Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojandownloader.xs


  • Please log in to reply

#1
pest control

pest control

    Member

  • Member
  • PipPip
  • 12 posts
hello, i am in need of help


just this morning i start my computer and i see my browser is blue and says "yourcomputer has several diffrent errors due to spyware activity" honestly i do not download much of anything my problum is i do not know what to do from here and i clearly do not know where to post this (i thought this would be a fine place to post it though) but, pleae tell me what to do from here
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello pest control

Welcome to G2Go. :)
=====================
* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\Hijack This.
  • Click on I agree
  • Then Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
pest control

pest control

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
thank you for having me, here you go


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:29:39 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sbwltbxa.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\DOCUME~1\zoee\LOCALS~1\Temp\IMAdvertiser.EXE
C:\Program Files\QdrModule\QdrModule13.exe
C:\Program Files\QdrPack\QdrPack14.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: BndFibu7 IE Helper - {8041E642-8CFC-4720-BC9D-D2DB8904286F} - C:\Program Files\QdrDrive\QdrDrive12.dll
O2 - BHO: BndAero6 IE Helper - {82E5E2FF-9260-4d88-B0C6-7CC358C5D418} - C:\Program Files\QdrDrive\QdrDrive11.dll (file missing)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMprocess] C:\DOCUME~1\zoee\LOCALS~1\Temp\IMAdvertiser.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [QdrModule12] "C:\Program Files\QdrModule\QdrModule12.exe"
O4 - HKCU\..\Run: [QdrModule13] "C:\Program Files\QdrModule\QdrModule13.exe"
O4 - HKCU\..\Run: [QdrPack14] "C:\Program Files\QdrPack\QdrPack14.exe"
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 6635 bytes
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#5
pest control

pest control

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
theirs one problum, i get random pop ups so if i was to close everything more things would pop up
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
It should still work please go ahead and try running it anyway.
Thanks :)
  • 0

#7
pest control

pest control

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ok here you go


i got two note pads

1. extra.txt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:29:39 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sbwltbxa.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\DOCUME~1\zoee\LOCALS~1\Temp\IMAdvertiser.EXE
C:\Program Files\QdrModule\QdrModule13.exe
C:\Program Files\QdrPack\QdrPack14.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: BndFibu7 IE Helper - {8041E642-8CFC-4720-BC9D-D2DB8904286F} - C:\Program Files\QdrDrive\QdrDrive12.dll
O2 - BHO: BndAero6 IE Helper - {82E5E2FF-9260-4d88-B0C6-7CC358C5D418} - C:\Program Files\QdrDrive\QdrDrive11.dll (file missing)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMprocess] C:\DOCUME~1\zoee\LOCALS~1\Temp\IMAdvertiser.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [QdrModule12] "C:\Program Files\QdrModule\QdrModule12.exe"
O4 - HKCU\..\Run: [QdrModule13] "C:\Program Files\QdrModule\QdrModule13.exe"
O4 - HKCU\..\Run: [QdrPack14] "C:\Program Files\QdrPack\QdrPack14.exe"
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 6635 bytes

2.main.txt

Deckard's System Scanner v20071014.68
Run by zoee on 2008-03-22 19:11:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
60: 2008-03-23 03:11:53 UTC - RP61 - Deckard's System Scanner Restore Point
59: 2008-03-22 18:03:14 UTC - RP60 - System Checkpoint
58: 2008-03-20 18:24:24 UTC - RP59 - System Checkpoint
57: 2008-03-19 06:20:54 UTC - RP58 - System Checkpoint
56: 2008-03-17 22:07:12 UTC - RP57 - System Checkpoint


-- First Restore Point --
1: 2008-01-10 19:06:01 UTC - RP2 - Installed Broadcom 440x 10/100 Integrated Controller


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis (run as zoee.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:13:17 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sbwltbxa.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\DOCUME~1\zoee\LOCALS~1\Temp\IMAdvertiser.EXE
C:\Program Files\QdrModule\QdrModule13.exe
C:\Program Files\QdrPack\QdrPack14.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\zoee\Local Settings\Temporary Internet Files\Content.IE5\SRHRIUV1\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\zoee.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: BndFibu7 IE Helper - {8041E642-8CFC-4720-BC9D-D2DB8904286F} - C:\Program Files\QdrDrive\QdrDrive12.dll
O2 - BHO: BndAero6 IE Helper - {82E5E2FF-9260-4d88-B0C6-7CC358C5D418} - C:\Program Files\QdrDrive\QdrDrive11.dll (file missing)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMprocess] C:\DOCUME~1\zoee\LOCALS~1\Temp\IMAdvertiser.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [QdrModule12] "C:\Program Files\QdrModule\QdrModule12.exe"
O4 - HKCU\..\Run: [QdrModule13] "C:\Program Files\QdrModule\QdrModule13.exe"
O4 - HKCU\..\Run: [QdrPack14] "C:\Program Files\QdrPack\QdrPack14.exe"
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 6674 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-15 01:00:06 338 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-03-01 01:00:30 330 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-02-22 and 2008-03-22 -----------------------------

2008-03-22 18:28:58 0 d-------- C:\Program Files\Trend Micro
2008-03-22 17:15:35 0 d-------- C:\WINDOWS\LastGood
2008-03-22 17:05:57 0 d-------- C:\Program Files\seekmo
2008-03-22 17:05:56 0 d-------- C:\Program Files\180solutions
2008-03-22 10:25:56 9472 --a------ C:\WINDOWS\voiceip.dll
2008-03-22 10:25:56 17664 --a------ C:\WINDOWS\stcloader.exe
2008-03-22 10:25:56 0 d-------- C:\Program Files\stc
2008-03-22 10:25:55 30464 --a------ C:\WINDOWS\swin32.dll
2008-03-22 10:25:55 27648 --a------ C:\WINDOWS\mssvr.exe
2008-03-22 10:25:55 16128 --a------ C:\WINDOWS\cdsm32.dll
2008-03-22 10:25:55 13312 --a------ C:\WINDOWS\bokja.exe
2008-03-22 10:25:54 25344 --a------ C:\WINDOWS\mspphe.dll
2008-03-22 10:25:54 13824 --a------ C:\WINDOWS\bjam.dll
2008-03-22 10:25:54 17408 --a------ C:\WINDOWS\2020search2.dll
2008-03-22 10:25:53 8704 --a------ C:\WINDOWS\2020search.dll
2008-03-22 10:25:53 0 d-------- C:\Program Files\180search assistant
2008-03-22 10:25:52 25088 --a------ C:\WINDOWS\system32\MSIXU.DLL
2008-03-22 10:25:52 0 d-------- C:\Program Files\zango
2008-03-22 10:25:51 25856 --a------ C:\WINDOWS\system32\WER8274.DLL
2008-03-22 10:25:51 0 d-------- C:\Program Files\180searchassistant
2008-03-22 10:25:50 24064 --a------ C:\WINDOWS\salm.exe
2008-03-22 10:25:50 16640 --a------ C:\WINDOWS\180ax.exe
2008-03-22 10:25:48 14592 --a------ C:\WINDOWS\updatetc.exe
2008-03-22 10:25:47 28672 --a------ C:\WINDOWS\saiemod.dll
2008-03-22 10:25:47 0 d-------- C:\WINDOWS\FLEOK
2008-03-22 10:25:46 30720 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-03-22 10:25:45 17920 --a------ C:\WINDOWS\msapasrc.dll
2008-03-22 10:25:45 17920 --a------ C:\WINDOWS\msa64chk.dll
2008-03-22 10:25:43 12800 --a------ C:\WINDOWS\system32\SIPSPI32.dll
2008-03-22 10:25:43 9984 --a------ C:\WINDOWS\system32\shdocpe.dll
2008-03-22 10:25:43 19712 --a------ C:\WINDOWS\system32\ntnut32.exe
2008-03-22 10:25:42 22272 --a------ C:\WINDOWS\shdocpl.dll
2008-03-22 10:25:42 10496 --a------ C:\WINDOWS\shdocpe.dll
2008-03-22 10:25:42 20992 --a------ C:\WINDOWS\ntnut.exe
2008-03-22 10:25:41 30720 --a------ C:\WINDOWS\winsb.dll
2008-03-22 10:25:41 18176 --a------ C:\WINDOWS\browserad.dll
2008-03-22 10:25:41 22528 --a------ C:\WINDOWS\aviwrap32.dll
2008-03-22 10:25:41 0 d-------- C:\Program Files\Sysmnt
2008-03-22 10:25:40 30976 --a------ C:\WINDOWS\avisynthex32.dll
2008-03-22 10:25:40 30976 --a------ C:\WINDOWS\avifile32.dll
2008-03-22 10:25:39 28672 --a------ C:\WINDOWS\autodisc32.dll
2008-03-22 10:25:39 13312 --a------ C:\WINDOWS\audiosrv32.dll
2008-03-22 10:25:39 26880 --a------ C:\WINDOWS\ati2dvag32.dll
2008-03-22 10:25:38 18944 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-03-22 10:25:38 13568 --a------ C:\WINDOWS\athprxy32.dll
2008-03-22 10:25:38 25344 --a------ C:\WINDOWS\asycfilt32.dll
2008-03-22 10:25:38 29440 --a------ C:\WINDOWS\asferror32.dll
2008-03-22 10:25:37 21248 --a------ C:\WINDOWS\changeurl_30.dll
2008-03-22 10:25:37 25600 --a------ C:\WINDOWS\apphelp32.dll
2008-03-22 10:19:50 0 d-------- C:\Program Files\QdrPack
2008-03-22 10:18:23 0 d-------- C:\Program Files\Bat
2008-03-22 10:18:00 0 d-------- C:\Program Files\QdrModule
2008-03-22 10:17:49 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-03-22 10:17:47 0 d-------- C:\Program Files\ISM
2008-03-22 10:17:38 90537 --a------ C:\WINDOWS\system32\sbwltbxa.exe <Not Verified; Microsoft; runbll>
2008-03-15 09:55:03 45056 --a------ C:\Program Files\entransfer.exe <Not Verified; eN; entransfer>
2008-03-15 08:45:17 0 d-------- C:\Program Files\ensync_tmp
2008-03-15 08:45:16 0 d-------- C:\Program Files\custom
2008-03-15 08:24:29 18432 -----n--- C:\Program Files\lyversion.exe <Not Verified; Lysias, Inc.; lyversion>
2008-03-15 08:24:29 125952 -----n--- C:\Program Files\lysystem.exe <Not Verified; Lysias, Inc.; lysystem>
2008-03-15 08:24:29 20480 -----n--- C:\Program Files\GSFix290.exe <Not Verified; workz.com; GSLicense>
2008-03-15 08:24:29 28672 -----n--- C:\Program Files\eN_RegFix.exe <Not Verified; iplace user; projClient_eN_Fix>
2008-03-15 08:24:28 398416 -----n--- C:\WINDOWS\system32\VBRUN300.DLL <Not Verified; Microsoft Corporation; Visual Basic 3.0>
2008-03-15 08:24:28 13824 -----n--- C:\WINDOWS\system32\VBOA300.DLL <Not Verified; Microsoft Corporation; Visual Basic 3.0>
2008-03-15 08:24:28 640512 -----n--- C:\WINDOWS\system32\oc30.dll <Not Verified; Microsoft Corporation; Microsoft® OLE Controls Development Kit>
2008-03-15 08:24:27 62464 -----n--- C:\WINDOWS\system32\KTNDLL32.dll <Not Verified; Lysias, Inc.; Know The Neighborhood>
2008-03-15 08:24:24 216576 -----n--- C:\WINDOWS\system32\CP5DLL32.DLL <Not Verified; EllTech Development, Inc.; Compression Plus 5.0>
2008-03-15 08:24:21 77824 -----n--- C:\WINDOWS\system32\MSBIND.DLL <Not Verified; Microsoft Corporation; MSBind Object Library>
2008-03-15 08:24:21 463872 -----n--- C:\WINDOWS\system32\LTRPR13n.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® COM for Win32>
2008-03-15 08:24:19 32768 -----n--- C:\WINDOWS\system32\GexEncryptorCOM.dll <Not Verified; ; GexEncryptorCOM Module>
2008-03-15 08:24:18 102400 -----n--- C:\WINDOWS\system32\ccrpFD6.dll <Not Verified; Domenico Statuto; The Common Control Replacement Project Extended File Dialog>
2008-03-15 08:24:18 36260 -----n--- C:\Program Files\lyktn43.dat
2008-03-15 08:24:18 14278 -----n--- C:\Program Files\lyktn42.dat
2008-03-15 08:24:18 109221 -----n--- C:\Program Files\lyktn41.dat
2008-03-15 08:24:18 15046 -----n--- C:\Program Files\lyktn40.dat
2008-03-15 08:24:18 102246 -----n--- C:\Program Files\lyktn36.dat
2008-03-15 08:24:18 230778 -----n--- C:\Program Files\lyktn35.dat
2008-03-15 08:24:18 355426 -----n--- C:\Program Files\LyKtn34.dat
2008-03-15 08:24:18 102929 -----n--- C:\Program Files\LyKtn33.dat
2008-03-15 08:24:18 411612 -----n--- C:\Program Files\LyKtn32.dat
2008-03-15 08:24:04 0 d-------- C:\Program Files\xml
2008-03-15 08:24:01 0 d-------- C:\Program Files\html
2008-03-15 08:24:00 24576 -----n--- C:\Program Files\enfilt.exe <Not Verified; eNeighborhoods; enfilter>
2008-03-15 08:23:58 4665344 --a------ C:\Program Files\eNeighborhoods.exe <Not Verified; eNeighborhoods, Inc.; eNeighborhoods>
2008-03-15 08:23:54 16786 -----n--- C:\Program Files\Lyktn39.dat
2008-03-15 08:23:54 33709 -----n--- C:\Program Files\Lyktn38.dat
2008-03-15 08:23:54 23269 -----n--- C:\Program Files\Lyktn37.dat
2008-03-15 08:23:22 0 d-------- C:\Program Files\Data
2008-03-15 08:23:16 0 d-------- C:\Program Files\Mdac27tmp
2008-03-15 08:23:15 0 d-------- C:\Program Files\Common Files\Data Dynamics
2008-03-15 08:19:07 847872 -----n--- C:\WINDOWS\wfuninst.exe <Not Verified; WyldFyre Technologies, Inc.; WFUninst Application>
2008-03-15 08:19:02 44544 -----n--- C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-03-15 08:19:02 335872 -----n--- C:\WINDOWS\system32\ANSMTP.dll <Not Verified; AdminSystem.NET; ANSMTP Module>
2008-03-15 08:19:01 35840 -----n--- C:\WINDOWS\system32\lttwn10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-03-15 08:19:01 297984 -----n--- C:\WINDOWS\system32\ltkrn10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-03-15 08:19:01 114176 -----n--- C:\WINDOWS\system32\ltimg10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-03-15 08:19:01 107520 -----n--- C:\WINDOWS\system32\ltfil10N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-03-15 08:19:01 221184 -----n--- C:\WINDOWS\system32\ltefx10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-03-15 08:19:01 265728 -----n--- C:\WINDOWS\system32\ltdlg10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-03-15 08:19:01 229888 -----n--- C:\WINDOWS\system32\LTDIS10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-03-15 08:19:01 264704 -----n--- C:\WINDOWS\system32\ltann10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-03-15 08:19:01 122880 -----n--- C:\WINDOWS\system32\lftif10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-03-15 08:19:01 27648 -----n--- C:\WINDOWS\system32\lftga10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-03-15 08:19:01 33280 -----n--- C:\WINDOWS\system32\lfpcx10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-03-15 08:19:01 31744 -----n--- C:\WINDOWS\system32\lflmb10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-03-15 08:19:01 99840 -----n--- C:\WINDOWS\system32\lfjbg10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-03-15 08:19:01 41984 -----n--- C:\WINDOWS\system32\lfgif10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-03-15 08:19:01 78336 -----n--- C:\WINDOWS\system32\lffax10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-03-15 08:19:00 271360 -----n--- C:\WINDOWS\system32\LFCMP10N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-03-15 08:19:00 34304 -----n--- C:\WINDOWS\system32\lfbmp10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-03-15 08:18:26 0 d-------- C:\Program Files\WYLDFYRE
2008-03-14 20:58:41 23040 --a------ C:\WINDOWS\system32\000090.exe
2008-02-29 16:18:58 0 d-------- C:\WINDOWS\.jagex_cache_32


-- Find3M Report ---------------------------------------------------------------

2008-03-22 16:44:43 0 d-------- C:\Documents and Settings\zoee\Application Data\SiteAdvisor
2008-03-22 10:17:50 0 d-------- C:\Program Files\QdrDrive
2008-03-20 19:54:43 0 d-------- C:\Program Files\PokerStars
2008-03-18 13:00:03 0 d-------- C:\Program Files\McAfee
2008-03-15 08:46:07 363 --a------ C:\Program Files\profile.ini
2008-03-15 08:44:53 1944 --a------ C:\Program Files\handshake_to.xml
2008-03-15 08:44:52 204 --a------ C:\Program Files\handshake_from.xml
2008-03-15 08:23:15 0 d-------- C:\Program Files\Common Files
2008-03-15 08:23:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-25 19:01:47 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-23 14:37:01 41724 ---hs---- C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
2008-02-19 21:24:10 0 d-------- C:\Program Files\Lavasoft
2008-02-19 21:22:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-10 14:34:31 0 d-------- C:\Documents and Settings\zoee\Application Data\LimeWire
2008-02-07 08:36:43 0 d-------- C:\Program Files\Common Files\Intuit
2008-02-07 08:36:01 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-02-07 08:34:25 0 d-------- C:\Program Files\Intuit
2008-02-07 08:28:41 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-02-05 10:46:39 0 d-------- C:\Program Files\Microsoft.NET
2008-02-05 10:46:30 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-02-01 22:45:00 0 d-------- C:\Program Files\QuickTime
2008-02-01 09:29:47 0 d-------- C:\Documents and Settings\zoee\Application Data\Help
2008-01-31 18:02:57 0 d-------- C:\Program Files\Dell AIO Printer A940
2008-01-30 16:44:24 0 d-------- C:\Program Files\SiteAdvisor
2008-01-27 16:41:10 0 d-------- C:\Program Files\Common Files\McAfee
2008-01-27 16:40:36 0 d-------- C:\Program Files\McAfee.com
2008-01-25 21:42:32 0 d-------- C:\Documents and Settings\zoee\Application Data\Sun
2008-01-23 18:19:02 0 d-------- C:\Documents and Settings\zoee\Application Data\ArcSoft
2008-01-23 12:51:25 61678 --a------ C:\Documents and Settings\zoee\Application Data\PFP110JPR.{PB
2008-01-23 12:51:25 12358 --a------ C:\Documents and Settings\zoee\Application Data\PFP110JCM.{PB
2008-01-23 12:51:17 0 d-------- C:\Documents and Settings\zoee\Application Data\Corel
2008-01-18 11:46:06 140288 ---hs---- C:\Program Files\Common Files\Yazzle1552OinAdmin.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8041E642-8CFC-4720-BC9D-D2DB8904286F}]
03/06/2008 04:45 PM 204800 --a------ C:\Program Files\QdrDrive\QdrDrive12.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82E5E2FF-9260-4d88-B0C6-7CC358C5D418}]
C:\Program Files\QdrDrive\QdrDrive11.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 10:33 PM]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [07/22/2007 08:29 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"IMprocess"="C:\DOCUME~1\zoee\LOCALS~1\Temp\IMAdvertiser.EXE" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" []
"QdrModule12"="C:\Program Files\QdrModule\QdrModule12.exe" []
"QdrModule13"="C:\Program Files\QdrModule\QdrModule13.exe" [03/06/2008 05:22 PM]
"QdrPack14"="C:\Program Files\QdrPack\QdrPack14.exe" [03/13/2008 01:02 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2/9/2006 2:56:28 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""




-- End of Deckard's System Scanner: finished at 2008-03-22 19:14:40 ------------
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt
=======================
Then::
Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#9
pest control

pest control

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
exuse me, when i extracted my mcaffe coems up with a "potenitally unwanted program detected" its called Prcveiwer


are you giving me a virus?
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
WHy would I do that?

Some of the tools we use are detected becuse they are removal tools and have process viewer's and process stoppers to kill the malware.
Antivirus programs cannot distinguish between bad or good.
That is why it is detected.

Edited by kahdah, 22 March 2008 - 09:26 PM.

  • 0

Advertisements


#11
pest control

pest control

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
please tell me why i need combofix and howw do i disable my virus protection, i belive i only have mcaffe but honestly maybe i have another one
  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You need Combofix because you are infected.
This program helps to remove the infections that you have.
Would you like to keep the infections instead of running what I ask you to?

All you have to do is disable MCafee.
You do not have anything else running.

Look at the link I provided within the Combofix instructions.
It will show you how to disable mcafee.


this link
  • 0

#13
pest control

pest control

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
m so sorry for these stupid questions, but i belive the list is outdated, i do not have that type of mcafee and it doesint give me the same options
  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok can you tell me what version you have please?
  • 0

#15
pest control

pest control

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
i have mcaffe securitycenter
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP