS\system32\drivers\core.cache(12).dsk
C:\WINDOWS\system32\drivers\core.cache(13).dsk
C:\WINDOWS\system32\drivers\core.cache(14).dsk
C:\WINDOWS\system32\drivers\core.cache(15).dsk
C:\WINDOWS\system32\drivers\core.cache(16).dsk
C:\WINDOWS\system32\drivers\core.cache(17).dsk
C:\WINDOWS\system32\drivers\core.cache(18).dsk
C:\WINDOWS\system32\drivers\core.cache(19).dsk
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(20).dsk
C:\WINDOWS\system32\drivers\core.cache(21).dsk
C:\WINDOWS\system32\drivers\core.cache(22).dsk
C:\WINDOWS\system32\drivers\core.cache(23).dsk
C:\WINDOWS\system32\drivers\core.cache(24).dsk
C:\WINDOWS\system32\drivers\core.cache(25).dsk
C:\WINDOWS\system32\drivers\core.cache(26).dsk
C:\WINDOWS\system32\drivers\core.cache(27).dsk
C:\WINDOWS\system32\drivers\core.cache(28).dsk
C:\WINDOWS\system32\drivers\core.cache(29).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache(30).dsk
C:\WINDOWS\system32\drivers\core.cache(31).dsk
C:\WINDOWS\system32\drivers\core.cache(32).dsk
C:\WINDOWS\system32\drivers\core.cache(33).dsk
C:\WINDOWS\system32\drivers\core.cache(34).dsk
C:\WINDOWS\system32\drivers\core.cache(35).dsk
C:\WINDOWS\system32\drivers\core.cache(4).dsk
C:\WINDOWS\system32\drivers\core.cache(5).dsk
C:\WINDOWS\system32\drivers\core.cache(6).dsk
C:\WINDOWS\system32\drivers\core.cache(7).dsk
C:\WINDOWS\system32\drivers\core.cache(8).dsk
C:\WINDOWS\system32\drivers\core.cache(9).dsk
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\system32\flkduxuc.ini
C:\WINDOWS\system32\jvlagawk.ini
C:\WINDOWS\system32\kwagalvj.dll
C:\WINDOWS\system32\lbbqvlou.ini
C:\WINDOWS\system32\lyflnxkn.dllbox
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mljgf.exe
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\sks~1
C:\WINDOWS\system32\tsks~1
C:\WINDOWS\system32\txerqrym.ini
C:\WINDOWS\system32\winticomsv32.exe
C:\WINDOWS\system32\wvuvwvs.dll
C:\WINDOWS\system32\xrdgxbgc.dll
C:\WINDOWS\system32\xrdgxbgc.dllbox
C:\WINDOWS\system32\z1
C:\WINDOWS\system32\z1\aroblcidr31z.exe
C:\WINDOWS\system32\zhjkuovf.dllbox

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\core
-------\DomainService


((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))
.

2008-03-01 15:19 . 2004-08-04 04:00 388,608 --a------ C:\CF6985.exe
2008-03-01 10:46 . 2008-03-01 13:26 <DIR> d-------- C:\Documents and Settings\rc\.housecall6.6
2008-02-25 22:48 . 2008-02-25 22:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-24 03:46 . 2008-02-29 00:23 <DIR> d-------- C:\Program Files\NoDNS
2008-02-24 03:00 . 2008-03-01 12:33 <DIR> d-------- C:\WINDOWS\system32\edcA01
2008-02-24 03:00 . 2008-03-01 15:39 <DIR> d-------- C:\Program Files\JavaCore
2008-02-24 03:00 . 2008-02-24 03:00 <DIR> d-------- C:\Program Files\eMule
2008-02-24 03:00 . 2008-02-24 03:00 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-02-24 00:38 . 2008-03-01 10:28 70,838 --a------ C:\WINDOWS\BMf3cd2426.xml
2008-02-24 00:38 . 2008-03-01 10:24 22 --a------ C:\WINDOWS\pskt.ini
2008-02-24 00:37 . 2008-02-25 21:52 <DIR> d-------- C:\Program Files\MapEDC
2008-02-24 00:26 . 2008-03-01 12:34 36,864 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2008-02-23 23:55 . 2008-02-24 00:35 1,481,234 ---hs---- C:\WINDOWS\system32\kwytvbac.ini
2008-02-23 01:08 . 2008-03-01 12:33 257,568 --a------ C:\Documents and Settings\rc\Application Data\setup_en[1].exe
2008-02-20 23:49 . 2008-02-23 23:51 1,376,393 ---hs---- C:\WINDOWS\system32\ixnnrted.ini
2008-02-19 00:50 . 2008-02-19 00:50 <DIR> d-------- C:\Documents and Settings\rc\Application Data\BitZipper
2008-02-19 00:49 . 2008-02-24 02:59 <DIR> d-------- C:\Program Files\BitZipper
2008-02-18 23:47 . 2008-02-20 23:47 1,375,673 ---hs---- C:\WINDOWS\system32\urryhgkp.ini
2008-02-18 23:19 . 2008-02-24 02:59 <DIR> d-------- C:\Documents and Settings\rc\Application Data\Azureus
2008-02-18 23:19 . 2008-02-18 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-02-18 23:18 . 2008-02-24 02:59 <DIR> d-------- C:\Program Files\Azureus
2008-02-03 02:39 . 2008-02-24 03:00 <DIR> d-------- C:\Program Files\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 18:34 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp
2008-03-01 18:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-02-29 22:43 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
2008-02-24 06:53 10 ----a-w C:\Program Files\.autoreg
2008-02-10 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-12 06:38 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-12 06:37 --------- d-----w C:\Documents and Settings\rc\Application Data\Yahoo!
2008-01-12 06:37 --------- d-----w C:\Documents and Settings\rc\Application Data\Grisoft(2)
2008-01-12 06:37 --------- d-----w C:\Documents and Settings\rc\Application Data\Grisoft
2008-01-12 06:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-12 06:36 --------- d-----w C:\Program Files\Mozilla Firefox(2)
2005-04-01 04:17 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
2006-05-15 05:15 56 -csh--r C:\WINDOWS\system32\D1437C7BBC.sys
2006-05-15 05:15 1,682 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
<pre>
----a-w			28,172 2007-12-30 04:44:10  C:\Program Files\Analog Devices\Core\smax4pnp .exe
----a-w			28,172 2007-12-30 04:44:22  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w			28,172 2007-12-30 04:44:19  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
----a-w			28,172 2007-12-30 04:45:01  C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ .exe
----a-w			28,172 2007-12-30 04:44:22  C:\Program Files\Dell\Media Experience\DMXLauncher .exe
----a-w			28,172 2007-12-30 04:46:25  C:\Program Files\DellSupport\DSAgnt .exe
----a-w			28,172 2007-12-30 04:46:05  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w		 6,731,312 2008-03-01 21:26:00  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas		   .exe
----a-w		 6,731,312 2008-03-01 18:33:41  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas		 .exe
----a-w		 6,731,312 2008-03-01 18:33:46  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	   .exe
----a-w		 6,731,312 2008-03-01 18:33:52  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	  .exe
----a-w		 6,731,312 2008-03-01 18:33:56  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	 .exe
----a-w		 6,731,312 2008-03-01 18:33:57  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	.exe
----a-w		 6,731,312 2008-03-01 18:33:58  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas   .exe
----a-w		 6,731,312 2008-03-01 18:34:00  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas  .exe
----a-w		   267,064 2007-12-30 04:45:12  C:\Program Files\iTunes\iTunesHelper .exe
----a-w			28,172 2007-12-30 04:44:12  C:\Program Files\Java\jre1.5.0_03\bin\jusched .exe
----a-w		   144,896 2008-03-01 21:26:00  C:\Program Files\JavaCore\JavaCore .exe
----a-w			28,172 2007-12-30 04:44:34  C:\Program Files\Lexmark 5200 Series\lxbtbmgr .exe
----a-w			57,344 2008-02-26 03:53:36  C:\Program Files\MapEDC\MapEDC .exe
----a-w			28,172 2007-12-30 04:44:53  C:\Program Files\McAfee\SpamKiller\MSKAgent .exe
----a-w			28,172 2007-12-30 04:44:56  C:\Program Files\McAfee\SpamKiller\MSKDetct .exe
----a-w			28,172 2007-12-30 04:44:27  C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w			28,172 2007-12-30 04:44:29  C:\Program Files\McAfee.com\Agent\mcupdate .exe
----a-w			28,172 2007-12-30 04:44:39  C:\Program Files\McAfee.com\Personal Firewall\MpfTray .exe
----a-w			28,172 2007-12-30 04:44:25  C:\Program Files\McAfee.com\VSO\mcmnhdlr .exe
----a-w			28,172 2007-12-30 06:00:43  C:\Program Files\McAfee.com\VSO\mcvsshld .exe
----a-w			28,172 2007-12-30 04:44:37  C:\Program Files\McAfee.com\VSO\oasclnt .exe
----a-w		 1,694,208 2007-12-30 04:45:54  C:\Program Files\Messenger\msmsgs .exe
----a-w			28,172 2007-12-30 04:45:44  C:\Program Files\MySpace\IM\MySpaceIM .exe
----a-w		   102,400 2008-02-29 06:24:40  C:\Program Files\NoDNS\NoDNS .exe
----a-w			28,172 2007-12-30 04:44:16  C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w		   224,248 2007-12-30 03:22:30  C:\Program Files\Yahoo!\Search Protection\SearchProtection .exe
----a-w		   158,208 2008-02-29 22:43:19  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w			28,172 2007-12-30 04:44:49  C:\WINDOWS\system32\igfxpers .exe
----a-w			28,172 2007-12-30 04:44:46  C:\WINDOWS\system32\igfxtray .exe
----a-w			28,172 2007-12-30 04:44:43  C:\WINDOWS\system32\NeroCheck .exe
----a-w			28,172 2007-12-30 04:44:59  C:\WINDOWS\system32\dla\tfswctrl .exe
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 1,404,928 2004-10-15 00:42:54 C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe

----a-w 81,920 2004-07-27 21:50:18 C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe

----a-w 221,184 2004-07-27 21:50:42 C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe

----a-w 32,768 2003-12-08 23:35:14 C:\Program Files\CyberLink DVD Solution\PowerDVD\bak\PDVDServ.exe

----a-w 86,016 2005-01-27 06:02:00 C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe

----a-w 460,784 2007-03-15 17:09:36 C:\Program Files\DellSupport\bak\DSAgnt.exe

----a-w 68,856 2007-05-29 07:13:21 C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe

----a-w 257,088 2007-03-15 01:05:48 C:\Program Files\iTunes\bak\iTunesHelper.exe

----a-w 36,975 2005-04-13 09:48:52 C:\Program Files\Java\jre1.5.0_03\bin\bak\jusched.exe

----a-w 57,344 2004-03-25 13:30:30 C:\Program Files\Lexmark 5200 Series\bak\lxbtbmgr.exe

----a-w 98,304 2004-06-17 04:33:02 C:\Program Files\McAfee\SpamKiller\bak\MSKAgent.exe

----a-w 1,111,552 2004-10-25 17:18:04 C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe

----a-w 303,104 2005-09-23 00:29:08 C:\Program Files\McAfee.com\Agent\bak\mcagent.exe

----a-w 212,992 2006-01-11 18:05:42 C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe

----a-w 1,005,096 2005-11-11 23:00:56 C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe

----a-w 151,552 2005-07-08 23:18:22 C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe

----a-w 163,840 2005-08-10 17:49:20 C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe

----a-w 53,248 2005-08-12 03:02:44 C:\Program Files\McAfee.com\VSO\bak\oasclnt.exe

----a-w 1,327,104 2006-11-16 21:42:52 C:\Program Files\MySpace\IM\bak\MySpaceIM.exe

----a-w 282,624 2007-02-16 16:54:04 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 1,261 2007-12-08 16:18:03 C:\Program Files\Real\RealPlayer\bak\channels.xml
----a-w 1,261 2007-10-11 02:34:22 C:\Program Files\Real\RealPlayer\channels.xml

----a-w 26,112 2005-10-13 20:14:15 C:\Program Files\Real\RealPlayer\bak\RealPlay.exe

----a-w 4,662,776 2006-12-01 03:49:04 C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe
----a-w 4,670,704 2007-08-30 23:43:18 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

----a-w 24,104 2007-03-14 23:03:04 C:\Program Files\Zune\bak\ZuneLauncher.exe

----a-w 114,688 2005-09-20 15:36:20 C:\WINDOWS\system32\bak\igfxpers.exe

----a-w 94,208 2005-09-20 15:35:40 C:\WINDOWS\system32\bak\igfxtray.exe

----a-w 155,648 2001-07-09 17:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

----a-w 122,941 2005-05-31 11:33:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4310C794-0674-5AAD-571A-2F00CBCCDCEC}]
C:\WINDOWS\system32\rtzu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45BA66A2-CF1E-4A7D-B4DC-6EAA1A5ACD9B}]
C:\Program Files\Windows Media Player\holesuvug4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54FE3E15-11F5-4E97-AFAB-F3A2E91ACA13}]
C:\Program Files\Windows Media Player\holesuvug83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3819903-FE2E-4AA3-BAE5-D6F79989F31C}]
C:\Program Files\Windows Media Player\holesuvug455101.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6CE27E8-6DAF-448B-92BE-2C008EF1F20D}]
C:\Program Files\MSN Gaming Zone\lawum576.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c31cedcf-f295-4f97-85b8-4604a0915853}]
C:\WINDOWS\system32\oixgqblp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [ ]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
"MapEDC"="C:\Program Files\MapEDC\MapEDC.exe" [ ]
"JavaCore"="C:\Program Files\JavaCore\JavaCore.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [ ]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [ ]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [ ]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [ ]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [ ]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [ ]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 10:30 65536]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [ ]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [ ]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [ ]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [ ]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [ ]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [ ]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 04:00 158208]
"BMf3cd2426"="C:\WINDOWS\system32\fscajwfm.dll" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-21 17:53:42 110592]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-21 17:53:42 110592]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-10-13 14:09:39 24576]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-09-03 07:45:28 176128]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-03-19 12:12:21 114688]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
"{F0FE1715-0AE9-1033-1108-040416200001}"= "C:\Program Files\Common Files\{F0FE1715-0AE9-1033-1108-040416200001}\Update.exe" mc-110-12-0000488

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGES_0001_N122M0502]
C:\Documents and Settings\rc\Desktop\setup_en(2) .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoDNS]
--a------ 2008-03-01 12:34 102400 C:\Program Files\\NoDNS\\NoDNS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 04:47]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 03:40]
S2 SpoolSvc207;Print Spooler Service;C:\WINDOWS\TEMP\cjnr4r47205535.exe []
S2 SVSLOG;Service Logon Protocol;"C:\WINDOWS\svslogon.exe" []

.
Contents of the 'Scheduled Tasks' folder
"2008-02-21 19:39:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-01 00:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (RASHAUN-rc).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 15:47:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\Tablet.exe
.
**************************************************************************
.
Completion time: 2008-03-01 15:50:47 - machine was rebooted [rc]
ComboFix-quarantined-files.txt 2008-03-01 21:50:43
---------------------------------------------------------------------------

Now the Hijack this Log[size="3"]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:35 PM, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4310C794-0674-5AAD-571A-2F00CBCCDCEC} - C:\WINDOWS\system32\rtzu.dll (file missing)
O2 - BHO: (no name) - {45BA66A2-CF1E-4A7D-B4DC-6EAA1A5ACD9B} - C:\Program Files\Windows Media Player\holesuvug4444.dll (file missing)
O2 - BHO: (no name) - {54FE3E15-11F5-4E97-AFAB-F3A2E91ACA13} - C:\Program Files\Windows Media Player\holesuvug83122.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {B3819903-FE2E-4AA3-BAE5-D6F79989F31C} - C:\Program Files\Windows Media Player\holesuvug455101.dll (file missing)
O2 - BHO: 0 - {B6CE27E8-6DAF-448B-92BE-2C008EF1F20D} - C:\Program Files\MSN Gaming Zone\lawum576.dll (file missing)
O2 - BHO: {3585190a-4064-8b58-79f4-592ffcdec13c} - {c31cedcf-f295-4f97-85b8-4604a0915853} - C:\WINDOWS\system32\oixgqblp.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected]
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BMf3cd2426] Rundll32.exe "C:\WINDOWS\system32\fscajwfm.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [MapEDC] C:\Program Files\MapEDC\MapEDC.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{F0FE1715-0AE9-1033-1108-040416200001}] "C:\Program Files\Common Files\{F0FE1715-0AE9-1033-1108-040416200001}\Update.exe" mc-110-12-0000488 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{F0FE1715-0AE9-1033-1108-040416200001}] "C:\Program Files\Common Files\{F0FE1715-0AE9-1033-1108-040416200001}\Update.exe" mc-110-12-0000488 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1199043603484
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1199043459062
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Print Spooler Service (SpoolSvc207) - Unknown owner - C:\WINDOWS\TEMP\cjnr4r47205535.exe (file missing)
O23 - Service: Service Logon Protocol (SVSLOG) - Unknown owner - C:\WINDOWS\svslogon.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 11459 bytes



Thank you for the help once again!

Edited by integral_apparel, 01 March 2008 - 04:13 PM.

  • 0

#4
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\CF6985.exe
C:\WINDOWS\BMf3cd2426.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\system32\kwytvbac.ini
C:\Documents and Settings\rc\Application Data\setup_en[1].exe
C:\WINDOWS\system32\ixnnrted.ini
C:\WINDOWS\system32\urryhgkp.ini
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp
C:\WINDOWS\system32\D1437C7BBC.sys
C:\WINDOWS\system32\rtzu.dll
C:\Program Files\Windows Media Player\holesuvug4444.dll
C:\Program Files\Windows Media Player\holesuvug83122.dll
C:\Program Files\Windows Media Player\holesuvug455101.dll
C:\Program Files\MSN Gaming Zone\lawum576.dll
C:\WINDOWS\system32\oixgqblp.dll
C:\WINDOWS\system32\fscajwfm.dll
C:\Documents and Settings\rc\Desktop\setup_en(2) .exe
C:\WINDOWS\TEMP\cjnr4r47205535.exe
C:\WINDOWS\svslogon.exe

Folder::
C:\Program Files\NoDNS
C:\WINDOWS\system32\edcA01
C:\Program Files\JavaCore
C:\Program Files\MapEDC
C:\Documents and Settings\All Users\Application Data\SecTaskMan
C:\Program Files\Common Files\{F0FE1715-0AE9-1033-1108-040416200001}

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4310C794-0674-5AAD-571A-2F00CBCCDCEC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45BA66A2-CF1E-4A7D-B4DC-6EAA1A5ACD9B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54FE3E15-11F5-4E97-AFAB-F3A2E91ACA13}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3819903-FE2E-4AA3-BAE5-D6F79989F31C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6CE27E8-6DAF-448B-92BE-2C008EF1F20D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c31cedcf-f295-4f97-85b8-4604a0915853}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JavaCore"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMf3cd2426"=-

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
"{F0FE1715-0AE9-1033-1108-040416200001}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoDNS]

RenV::
----a-w			28,172 2007-12-30 04:44:10  C:\Program Files\Analog Devices\Core\smax4pnp .exe
----a-w			28,172 2007-12-30 04:44:22  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w			28,172 2007-12-30 04:44:19  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
----a-w			28,172 2007-12-30 04:45:01  C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ .exe
----a-w			28,172 2007-12-30 04:44:22  C:\Program Files\Dell\Media Experience\DMXLauncher .exe
----a-w			28,172 2007-12-30 04:46:25  C:\Program Files\DellSupport\DSAgnt .exe
----a-w			28,172 2007-12-30 04:46:05  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w		 6,731,312 2008-03-01 21:26:00  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas		   .exe
----a-w		 6,731,312 2008-03-01 18:33:41  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas		 .exe
----a-w		 6,731,312 2008-03-01 18:33:46  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	   .exe
----a-w		 6,731,312 2008-03-01 18:33:52  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	  .exe
----a-w		 6,731,312 2008-03-01 18:33:56  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	 .exe
----a-w		 6,731,312 2008-03-01 18:33:57  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	.exe
----a-w		 6,731,312 2008-03-01 18:33:58  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas   .exe
----a-w		 6,731,312 2008-03-01 18:34:00  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas  .exe
----a-w		   267,064 2007-12-30 04:45:12  C:\Program Files\iTunes\iTunesHelper .exe
----a-w			28,172 2007-12-30 04:44:12  C:\Program Files\Java\jre1.5.0_03\bin\jusched .exe
----a-w		   144,896 2008-03-01 21:26:00  C:\Program Files\JavaCore\JavaCore .exe
----a-w			28,172 2007-12-30 04:44:34  C:\Program Files\Lexmark 5200 Series\lxbtbmgr .exe
----a-w			57,344 2008-02-26 03:53:36  C:\Program Files\MapEDC\MapEDC .exe
----a-w			28,172 2007-12-30 04:44:53  C:\Program Files\McAfee\SpamKiller\MSKAgent .exe
----a-w			28,172 2007-12-30 04:44:56  C:\Program Files\McAfee\SpamKiller\MSKDetct .exe
----a-w			28,172 2007-12-30 04:44:27  C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w			28,172 2007-12-30 04:44:29  C:\Program Files\McAfee.com\Agent\mcupdate .exe
----a-w			28,172 2007-12-30 04:44:39  C:\Program Files\McAfee.com\Personal Firewall\MpfTray .exe
----a-w			28,172 2007-12-30 04:44:25  C:\Program Files\McAfee.com\VSO\mcmnhdlr .exe
----a-w			28,172 2007-12-30 06:00:43  C:\Program Files\McAfee.com\VSO\mcvsshld .exe
----a-w			28,172 2007-12-30 04:44:37  C:\Program Files\McAfee.com\VSO\oasclnt .exe
----a-w		 1,694,208 2007-12-30 04:45:54  C:\Program Files\Messenger\msmsgs .exe
----a-w			28,172 2007-12-30 04:45:44  C:\Program Files\MySpace\IM\MySpaceIM .exe
----a-w		   102,400 2008-02-29 06:24:40  C:\Program Files\NoDNS\NoDNS .exe
----a-w			28,172 2007-12-30 04:44:16  C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w		   224,248 2007-12-30 03:22:30  C:\Program Files\Yahoo!\Search Protection\SearchProtection .exe
----a-w		   158,208 2008-02-29 22:43:19  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w			28,172 2007-12-30 04:44:49  C:\WINDOWS\system32\igfxpers .exe
----a-w			28,172 2007-12-30 04:44:46  C:\WINDOWS\system32\igfxtray .exe
----a-w			28,172 2007-12-30 04:44:43  C:\WINDOWS\system32\NeroCheck .exe
----a-w			28,172 2007-12-30 04:44:59  C:\WINDOWS\system32\dla\tfswctrl .exe


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Edited by Tigger93, 01 March 2008 - 06:14 PM.

  • 0

#5
integral_apparel

integral_apparel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here we go, I noticed all those .pos files left from my documents and my active desktop came back as well. It also has been moving a lot smoother so far..Appreciate all the help again Tigger.

Combofix Log
ComboFix 08-03-01.3 - RC 2008-03-01 21:52:15.2 - NTFSx86
Running from: C:\Documents and Settings\RC\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\RC\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\CF6985.exe
C:\Documents and Settings\rc\Application Data\setup_en[1].exe
C:\Documents and Settings\rc\Desktop\setup_en(2) .exe
C:\Program Files\MSN Gaming Zone\lawum576.dll
C:\Program Files\Windows Media Player\holesuvug4444.dll
C:\Program Files\Windows Media Player\holesuvug455101.dll
C:\Program Files\Windows Media Player\holesuvug83122.dll
C:\WINDOWS\BMf3cd2426.xml
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp
C:\WINDOWS\pskt.ini
C:\WINDOWS\svslogon.exe
C:\WINDOWS\system32\D1437C7BBC.sys
C:\WINDOWS\system32\fscajwfm.dll
C:\WINDOWS\system32\ixnnrted.ini
C:\WINDOWS\system32\kwytvbac.ini
C:\WINDOWS\system32\oixgqblp.dll
C:\WINDOWS\system32\rtzu.dll
C:\WINDOWS\system32\urryhgkp.ini
C:\WINDOWS\TEMP\cjnr4r47205535.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\CF6985.exe
C:\Documents and Settings\All Users\Application Data\SecTaskMan
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_10
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_4D4F4D5252585D690
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_4D4F4D5252585D69D801
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_Adobe Gamma Loader4148B001
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_cjnr4r47205535DF50
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_cjnr4r47205535DF55601
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_CmdLineExt15908001
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_ctfmon11977C05
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_ddcyaDB82C05
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_ddcyaE583A05
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_deSrcAs22035001
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_detrnnxi14DC6441
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_DMXLauncher2F865001
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_entreelist.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_enviewlist.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_gklhksyb13853041
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_hfmmeeax11996C41
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_hkcmdE710
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_hkcmdE713001
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_holesuvug4444333C0
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_holesuvug4444333C5004
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_holesuvug8312233550
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_holesuvug8312233555004
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_igfxpers152FC001
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_jusched1CCA906F
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_kwagalvj12AB4C41
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_lawum200D1201
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_lemtmpkx16252241
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_lsass114E3400
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_LSSrvc32A4D000
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_lxbtbmon29057001
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_lyflnxkn159B8042
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_mcdetect1E47F001
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_McShield1E346003
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_McTskshd21A9DE01
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_McVSEscn21DA6007
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_mDNSResponder23E90
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_mDNSResponder23E95003
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_mljgfE930
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_mljgfE934205
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_mljgfF335005
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_MpfService3E216008
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_mrofinu572 B180
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_mrofinu572AF99C00
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_MSKAgent252B8001
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_msmsgs1B41DA19
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_MyToolBar1CBE0
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_MyToolBar1CBEC001
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_nlkfev7joekq18690
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_nlkfev7joekq18694A01
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_nlkfev7mrhot1A4A4A01
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_ntdev866DC00
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_oasclnt1FE4D000
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_ofthoacd10ED2841
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_rtzu11D6EE00
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_sadnnmmf1258EE00
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_sklrr7y935913311080
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_sklrr7y935913311083202
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_sklrr7youzpvbhov26F20
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_sklrr7youzpvbhov26F24A01
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_smax4pnp 29756E0C
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_smax4pnp29567015
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_svchost14F83800
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_svslogonC3DFE00
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_swg383CF5BC
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_System 1210
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_Tablet1088800B
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_TabUserW20CDC001
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_tfswshx18E0D03B
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_tfswshx18E0D03D
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_uolvqbbl13DA6041
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_wqoiuuvw18DF2C41
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_wvuvwvs18899600
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_xrdgxbgc12758042
C:\Documents and Settings\All Users\Application Data\SecTaskMan\4D4F4D5252585.exe.q_804D801_q.ini
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_01E4D47B330100000000000000000010
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_01E4D47B330100000000000000000010.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0273C234FB737DB4E8943FE89020640D
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0273C234FB737DB4E8943FE89020640D.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0296961D4979CBB4A803A78867D35E2A
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0296961D4979CBB4A803A78867D35E2A.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_09EEF8D977309A94EABF25B5ED45B94A
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_09EEF8D977309A94EABF25B5ED45B94A.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0A2C799B3834FB147BE6B9B8E7FC2B76
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0A2C799B3834FB147BE6B9B8E7FC2B76.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0B5EE0CABF8AA0D4FA30E2CD15F848B1
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0B5EE0CABF8AA0D4FA30E2CD15F848B1.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0C2A386AC128F68458C8AF36D45B8E46
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0C2A386AC128F68458C8AF36D45B8E46.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0C8054515C7095647A0A4E998657D012
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0C8054515C7095647A0A4E998657D012.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0EA0DB261BE4BBB4F8346B04C0F8BEC2
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0EA0DB261BE4BBB4F8346B04C0F8BEC2.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_12340
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_12345
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_136715193F9AC7B44B28340E60F85DA5
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_136715193F9AC7B44B28340E60F85DA5.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_14A348788087E2F41BF3521C6EC72FDF
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_14A348788087E2F41BF3521C6EC72FDF.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_18EAE346C0291394F9B0B443B322C56A
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_18EAE346C0291394F9B0B443B322C56A.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_192F91FAF22F89746926253550EAE984
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_192F91FAF22F89746926253550EAE984.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_1A8728277BB04E54CAE5197D0CDFE1ED
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_1A8728277BB04E54CAE5197D0CDFE1ED.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_1FFEDB53016A65940AD05154C3113659
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_1FFEDB53016A65940AD05154C3113659.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_24ACF5D6684123E4FA8EB1E7A25AD933
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_24ACF5D6684123E4FA8EB1E7A25AD933.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_2894BB3325CD68840AB34F5C8CB0EE98
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_2894BB3325CD68840AB34F5C8CB0EE98.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_6514DF9E4F06DB748B64B7C6011CD4B1
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_6514DF9E4F06DB748B64B7C6011CD4B1.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_D47ABDE8686099C4FBDD8F4976E81510
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_D47ABDE8686099C4FBDD8F4976E81510.dll
C:\Documents and Settings\rc\Application Data\setup_en[1].exe
C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore .exe
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\MapEDC
C:\Program Files\MapEDC\IDE.stt
C:\Program Files\MapEDC\MapEDC .exe
C:\Program Files\NoDNS
C:\Program Files\NoDNS\NoDNS .exe
C:\Program Files\NoDNS\NoDNS.exe
C:\Program Files\NoDNS\UnInstall.exe
C:\WINDOWS\BMf3cd2426.xml
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\D1437C7BBC.sys
C:\WINDOWS\system32\edcA01
C:\WINDOWS\system32\ixnnrted.ini
C:\WINDOWS\system32\kwytvbac.ini
C:\WINDOWS\system32\urryhgkp.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-02 to 2008-03-02 )))))))))))))))))))))))))))))))
.

2008-03-01 10:46 . 2008-03-01 13:26 <DIR> d-------- C:\Documents and Settings\rc\.housecall6.6
2008-02-25 22:48 . 2008-02-25 22:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-24 03:00 . 2008-02-24 03:00 <DIR> d-------- C:\Program Files\eMule
2008-02-24 03:00 . 2008-02-24 03:00 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-02-19 00:50 . 2008-02-19 00:50 <DIR> d-------- C:\Documents and Settings\rc\Application Data\BitZipper
2008-02-19 00:49 . 2008-02-24 02:59 <DIR> d-------- C:\Program Files\BitZipper
2008-02-18 23:19 . 2008-02-24 02:59 <DIR> d-------- C:\Documents and Settings\rc\Application Data\Azureus
2008-02-18 23:19 . 2008-02-18 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-02-18 23:18 . 2008-02-24 02:59 <DIR> d-------- C:\Program Files\Azureus
2008-02-03 02:39 . 2008-02-24 03:00 <DIR> d-------- C:\Program Files\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 22:43 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
2008-02-24 06:53 10 ----a-w C:\Program Files\.autoreg
2008-02-10 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-12 06:38 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-12 06:37 --------- d-----w C:\Documents and Settings\rc\Application Data\Yahoo!
2008-01-12 06:37 --------- d-----w C:\Documents and Settings\rc\Application Data\Grisoft(2)
2008-01-12 06:37 --------- d-----w C:\Documents and Settings\rc\Application Data\Grisoft
2008-01-12 06:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-12 06:36 --------- d-----w C:\Program Files\Mozilla Firefox(2)
2007-12-30 04:44 28,172 ----a-w C:\WINDOWS\system32\NeroCheck .exe
2007-12-30 04:44 28,172 ----a-w C:\WINDOWS\system32\igfxtray .exe
2007-12-30 04:44 28,172 ----a-w C:\WINDOWS\system32\igfxpers .exe
2005-04-01 04:17 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
2006-05-15 05:15 1,682 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
<pre>
----a-w			28,172 2007-12-30 04:44:10  C:\Program Files\Analog Devices\Core\smax4pnp .exe
----a-w			28,172 2007-12-30 04:44:22  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w			28,172 2007-12-30 04:44:19  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
----a-w			28,172 2007-12-30 04:45:01  C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ .exe
----a-w			28,172 2007-12-30 04:44:22  C:\Program Files\Dell\Media Experience\DMXLauncher .exe
----a-w			28,172 2007-12-30 04:46:25  C:\Program Files\DellSupport\DSAgnt .exe
----a-w			28,172 2007-12-30 04:46:05  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w		 6,731,312 2008-03-01 21:26:00  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas		   .exe
----a-w		 6,731,312 2008-03-01 18:33:41  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas		 .exe
----a-w		 6,731,312 2008-03-01 18:33:46  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	   .exe
----a-w		 6,731,312 2008-03-01 18:33:52  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	  .exe
----a-w		 6,731,312 2008-03-01 18:33:56  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	 .exe
----a-w		 6,731,312 2008-03-01 18:33:57  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	.exe
----a-w		 6,731,312 2008-03-01 18:33:58  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas   .exe
----a-w		 6,731,312 2008-03-01 18:34:00  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas  .exe
----a-w		   267,064 2007-12-30 04:45:12  C:\Program Files\iTunes\iTunesHelper .exe
----a-w			28,172 2007-12-30 04:44:12  C:\Program Files\Java\jre1.5.0_03\bin\jusched .exe
----a-w			28,172 2007-12-30 04:44:34  C:\Program Files\Lexmark 5200 Series\lxbtbmgr .exe
----a-w			28,172 2007-12-30 04:44:53  C:\Program Files\McAfee\SpamKiller\MSKAgent .exe
----a-w			28,172 2007-12-30 04:44:56  C:\Program Files\McAfee\SpamKiller\MSKDetct .exe
----a-w			28,172 2007-12-30 04:44:27  C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w			28,172 2007-12-30 04:44:29  C:\Program Files\McAfee.com\Agent\mcupdate .exe
----a-w			28,172 2007-12-30 04:44:39  C:\Program Files\McAfee.com\Personal Firewall\MpfTray .exe
----a-w			28,172 2007-12-30 04:44:25  C:\Program Files\McAfee.com\VSO\mcmnhdlr .exe
----a-w			28,172 2007-12-30 06:00:43  C:\Program Files\McAfee.com\VSO\mcvsshld .exe
----a-w			28,172 2007-12-30 04:44:37  C:\Program Files\McAfee.com\VSO\oasclnt .exe
----a-w		 1,694,208 2007-12-30 04:45:54  C:\Program Files\Messenger\msmsgs .exe
----a-w			28,172 2007-12-30 04:45:44  C:\Program Files\MySpace\IM\MySpaceIM .exe
----a-w			28,172 2007-12-30 04:44:16  C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w		   224,248 2007-12-30 03:22:30  C:\Program Files\Yahoo!\Search Protection\SearchProtection .exe
----a-w		   158,208 2008-02-29 22:43:19  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w			28,172 2007-12-30 04:44:49  C:\WINDOWS\system32\igfxpers .exe
----a-w			28,172 2007-12-30 04:44:46  C:\WINDOWS\system32\igfxtray .exe
----a-w			28,172 2007-12-30 04:44:43  C:\WINDOWS\system32\NeroCheck .exe
----a-w			28,172 2007-12-30 04:44:59  C:\WINDOWS\system32\dla\tfswctrl .exe
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [ ]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
"MapEDC"="C:\Program Files\MapEDC\MapEDC.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [ ]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [ ]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [ ]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [ ]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [ ]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [ ]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 10:30 65536]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [ ]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [ ]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [ ]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [ ]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [ ]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [ ]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 04:00 158208]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-21 17:53:42 110592]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-21 17:53:42 110592]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-10-13 14:09:39 24576]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-09-03 07:45:28 176128]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-03-19 12:12:21 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGES_0001_N122M0502]
C:\Documents and Settings\rc\Desktop\setup_en(2) .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 04:47]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 03:40]
S2 SpoolSvc207;Print Spooler Service;C:\WINDOWS\TEMP\cjnr4r47205535.exe []
S2 SVSLOG;Service Logon Protocol;"C:\WINDOWS\svslogon.exe" []

.
Contents of the 'Scheduled Tasks' folder
"2008-02-21 19:39:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-01 00:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (RASHAUN-Rashaun Collins).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 21:55:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-01 21:56:42
ComboFix-quarantined-files.txt 2008-03-02 03:56:34
ComboFix2.txt 2008-03-01 21:50:47
----------------------------------------------------------------------------------------------------------------

Hijack this Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:37 PM, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected]
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [MapEDC] C:\Program Files\MapEDC\MapEDC.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1199043603484
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1199043459062
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Print Spooler Service (SpoolSvc207) - Unknown owner - C:\WINDOWS\TEMP\cjnr4r47205535.exe (file missing)
O23 - Service: Service Logon Protocol (SVSLOG) - Unknown owner - C:\WINDOWS\svslogon.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 10202 bytes
  • 0

#6
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

RenV::
C:\Program Files\Analog Devices\Core\smax4pnp .exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ .exe
C:\Program Files\Dell\Media Experience\DMXLauncher .exe
C:\Program Files\DellSupport\DSAgnt .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas		   .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas		 .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	   .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	  .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	 .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas   .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas  .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched .exe
C:\Program Files\Lexmark 5200 Series\lxbtbmgr .exe
C:\Program Files\McAfee\SpamKiller\MSKAgent .exe
C:\Program Files\McAfee\SpamKiller\MSKDetct .exe
C:\Program Files\McAfee.com\Agent\mcagent .exe
C:\Program Files\McAfee.com\Agent\mcupdate .exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray .exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr .exe
C:\Program Files\McAfee.com\VSO\mcvsshld .exe
C:\Program Files\McAfee.com\VSO\oasclnt .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\MySpace\IM\MySpaceIM .exe
C:\Program Files\Real\RealPlayer\RealPlay .exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection .exe
C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
C:\WINDOWS\system32\igfxpers .exe
C:\WINDOWS\system32\igfxtray .exe
C:\WINDOWS\system32\NeroCheck .exe
C:\WINDOWS\system32\dla\tfswctrl .exe


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Edited by Tigger93, 02 March 2008 - 01:43 PM.

  • 0

#7
integral_apparel

integral_apparel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Combo Fix log
-----------------------------------------------------
ComboFix 08-03-01.3 - R C 2008-03-02 13:52:24.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.161 [GMT -6:00]
Running from: C:\Documents and Settings\R C\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\R C\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-02 to 2008-03-02 )))))))))))))))))))))))))))))))
.

2008-03-02 00:53 . 2008-03-02 00:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-02 00:53 . 2008-03-02 00:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-01 23:56 . 2008-03-01 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-03-01 10:46 . 2008-03-01 13:26 <DIR> d-------- C:\Documents and Settings\rc\.housecall6.6
2008-02-25 22:48 . 2008-02-25 22:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-24 03:00 . 2008-02-24 03:00 <DIR> d-------- C:\Program Files\eMule
2008-02-24 03:00 . 2008-02-24 03:00 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-02-19 00:50 . 2008-02-19 00:50 <DIR> d-------- C:\Documents and Settings\rc\Application Data\BitZipper
2008-02-19 00:49 . 2008-02-24 02:59 <DIR> d-------- C:\Program Files\BitZipper
2008-02-18 23:19 . 2008-03-02 00:54 <DIR> d-------- C:\Documents and Settings\rc\Application Data\Azureus
2008-02-18 23:19 . 2008-02-18 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-02-18 23:18 . 2008-02-24 02:59 <DIR> d-------- C:\Program Files\Azureus
2008-02-03 02:39 . 2008-02-24 03:00 <DIR> d-------- C:\Program Files\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 22:43 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
2008-02-24 06:53 10 ----a-w C:\Program Files\.autoreg
2008-02-10 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-12 06:38 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-12 06:37 --------- d-----w C:\Documents and Settings\rc\Application Data\Yahoo!
2008-01-12 06:37 --------- d-----w C:\Documents and Settings\rc\Application Data\Grisoft(2)
2008-01-12 06:37 --------- d-----w C:\Documents and Settings\rc\Application Data\Grisoft
2008-01-12 06:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-12 06:36 --------- d-----w C:\Program Files\Mozilla Firefox(2)
2007-12-30 04:44 28,172 ----a-w C:\WINDOWS\system32\NeroCheck .exe
2007-12-30 04:44 28,172 ----a-w C:\WINDOWS\system32\igfxtray .exe
2007-12-30 04:44 28,172 ----a-w C:\WINDOWS\system32\igfxpers .exe
2005-04-01 04:17 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
2006-05-15 05:15 1,682 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
<pre>
----a-w			28,172 2007-12-30 04:44:10  C:\Program Files\Analog Devices\Core\smax4pnp .exe
----a-w			28,172 2007-12-30 04:44:22  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w			28,172 2007-12-30 04:44:19  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
----a-w			28,172 2007-12-30 04:45:01  C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ .exe
----a-w			28,172 2007-12-30 04:44:22  C:\Program Files\Dell\Media Experience\DMXLauncher .exe
----a-w			28,172 2007-12-30 04:46:25  C:\Program Files\DellSupport\DSAgnt .exe
----a-w			28,172 2007-12-30 04:46:05  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w		 6,731,312 2008-03-01 21:26:00  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas		   .exe
----a-w		 6,731,312 2008-03-01 18:33:41  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas		 .exe
----a-w		 6,731,312 2008-03-01 18:33:46  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	   .exe
----a-w		 6,731,312 2008-03-01 18:33:52  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	  .exe
----a-w		 6,731,312 2008-03-01 18:33:56  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	 .exe
----a-w		 6,731,312 2008-03-01 18:33:57  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	.exe
----a-w		 6,731,312 2008-03-01 18:33:58  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas   .exe
----a-w		 6,731,312 2008-03-01 18:34:00  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas  .exe
----a-w		   267,064 2007-12-30 04:45:12  C:\Program Files\iTunes\iTunesHelper .exe
----a-w			28,172 2007-12-30 04:44:12  C:\Program Files\Java\jre1.5.0_03\bin\jusched .exe
----a-w			28,172 2007-12-30 04:44:34  C:\Program Files\Lexmark 5200 Series\lxbtbmgr .exe
----a-w			28,172 2007-12-30 04:44:53  C:\Program Files\McAfee\SpamKiller\MSKAgent .exe
----a-w			28,172 2007-12-30 04:44:56  C:\Program Files\McAfee\SpamKiller\MSKDetct .exe
----a-w			28,172 2007-12-30 04:44:27  C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w			28,172 2007-12-30 04:44:29  C:\Program Files\McAfee.com\Agent\mcupdate .exe
----a-w			28,172 2007-12-30 04:44:39  C:\Program Files\McAfee.com\Personal Firewall\MpfTray .exe
----a-w			28,172 2007-12-30 04:44:25  C:\Program Files\McAfee.com\VSO\mcmnhdlr .exe
----a-w			28,172 2007-12-30 06:00:43  C:\Program Files\McAfee.com\VSO\mcvsshld .exe
----a-w			28,172 2007-12-30 04:44:37  C:\Program Files\McAfee.com\VSO\oasclnt .exe
----a-w		 1,694,208 2007-12-30 04:45:54  C:\Program Files\Messenger\msmsgs .exe
----a-w			28,172 2007-12-30 04:45:44  C:\Program Files\MySpace\IM\MySpaceIM .exe
----a-w			28,172 2007-12-30 04:44:16  C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w		   224,248 2007-12-30 03:22:30  C:\Program Files\Yahoo!\Search Protection\SearchProtection .exe
----a-w		   158,208 2008-02-29 22:43:19  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w			28,172 2007-12-30 04:44:49  C:\WINDOWS\system32\igfxpers .exe
----a-w			28,172 2007-12-30 04:44:46  C:\WINDOWS\system32\igfxtray .exe
----a-w			28,172 2007-12-30 04:44:43  C:\WINDOWS\system32\NeroCheck .exe
----a-w			28,172 2007-12-30 04:44:59  C:\WINDOWS\system32\dla\tfswctrl .exe
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 1,404,928 2004-10-15 00:42:54 C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe

----a-w 81,920 2004-07-27 21:50:18 C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe

----a-w 221,184 2004-07-27 21:50:42 C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe

----a-w 32,768 2003-12-08 23:35:14 C:\Program Files\CyberLink DVD Solution\PowerDVD\bak\PDVDServ.exe

----a-w 86,016 2005-01-27 06:02:00 C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe

----a-w 460,784 2007-03-15 17:09:36 C:\Program Files\DellSupport\bak\DSAgnt.exe

----a-w 68,856 2007-05-29 07:13:21 C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe

----a-w 257,088 2007-03-15 01:05:48 C:\Program Files\iTunes\bak\iTunesHelper.exe

----a-w 36,975 2005-04-13 09:48:52 C:\Program Files\Java\jre1.5.0_03\bin\bak\jusched.exe

----a-w 57,344 2004-03-25 13:30:30 C:\Program Files\Lexmark 5200 Series\bak\lxbtbmgr.exe

----a-w 98,304 2004-06-17 04:33:02 C:\Program Files\McAfee\SpamKiller\bak\MSKAgent.exe

----a-w 1,111,552 2004-10-25 17:18:04 C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe

----a-w 303,104 2005-09-23 00:29:08 C:\Program Files\McAfee.com\Agent\bak\mcagent.exe

----a-w 212,992 2006-01-11 18:05:42 C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe

----a-w 1,005,096 2005-11-11 23:00:56 C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe

----a-w 151,552 2005-07-08 23:18:22 C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe

----a-w 163,840 2005-08-10 17:49:20 C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe

----a-w 53,248 2005-08-12 03:02:44 C:\Program Files\McAfee.com\VSO\bak\oasclnt.exe

----a-w 1,327,104 2006-11-16 21:42:52 C:\Program Files\MySpace\IM\bak\MySpaceIM.exe

----a-w 282,624 2007-02-16 16:54:04 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 1,261 2007-12-08 16:18:03 C:\Program Files\Real\RealPlayer\bak\channels.xml
----a-w 1,261 2007-10-11 02:34:22 C:\Program Files\Real\RealPlayer\channels.xml

----a-w 26,112 2005-10-13 20:14:15 C:\Program Files\Real\RealPlayer\bak\RealPlay.exe

----a-w 4,662,776 2006-12-01 03:49:04 C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe
----a-w 4,670,704 2007-08-30 23:43:18 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

----a-w 24,104 2007-03-14 23:03:04 C:\Program Files\Zune\bak\ZuneLauncher.exe

----a-w 114,688 2005-09-20 15:36:20 C:\WINDOWS\system32\bak\igfxpers.exe

----a-w 94,208 2005-09-20 15:35:40 C:\WINDOWS\system32\bak\igfxtray.exe

----a-w 155,648 2001-07-09 17:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

----a-w 122,941 2005-05-31 11:33:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [ ]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
"MapEDC"="C:\Program Files\MapEDC\MapEDC.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [ ]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [ ]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [ ]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [ ]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [ ]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [ ]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 10:30 65536]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [ ]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [ ]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [ ]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [ ]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [ ]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [ ]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 04:00 158208]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-21 17:53:42 110592]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-21 17:53:42 110592]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-10-13 14:09:39 24576]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-09-03 07:45:28 176128]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-03-19 12:12:21 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGES_0001_N122M0502]
C:\Documents and Settings\rc\Desktop\setup_en(2) .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 04:47]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 03:40]
S2 SpoolSvc207;Print Spooler Service;C:\WINDOWS\TEMP\cjnr4r47205535.exe []
S2 SVSLOG;Service Logon Protocol;"C:\WINDOWS\svslogon.exe" []

.
Contents of the 'Scheduled Tasks' folder
"2008-02-21 19:39:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-01 00:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (RASHAUN-Rashaun Collins).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 13:56:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-02 13:57:34
ComboFix-quarantined-files.txt 2008-03-02 19:57:24
ComboFix2.txt 2008-03-02 03:56:43
ComboFix3.txt 2008-03-01 21:50:47
--------------------------------------------------------------------------------------

Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:45 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected]
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [MapEDC] C:\Program Files\MapEDC\MapEDC.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1199043603484
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1199043459062
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Print Spooler Service (SpoolSvc207) - Unknown owner - C:\WINDOWS\TEMP\cjnr4r47205535.exe (file missing)
O23 - Service: Service Logon Protocol (SVSLOG) - Unknown owner - C:\WINDOWS\svslogon.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 10218 bytes

Edited by integral_apparel, 02 March 2008 - 08:15 PM.

  • 0

#8
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hi,

Please delete your current copy of Combofix and download a new version from here:
http://subs.geekstogo.com/ComboFix.exe

Then follow my previous posts directions. :)
  • 0

#9
integral_apparel

integral_apparel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ComboFix 08-03-03.6 - R C 2008-03-02 20:01:36.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.280 [GMT -6:00]
Running from: C:\Documents and Settings\R C\Desktop\Combo-Fix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.

2008-03-02 00:53 . 2008-03-02 00:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-02 00:53 . 2008-03-02 00:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-01 23:56 . 2008-03-01 23:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
2008-03-01 10:46 . 2008-03-01 13:26 <DIR> d-------- C:\Documents and Settings\rc\.housecall6.6
2008-02-25 22:48 . 2008-02-25 22:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-24 03:00 . 2008-02-24 03:00 <DIR> d-------- C:\Program Files\eMule
2008-02-24 03:00 . 2008-02-24 03:00 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-02-19 00:50 . 2008-02-19 00:50 <DIR> d-------- C:\Documents and Settings\rc\Application Data\BitZipper
2008-02-19 00:49 . 2008-02-24 02:59 <DIR> d-------- C:\Program Files\BitZipper
2008-02-18 23:19 . 2008-03-02 00:54 <DIR> d-------- C:\Documents and Settings\rc\Application Data\Azureus
2008-02-18 23:19 . 2008-02-18 23:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2008-02-18 23:18 . 2008-02-24 02:59 <DIR> d-------- C:\Program Files\Azureus
2008-02-03 02:39 . 2008-02-24 03:00 <DIR> d-------- C:\Program Files\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 22:43 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
2008-02-24 06:53 10 ----a-w C:\Program Files\.autoreg
2008-02-10 21:15 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2008-01-12 06:38 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-12 06:37 --------- d-----w C:\Documents and Settings\rc\Application Data\Yahoo!
2008-01-12 06:37 --------- d-----w C:\Documents and Settings\rc\Application Data\Grisoft(2)
2008-01-12 06:37 --------- d-----w C:\Documents and Settings\rc\Application Data\Grisoft
2008-01-12 06:37 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2008-01-12 06:36 --------- d-----w C:\Program Files\Mozilla Firefox(2)
2007-12-30 04:44 28,172 ----a-w C:\WINDOWS\system32\NeroCheck .exe
2007-12-30 04:44 28,172 ----a-w C:\WINDOWS\system32\igfxtray .exe
2007-12-30 04:44 28,172 ----a-w C:\WINDOWS\system32\igfxpers .exe
2005-04-01 04:17 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
2006-05-15 05:15 1,682 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
<pre>
----a-w			28,172 2007-12-30 04:44:10  C:\Program Files\Analog Devices\Core\smax4pnp .exe
----a-w			28,172 2007-12-30 04:44:22  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w			28,172 2007-12-30 04:44:19  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
----a-w			28,172 2007-12-30 04:45:01  C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ .exe
----a-w			28,172 2007-12-30 04:44:22  C:\Program Files\Dell\Media Experience\DMXLauncher .exe
----a-w			28,172 2007-12-30 04:46:25  C:\Program Files\DellSupport\DSAgnt .exe
----a-w			28,172 2007-12-30 04:46:05  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w		 6,731,312 2008-03-01 21:26:00  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas		   .exe
----a-w		 6,731,312 2008-03-01 18:33:41  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas		 .exe
----a-w		 6,731,312 2008-03-01 18:33:46  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	   .exe
----a-w		 6,731,312 2008-03-01 18:33:52  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	  .exe
----a-w		 6,731,312 2008-03-01 18:33:56  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	 .exe
----a-w		 6,731,312 2008-03-01 18:33:57  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	.exe
----a-w		 6,731,312 2008-03-01 18:33:58  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas   .exe
----a-w		 6,731,312 2008-03-01 18:34:00  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas  .exe
----a-w		   267,064 2007-12-30 04:45:12  C:\Program Files\iTunes\iTunesHelper .exe
----a-w			28,172 2007-12-30 04:44:12  C:\Program Files\Java\jre1.5.0_03\bin\jusched .exe
----a-w			28,172 2007-12-30 04:44:34  C:\Program Files\Lexmark 5200 Series\lxbtbmgr .exe
----a-w			28,172 2007-12-30 04:44:53  C:\Program Files\McAfee\SpamKiller\MSKAgent .exe
----a-w			28,172 2007-12-30 04:44:56  C:\Program Files\McAfee\SpamKiller\MSKDetct .exe
----a-w			28,172 2007-12-30 04:44:27  C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w			28,172 2007-12-30 04:44:29  C:\Program Files\McAfee.com\Agent\mcupdate .exe
----a-w			28,172 2007-12-30 04:44:39  C:\Program Files\McAfee.com\Personal Firewall\MpfTray .exe
----a-w			28,172 2007-12-30 04:44:25  C:\Program Files\McAfee.com\VSO\mcmnhdlr .exe
----a-w			28,172 2007-12-30 06:00:43  C:\Program Files\McAfee.com\VSO\mcvsshld .exe
----a-w			28,172 2007-12-30 04:44:37  C:\Program Files\McAfee.com\VSO\oasclnt .exe
----a-w		 1,694,208 2007-12-30 04:45:54  C:\Program Files\Messenger\msmsgs .exe
----a-w			28,172 2007-12-30 04:45:44  C:\Program Files\MySpace\IM\MySpaceIM .exe
----a-w			28,172 2007-12-30 04:44:16  C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w		   224,248 2007-12-30 03:22:30  C:\Program Files\Yahoo!\Search Protection\SearchProtection .exe
----a-w		   158,208 2008-02-29 22:43:19  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w			28,172 2007-12-30 04:44:49  C:\WINDOWS\system32\igfxpers .exe
----a-w			28,172 2007-12-30 04:44:46  C:\WINDOWS\system32\igfxtray .exe
----a-w			28,172 2007-12-30 04:44:43  C:\WINDOWS\system32\NeroCheck .exe
----a-w			28,172 2007-12-30 04:44:59  C:\WINDOWS\system32\dla\tfswctrl .exe
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 1,404,928 2004-10-15 00:42:54 C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe

----a-w 81,920 2004-07-27 21:50:18 C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe

----a-w 221,184 2004-07-27 21:50:42 C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe

----a-w 32,768 2003-12-08 23:35:14 C:\Program Files\CyberLink DVD Solution\PowerDVD\bak\PDVDServ.exe

----a-w 86,016 2005-01-27 06:02:00 C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe

----a-w 460,784 2007-03-15 17:09:36 C:\Program Files\DellSupport\bak\DSAgnt.exe

----a-w 68,856 2007-05-29 07:13:21 C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe

----a-w 257,088 2007-03-15 01:05:48 C:\Program Files\iTunes\bak\iTunesHelper.exe

----a-w 36,975 2005-04-13 09:48:52 C:\Program Files\Java\jre1.5.0_03\bin\bak\jusched.exe

----a-w 57,344 2004-03-25 13:30:30 C:\Program Files\Lexmark 5200 Series\bak\lxbtbmgr.exe

----a-w 98,304 2004-06-17 04:33:02 C:\Program Files\McAfee\SpamKiller\bak\MSKAgent.exe

----a-w 1,111,552 2004-10-25 17:18:04 C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe

----a-w 303,104 2005-09-23 00:29:08 C:\Program Files\McAfee.com\Agent\bak\mcagent.exe

----a-w 212,992 2006-01-11 18:05:42 C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe

----a-w 1,005,096 2005-11-11 23:00:56 C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe

----a-w 151,552 2005-07-08 23:18:22 C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe

----a-w 163,840 2005-08-10 17:49:20 C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe

----a-w 53,248 2005-08-12 03:02:44 C:\Program Files\McAfee.com\VSO\bak\oasclnt.exe

----a-w 1,327,104 2006-11-16 21:42:52 C:\Program Files\MySpace\IM\bak\MySpaceIM.exe

----a-w 282,624 2007-02-16 16:54:04 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 1,261 2007-12-08 16:18:03 C:\Program Files\Real\RealPlayer\bak\channels.xml
----a-w 1,261 2007-10-11 02:34:22 C:\Program Files\Real\RealPlayer\channels.xml

----a-w 26,112 2005-10-13 20:14:15 C:\Program Files\Real\RealPlayer\bak\RealPlay.exe

----a-w 4,662,776 2006-12-01 03:49:04 C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe
----a-w 4,670,704 2007-08-30 23:43:18 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

----a-w 24,104 2007-03-14 23:03:04 C:\Program Files\Zune\bak\ZuneLauncher.exe

----a-w 114,688 2005-09-20 15:36:20 C:\WINDOWS\system32\bak\igfxpers.exe

----a-w 94,208 2005-09-20 15:35:40 C:\WINDOWS\system32\bak\igfxtray.exe

----a-w 155,648 2001-07-09 17:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

----a-w 122,941 2005-05-31 11:33:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [ ]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [ ]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [ ]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [ ]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [ ]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [ ]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [ ]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 10:30 65536]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [ ]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [ ]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [ ]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [ ]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [ ]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [ ]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 04:00 158208]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-21 17:53:42 110592]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-21 17:53:42 110592]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-10-13 14:09:39 24576]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-09-03 07:45:28 176128]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-03-19 12:12:21 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGES_0001_N122M0502]
C:\Documents and Settings\rc\Desktop\setup_en(2) .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 04:47]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 03:40]
S2 SpoolSvc207;Print Spooler Service;C:\WINDOWS\TEMP\cjnr4r47205535.exe []
S2 SVSLOG;Service Logon Protocol;"C:\WINDOWS\svslogon.exe" []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 20:05:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-02 20:06:25
ComboFix-quarantined-files.txt 2008-03-03 02:06:16
ComboFix2.txt 2008-03-02 19:57:34
ComboFix3.txt 2008-03-02 03:56:43
ComboFix4.txt 2008-03-01 21:50:47
-----------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:37 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected]
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1199043603484
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1199043459062
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Print Spooler Service (SpoolSvc207) - Unknown owner - C:\WINDOWS\TEMP\cjnr4r47205535.exe (file missing)
O23 - Service: Service Logon Protocol (SVSLOG) - Unknown owner - C:\WINDOWS\svslogon.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 10072 bytes
  • 0

#10
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

RenV::
C:\Program Files\Analog Devices\Core\smax4pnp .exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ .exe
C:\Program Files\Dell\Media Experience\DMXLauncher .exe
C:\Program Files\DellSupport\DSAgnt .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas		   .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas		 .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	   .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	  .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	 .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas	.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas   .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas  .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched .exe
C:\Program Files\Lexmark 5200 Series\lxbtbmgr .exe
C:\Program Files\McAfee\SpamKiller\MSKAgent .exe
C:\Program Files\McAfee\SpamKiller\MSKDetct .exe
C:\Program Files\McAfee.com\Agent\mcagent .exe
C:\Program Files\McAfee.com\Agent\mcupdate .exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray .exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr .exe
C:\Program Files\McAfee.com\VSO\mcvsshld .exe
C:\Program Files\McAfee.com\VSO\oasclnt .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\MySpace\IM\MySpaceIM .exe
C:\Program Files\Real\RealPlayer\RealPlay .exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection .exe
C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
C:\WINDOWS\system32\igfxpers .exe
C:\WINDOWS\system32\igfxtray .exe
C:\WINDOWS\system32\NeroCheck .exe
C:\WINDOWS\system32\dla\tfswctrl .exe


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

Advertisements


#11
integral_apparel

integral_apparel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hey sorry for the long delay on my replay, I have been very busy, but always appreciate the help tigger and will load those up tonight.

ComboFix 08-03-03.6 - R C 2008-03-06 1:49:18.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.260 [GMT -6:00]
Running from: C:\Documents and Settings\R C\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\R C\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-06 to 2008-03-06 )))))))))))))))))))))))))))))))
.

2008-03-02 00:53 . 2008-03-02 00:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-02 00:53 . 2008-03-02 00:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-01 23:56 . 2008-03-01 23:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
2008-03-01 10:46 . 2008-03-01 13:26 <DIR> d-------- C:\Documents and Settings\R C\.housecall6.6
2008-02-25 22:48 . 2008-02-25 22:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-24 03:00 . 2008-02-24 03:00 <DIR> d-------- C:\Program Files\eMule
2008-02-24 03:00 . 2008-02-24 03:00 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-02-22 00:39 . 2008-02-29 16:43 158,208 --a------ C:\WINDOWS\system32\dllcache\msconfig.exe
2008-02-19 00:50 . 2008-02-19 00:50 <DIR> d-------- C:\Documents and Settings\R C\Application Data\BitZipper
2008-02-19 00:49 . 2008-02-24 02:59 <DIR> d-------- C:\Program Files\BitZipper
2008-02-18 23:19 . 2008-03-04 19:31 <DIR> d-------- C:\Documents and Settings\R C\Application Data\Azureus
2008-02-18 23:19 . 2008-02-18 23:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2008-02-18 23:18 . 2008-02-24 02:59 <DIR> d-------- C:\Program Files\Azureus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 07:49 --------- d-----w C:\Program Files\Lexmark 5200 Series
2008-03-06 07:49 --------- d-----w C:\Program Files\iTunes
2008-03-06 07:48 --------- d-----w C:\Program Files\DellSupport
2008-02-29 22:43 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe
2008-02-24 09:00 --------- d-----w C:\Program Files\DivX
2008-02-24 06:53 10 ----a-w C:\Program Files\.autoreg
2008-02-10 21:15 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2008-01-12 06:38 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-12 06:37 --------- d-----w C:\Documents and Settings\R C\Application Data\Yahoo!
2008-01-12 06:37 --------- d-----w C:\Documents and Settings\R C\Application Data\Grisoft(2)
2008-01-12 06:37 --------- d-----w C:\Documents and Settings\R C\Application Data\Grisoft
2008-01-12 06:37 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2008-01-12 06:36 --------- d-----w C:\Program Files\Mozilla Firefox(2)
2007-12-30 04:44 28,172 ----a-w C:\WINDOWS\system32\NeroCheck.exe
2007-12-30 04:44 28,172 ----a-w C:\WINDOWS\system32\igfxtray.exe
2007-12-30 04:44 28,172 ----a-w C:\WINDOWS\system32\igfxpers.exe
2005-04-01 04:17 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
2006-05-15 05:15 1,682 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 1,404,928 2004-10-15 00:42:54 C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe
----a-w 28,172 2007-12-30 04:44:10 C:\Program Files\Analog Devices\Core\smax4pnp.exe

----a-w 81,920 2004-07-27 21:50:18 C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe
----a-w 28,172 2007-12-30 04:44:22 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

----a-w 221,184 2004-07-27 21:50:42 C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
----a-w 28,172 2007-12-30 04:44:19 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

----a-w 32,768 2003-12-08 23:35:14 C:\Program Files\CyberLink DVD Solution\PowerDVD\bak\PDVDServ.exe
----a-w 28,172 2007-12-30 04:45:01 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

----a-w 86,016 2005-01-27 06:02:00 C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe
----a-w 28,172 2007-12-30 04:44:22 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

----a-w 460,784 2007-03-15 17:09:36 C:\Program Files\DellSupport\bak\DSAgnt.exe
----a-w 28,172 2007-12-30 04:46:25 C:\Program Files\DellSupport\DSAgnt.exe

----a-w 68,856 2007-05-29 07:13:21 C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
----a-w 28,172 2007-12-30 04:46:05 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

----a-w 257,088 2007-03-15 01:05:48 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 267,064 2007-12-30 04:45:12 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 36,975 2005-04-13 09:48:52 C:\Program Files\Java\jre1.5.0_03\bin\bak\jusched.exe
----a-w 28,172 2007-12-30 04:44:12 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

----a-w 57,344 2004-03-25 13:30:30 C:\Program Files\Lexmark 5200 Series\bak\lxbtbmgr.exe
----a-w 28,172 2007-12-30 04:44:34 C:\Program Files\Lexmark 5200 Series\lxbtbmgr.exe

----a-w 98,304 2004-06-17 04:33:02 C:\Program Files\McAfee\SpamKiller\bak\MSKAgent.exe
----a-w 28,172 2007-12-30 04:44:53 C:\Program Files\McAfee\SpamKiller\MSKAgent.exe

----a-w 1,111,552 2004-10-25 17:18:04 C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe
----a-w 28,172 2007-12-30 04:44:56 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

----a-w 303,104 2005-09-23 00:29:08 C:\Program Files\McAfee.com\Agent\bak\mcagent.exe
----a-w 28,172 2007-12-30 04:44:27 C:\Program Files\McAfee.com\Agent\mcagent.exe

----a-w 212,992 2006-01-11 18:05:42 C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe
----a-w 28,172 2007-12-30 04:44:29 C:\Program Files\McAfee.com\Agent\mcupdate.exe

----a-w 1,005,096 2005-11-11 23:00:56 C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe
----a-w 28,172 2007-12-30 04:44:39 C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe

----a-w 151,552 2005-07-08 23:18:22 C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe
----a-w 28,172 2007-12-30 04:44:25 C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe

----a-w 163,840 2005-08-10 17:49:20 C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe
----a-w 28,172 2007-12-30 06:00:43 C:\Program Files\McAfee.com\VSO\mcvsshld.exe

----a-w 53,248 2005-08-12 03:02:44 C:\Program Files\McAfee.com\VSO\bak\oasclnt.exe
----a-w 28,172 2007-12-30 04:44:37 C:\Program Files\McAfee.com\VSO\oasclnt.exe

----a-w 1,327,104 2006-11-16 21:42:52 C:\Program Files\MySpace\IM\bak\MySpaceIM.exe
----a-w 28,172 2007-12-30 04:45:44 C:\Program Files\MySpace\IM\MySpaceIM.exe

----a-w 282,624 2007-02-16 16:54:04 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 1,261 2007-12-08 16:18:03 C:\Program Files\Real\RealPlayer\bak\channels.xml
----a-w 1,261 2007-10-11 02:34:22 C:\Program Files\Real\RealPlayer\channels.xml

----a-w 26,112 2005-10-13 20:14:15 C:\Program Files\Real\RealPlayer\bak\RealPlay.exe
----a-w 28,172 2007-12-30 04:44:16 C:\Program Files\Real\RealPlayer\RealPlay.exe

----a-w 4,662,776 2006-12-01 03:49:04 C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe
----a-w 4,670,704 2007-08-30 23:43:18 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

----a-w 24,104 2007-03-14 23:03:04 C:\Program Files\Zune\bak\ZuneLauncher.exe

----a-w 114,688 2005-09-20 15:36:20 C:\WINDOWS\system32\bak\igfxpers.exe
----a-w 28,172 2007-12-30 04:44:49 C:\WINDOWS\system32\igfxpers.exe

----a-w 94,208 2005-09-20 15:35:40 C:\WINDOWS\system32\bak\igfxtray.exe
----a-w 28,172 2007-12-30 04:44:46 C:\WINDOWS\system32\igfxtray.exe

----a-w 155,648 2001-07-09 17:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe
----a-w 28,172 2007-12-30 04:44:43 C:\WINDOWS\system32\NeroCheck.exe

----a-w 122,941 2005-05-31 11:33:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe
----a-w 28,172 2007-12-30 04:44:59 C:\WINDOWS\system32\dla\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-29 22:45 1694208]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-12-29 22:46 28172]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-12-29 22:44 28172]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-12-29 22:44 28172]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2007-12-29 22:44 28172]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2007-12-29 22:44 28172]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2007-12-29 22:44 28172]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2007-12-29 22:44 28172]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2007-12-30 00:00 28172]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 10:30 65536]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2007-12-29 22:44 28172]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2007-12-29 22:44 28172]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [2007-12-29 22:44 28172]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2007-12-29 22:44 28172]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [ ]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2007-12-29 22:44 28172]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-02-29 16:43 158208]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-21 17:53:42 110592]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-21 17:53:42 110592]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-10-13 14:09:39 24576]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-09-03 07:45:28 176128]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-03-19 12:12:21 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-12-29 22:45 28172 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGES_0001_N122M0502]
C:\Documents and Settings\R C\Desktop\setup_en(2) .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-12-29 22:46 28172 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 04:47]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 03:40]
S2 SpoolSvc207;Print Spooler Service;C:\WINDOWS\TEMP\cjnr4r47205535.exe []
S2 SVSLOG;Service Logon Protocol;"C:\WINDOWS\svslogon.exe" []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 01:52:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-06 1:53:19
ComboFix-quarantined-files.txt 2008-03-06 07:53:09
ComboFix2.txt 2008-03-03 02:06:26
ComboFix3.txt 2008-03-02 19:57:34
ComboFix4.txt 2008-03-02 03:56:43
ComboFix5.txt 2008-03-01 21:50:47


---------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:59:27 AM, on 3/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Adobe\Web\AOM.exe
C:\Program Files\Adobe\Illustrator 10\Support Files\Contents\Windows\Illustrator.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
c:\program files\mcafee.com\agent\mcupdate.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\bak\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected]
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1199043603484
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1199043459062
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Print Spooler Service (SpoolSvc207) - Unknown owner - C:\WINDOWS\TEMP\cjnr4r47205535.exe (file missing)
O23 - Service: Service Logon Protocol (SVSLOG) - Unknown owner - C:\WINDOWS\svslogon.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 10311 bytes

Edited by integral_apparel, 06 March 2008 - 02:03 AM.

  • 0

#12
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Finally got one of the nasties taken care of. :)

Download FindAWF.exe from here or here, and save it to your desktop.

  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
    "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
    "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
    "C:\Program Files\CyberLink DVD Solution\PowerDVD\bak\PDVDServ.exe"
    "C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe"
    "C:\Program Files\DellSupport\bak\DSAgnt.exe"
    "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
    "C:\Program Files\iTunes\bak\iTunesHelper.exe"
    "C:\Program Files\Java\jre1.5.0_03\bin\bak\jusched.exe"
    "C:\Program Files\Lexmark 5200 Series\bak\lxbtbmgr.exe"
    "C:\Program Files\McAfee\SpamKiller\bak\MSKAgent.exe"
    "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"
    "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
    "C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe"
    "C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe"
    "C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe"
    "C:\Program Files\McAfee.com\VSO\bak\oasclnt.exe"
    "C:\Program Files\MySpace\IM\bak\MySpaceIM.exe"
    "C:\Program Files\QuickTime\bak\qttask.exe"
    "C:\Program Files\Real\RealPlayer\bak\channels.xml"
    "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
    "C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe"
    "C:\Program Files\Zune\bak\ZuneLauncher.exe"
    "C:\WINDOWS\system32\bak\igfxpers.exe"
    "C:\WINDOWS\system32\bak\igfxtray.exe"
    "C:\WINDOWS\system32\bak\NeroCheck.exe"
    "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"

  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • You will be presented with a Menu.

    1. Press 1 then Enter to scan for bak folders
    2. Press 2 then Enter to restore files from bak folders
    3. Press 3 then Enter to remove bak folders
    4. Press 4 then Enter to reset domain zones
    5. Press E then Enter to EXIT

  • Press 2, then press Enter.
  • Press any key to continue.
  • A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of files to be restored.
  • Right click below this line and select Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
  • The program will proceed to move the legit files and will perform another scan for .bak folder
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in notepad called AWF.txt.
  • Please copy and paste the contents of the AWF.txt file in your next reply.

  • 0

#13
integral_apparel

integral_apparel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I tried starting the program but it just sits in the prompt window, then my computer freezes up and I have to restart. I tried downloading it again and it occurred again.

Also the minute I double click the icon my Mcafee jumps in and says I need to scan my computer for viruses and it closes the program. Even if Mcafee is disabled it still wont run, it just sits in the blinking prompt dos screen.
  • 0

#14
integral_apparel

integral_apparel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hey I got it to work last night. Here is the report
-----------------------------------------------------------

Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Fri 03/07/2008
The current time is: 15:35:02.84


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\DELLSU~1\BAK

03/15/2007 11:09 AM 460,784 DSAgnt.exe
1 File(s) 460,784 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

03/14/2007 07:05 PM 257,088 iTunesHelper.exe
1 File(s) 257,088 bytes

Directory of C:\PROGRA~1\LEXMAR~1\BAK

03/25/2004 07:30 AM 57,344 lxbtbmgr.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

02/16/2007 10:54 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\WINDOW~4\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\ZUNE\BAK

03/14/2007 05:03 PM 24,104 ZuneLauncher.exe
1 File(s) 24,104 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

09/20/2005 09:36 AM 114,688 igfxpers.exe
09/20/2005 09:35 AM 94,208 igfxtray.exe
07/09/2001 11:50 AM 155,648 NeroCheck.exe
3 File(s) 364,544 bytes

Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK

10/14/2004 06:42 PM 1,404,928 smax4pnp.exe
1 File(s) 1,404,928 bytes

Directory of C:\PROGRA~1\CYBERL~2\POWERDVD\BAK

12/08/2003 05:35 PM 32,768 PDVDServ.exe
1 File(s) 32,768 bytes

Directory of C:\PROGRA~1\DELL\MEDIAE~1\BAK

01/27/2005 12:02 AM 86,016 DMXLauncher.exe
1 File(s) 86,016 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

05/29/2007 01:13 AM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes

Directory of C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK

06/16/2004 10:33 PM 98,304 MSKAgent.exe
10/25/2004 11:18 AM 1,111,552 MSKDetct.exe
2 File(s) 1,209,856 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

09/22/2005 06:29 PM 303,104 mcagent.exe
01/11/2006 12:05 PM 212,992 mcupdate.exe
2 File(s) 516,096 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\PERSON~1\BAK

11/11/2005 05:00 PM 1,005,096 MpfTray.exe
1 File(s) 1,005,096 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\VSO\BAK

07/08/2005 05:18 PM 151,552 mcmnhdlr.exe
08/10/2005 11:49 AM 163,840 mcvsshld.exe
08/11/2005 09:02 PM 53,248 oasclnt.exe
3 File(s) 368,640 bytes

Directory of C:\PROGRA~1\MYSPACE\IM\BAK

11/16/2006 03:42 PM 1,327,104 MySpaceIM.exe
1 File(s) 1,327,104 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

12/08/2007 10:18 AM 1,261 channels.xml
10/13/2005 02:14 PM 26,112 RealPlay.exe
2 File(s) 27,373 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

11/30/2006 09:49 PM 4,662,776 YahooMessenger.exe
1 File(s) 4,662,776 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

05/31/2005 05:33 AM 122,941 tfswctrl.exe
1 File(s) 122,941 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

07/27/2004 03:50 PM 81,920 issch.exe
07/27/2004 03:50 PM 221,184 ISUSPM.exe
2 File(s) 303,104 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

04/13/2005 03:48 AM 36,975 jusched.exe
1 File(s) 36,975 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

460784 Mar 15 2007 "C:\Program Files\DellSupport\DSAgnt.exe"
460784 Mar 15 2007 "C:\Program Files\DellSupport\bak\DSAgnt.exe"
257088 Mar 14 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
257088 Mar 14 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Nov 4 2007 "C:\WINDOWS\Installer\{B045B608-4A47-4C77-9EAD-06C394503306}\iTunesIco.exe"
116024 Nov 4 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.3.1\iTunesSetupAdmin.exe"
57344 Mar 25 2004 "C:\Program Files\Lexmark 5200 Series\lxbtbmgr.exe"
57344 Mar 25 2004 "C:\Program Files\Lexmark 5200 Series\bak\lxbtbmgr.exe"
282624 Feb 16 2007 "C:\Program Files\QuickTime\qttask.exe"
282624 Feb 16 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
24104 Mar 14 2007 "C:\Program Files\Zune\ZuneLauncher.exe"
24104 Mar 14 2007 "C:\Program Files\Zune\bak\ZuneLauncher.exe"
114688 Sep 20 2005 "C:\WINDOWS\system32\igfxpers.exe"
114688 Sep 20 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
94208 Sep 20 2005 "C:\WINDOWS\system32\igfxtray.exe"
155648 Jan 23 2005 "C:\DRIVERS\VIDEO\ONBOARD\IGFXTRAY.EXE"
94208 Sep 20 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
155648 Jan 23 2005 "C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\igfxtray.exe"
155648 Jul 9 2001 "C:\WINDOWS\system32\NeroCheck.exe"
155648 Jul 9 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
1404928 Oct 14 2004 "C:\DRIVERS\AUDIO\onboard\SMax4PNP.exe"
1404928 Oct 14 2004 "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
1404928 Oct 14 2004 "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
32768 Dec 8 2003 "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
32768 Dec 8 2003 "C:\Program Files\CyberLink DVD Solution\PowerDVD\bak\PDVDServ.exe"
86016 Jan 27 2005 "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
86016 Jan 27 2005 "C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe"
52272 Jan 27 2007 "C:\Program Files\Google\googletoolbar3user.exe"
68856 May 29 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
138168 Jan 27 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 May 29 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
98304 Jun 16 2004 "C:\Program Files\McAfee\SpamKiller\MSKAgent.exe"
98304 Jun 16 2004 "C:\Program Files\McAfee\SpamKiller\bak\MSKAgent.exe"
1111552 Oct 25 2004 "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe"
1111552 Oct 25 2004 "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"
303104 Sep 22 2005 "C:\Program Files\McAfee.com\Agent\mcagent.exe"
303104 Sep 22 2005 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
28172 Dec 29 2007 "C:\Program Files\McAfee.com\Agent\mcupdate.exe"
212992 Jan 11 2006 "C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe"
1005096 Nov 11 2005 "C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe"
1005096 Nov 11 2005 "C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe"
151552 Jul 8 2005 "C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe"
151552 Jul 8 2005 "C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe"
163840 Aug 10 2005 "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
163840 Aug 10 2005 "C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe"
53248 Aug 11 2005 "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
53248 Aug 11 2005 "C:\Program Files\McAfee.com\VSO\bak\oasclnt.exe"
1327104 Nov 16 2006 "C:\Program Files\MySpace\IM\MySpaceIM.exe"
1327104 Nov 16 2006 "C:\Program Files\MySpace\IM\bak\MySpaceIM.exe"
1261 Dec 8 2007 "C:\Program Files\Real\RealPlayer\channels.xml"
1261 Dec 8 2007 "C:\Program Files\Real\RealPlayer\bak\channels.xml"
2050 Apr 27 2006 "C:\Program Files\DellSupport\HTML\Settings\localization\channels.xml"
26112 Oct 13 2005 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
26112 Oct 13 2005 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
4662776 Nov 30 2006 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
4662776 Nov 30 2006 "C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe"
122941 May 31 2005 "C:\WINDOWS\system32\dla\tfswctrl.exe"
122941 May 31 2005 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
122941 May 31 2005 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
32881 Nov 19 2003 "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
36975 Apr 13 2005 "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
36975 Apr 13 2005 "C:\Program Files\Java\jre1.5.0_03\bin\bak\jusched.exe"


end of report
  • 0

#15
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hi. :)

Please delete your current copy of Combofix and download the latest version from here.

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

AWF::
C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\bak\PDVDServ.exe
C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe
C:\Program Files\DellSupport\bak\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
C:\Program Files\iTunes\bak\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_03\bin\bak\jusched.exe
C:\Program Files\Lexmark 5200 Series\bak\lxbtbmgr.exe
C:\Program Files\McAfee\SpamKiller\bak\MSKAgent.exe
C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe
C:\Program Files\McAfee.com\Agent\bak\mcagent.exe
C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe
C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe
C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\bak\oasclnt.exe
C:\Program Files\MySpace\IM\bak\MySpaceIM.exe
C:\Program Files\QuickTime\bak\qttask.exe
C:\Program Files\Real\RealPlayer\bak\channels.xml
C:\Program Files\Real\RealPlayer\bak\RealPlay.exe
C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe
C:\Program Files\Zune\bak\ZuneLauncher.exe
C:\WINDOWS\system32\bak\igfxpers.exe
C:\WINDOWS\system32\bak\igfxtray.exe
C:\WINDOWS\system32\bak\NeroCheck.exe
C:\WINDOWS\system32\dla\bak\tfswctrl.exe



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP