Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hjack this review [RESOLVED]


  • This topic is locked This topic is locked

#1
computerneedhhelp

computerneedhhelp

    Member

  • Member
  • PipPip
  • 22 posts
here what i got from the scan thing
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:52 PM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.partypoke...nstallstart.htm
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {024A5B06-3904-4E0C-ABEE-50CBABE24356} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: {bc3bc464-eeeb-6408-7874-80ccfb1f2e21} - {12e2f1bf-cc08-4787-8046-beee464cb3cb} - (no file)
O2 - BHO: 0 - {15824DF4-6121-40BE-64B6-75A3D2CCF7ED} - C:\Program Files\ComPlus Applications\labu653.dll (file missing)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: LiveSearchClubToolbarBhoApp Class - {3D266504-0FBC-4d3f-9E7C-4077A77C7DC4} - C:\Program Files\Live Search Club Toolbar\LiveSearchClubToolbarBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - (no file)
O2 - BHO: (no name) - {AD1F39BA-9C59-484B-9429-602445C590E3} - (no file)
O2 - BHO: e404 helper - {DF47DD37-AC11-4A93-8E16-2B2364AF0897} - (no file)
O2 - BHO: (no name) - {F160D241-E8F5-47AB-A2D6-CAA59923D57D} - (no file)
O3 - Toolbar: Live Search Club Toolbar - {719D74AB-1AF9-43a1-8C62-D8750628D93E} - C:\Program Files\Live Search Club Toolbar\Toolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [VirusHeat 4.3] "C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.exe" /h
O4 - HKLM\..\Run: [Winupdate] C:\WINDOWS\system32:svchost.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - ?p=ZCxdm801MTUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinn...GamesLoader.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/...erInstaller.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1178924614812
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://runvirusscan.com/ols3/fscax.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinn...apit/swapit.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/installer.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...inematycoon.cab
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://candystand.co...acheManager.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/...ia.1.0.0.46.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g...d8_2_0_0_24.cab
O20 - Winlogon Notify: cbxyvtr - cbxyvtr.dll (file missing)
O20 - Winlogon Notify: fevnfmse - fevnfmse.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 12758 bytes

Edited by computerneedhhelp, 16 April 2008 - 08:31 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You have a rogue antispy plus sundry other elements here

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {024A5B06-3904-4E0C-ABEE-50CBABE24356} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: {bc3bc464-eeeb-6408-7874-80ccfb1f2e21} - {12e2f1bf-cc08-4787-8046-beee464cb3cb} - (no file)
O2 - BHO: 0 - {15824DF4-6121-40BE-64B6-75A3D2CCF7ED} - C:\Program Files\ComPlus Applications\labu653.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - (no file)
O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - (no file)
O2 - BHO: (no name) - {AD1F39BA-9C59-484B-9429-602445C590E3} - (no file)
O2 - BHO: e404 helper - {DF47DD37-AC11-4A93-8E16-2B2364AF0897} - (no file)
O2 - BHO: (no name) - {F160D241-E8F5-47AB-A2D6-CAA59923D57D} - (no file)
O4 - HKLM\..\Run: [VirusHeat 4.3] "C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.exe" /h
O4 - HKLM\..\Run: [Winupdate] C:\WINDOWS\system32:svchost.exe
O8 - Extra context menu item: &Search - ?p=ZCxdm801MTUS
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g...d8_2_0_0_24.cab
O20 - Winlogon Notify: cbxyvtr - cbxyvtr.dll (file missing)
O20 - Winlogon Notify: fevnfmse - fevnfmse.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
computerneedhhelp

computerneedhhelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
ty very so much
  • 0

#4
computerneedhhelp

computerneedhhelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
ComboFix it just goes in the tab well go off lol help
  • 0

#5
computerneedhhelp

computerneedhhelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
may i post three in arow here combofix.txt
ComboFix 08-04-16.5 - Owner 2008-04-17 18:30:13.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.107 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\ShoppingReport
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\Owner\Favorites\Online Security Guide.lnk
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\fevnfmse.dllbox
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
.
---- Previous Run -------
.
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\ActiveDesktop\bin\ActiveDesktopExe.exe
C:\Program Files\screensavers.com\SSSUninst.exe
C:\svchost.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\bkR11
C:\Temp\bkR11\ftCa.log
C:\WINDOWS\IA
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rex2
C:\WINDOWS\system32\tdidrv32.sys
C:\x.dat
C:\z.dat
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF
-------\Service_TnIDriver


((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
.

2008-04-16 20:50 . 2008-04-16 20:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-13 21:40 . 2008-04-16 08:08 <DIR> d-------- C:\Program Files\Cheat Engine
2008-04-13 21:40 . 2007-12-26 17:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-04-13 21:40 . 2007-12-26 17:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-04-13 20:13 . 2008-04-13 20:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-04-12 12:33 . 2008-04-13 20:00 <DIR> d-------- C:\Program Files\Cain
2008-04-09 19:49 . 2003-01-10 13:58 351,526 --a------ C:\WINDOWS\WBDDA34I.DLL
2008-04-02 20:06 . 2008-04-17 18:12 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-04-02 19:13 . 2008-04-02 19:22 <DIR> d-------- C:\Program Files\Iomatic
2008-04-02 19:13 . 2008-04-02 19:13 2,368 --a------ C:\WINDOWS\system32\SVKP.sys
2008-04-02 18:28 . 2008-04-02 18:28 <DIR> d-------- C:\Program Files\FreshDevices
2008-03-31 22:37 . 2008-03-31 22:37 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.008\Application Data\MySpace
2008-03-31 22:36 . 2008-03-31 22:36 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.008\Application Data\SiteAdvisor
2008-03-29 12:13 . 2008-03-29 12:13 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.008\Application Data\MSNInstaller
2008-03-29 12:13 . 2008-03-29 12:13 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.008\Application Data\MSN6
2008-03-29 11:16 . 2008-03-29 11:16 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.008\Application Data\Desktopicon
2008-03-29 10:58 . 2004-08-27 04:54 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.008\WINDOWS
2008-03-29 10:58 . 2005-08-12 09:25 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.008\Application Data\You've Got Pictures Screensaver
2008-03-29 10:58 . 2005-08-12 09:22 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.008\Application Data\SampleView
2008-03-29 10:58 . 2005-08-12 09:29 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.008\Application Data\McAfee
2008-03-29 10:58 . 2005-08-12 10:45 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.008\Application Data\CyberLink
2008-03-29 10:58 . 2005-10-31 18:29 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.008\Application Data\AOL
2008-03-29 10:58 . 2008-03-29 10:58 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.008
2008-03-29 10:53 . 2004-08-27 04:54 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.007\WINDOWS
2008-03-29 10:53 . 2008-03-29 10:53 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.007
2008-03-28 22:11 . 2004-08-27 04:54 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.006\WINDOWS
2008-03-28 22:11 . 2008-03-28 22:11 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.006
2008-03-28 21:40 . 2004-08-27 04:54 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.005\WINDOWS
2008-03-28 21:40 . 2008-03-28 21:40 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.005
2008-03-28 20:43 . 2004-08-27 04:54 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.004\WINDOWS
2008-03-28 20:43 . 2008-03-28 20:43 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.004
2008-03-28 20:15 . 2004-08-27 04:54 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.003\WINDOWS
2008-03-28 20:15 . 2008-03-28 20:15 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.003
2008-03-28 20:07 . 2004-08-27 04:54 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.002\WINDOWS
2008-03-28 20:07 . 2008-03-28 20:07 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.002
2008-03-28 19:56 . 2004-08-27 04:54 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.001\WINDOWS
2008-03-28 19:56 . 2008-03-28 19:56 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.001
2008-03-28 19:47 . 2004-08-27 04:54 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.000\WINDOWS
2008-03-28 19:47 . 2008-03-28 19:47 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.000
2008-03-28 19:26 . 2004-08-27 04:54 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4\WINDOWS
2008-03-28 19:26 . 2008-03-28 19:26 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4
2008-03-28 19:15 . 2004-08-27 04:54 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-03-28 19:15 . 2008-03-28 19:15 <DIR> d-------- C:\Documents and Settings\Administrator
2008-03-28 17:59 . 2008-03-28 17:59 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-03-28 17:49 . 2008-04-04 17:23 <DIR> d-------- C:\Program Files\Unlocker
2008-03-28 15:18 . 2008-04-17 18:48 12,727 --a------ C:\WINDOWS\system32\Config.MPF
2008-03-28 15:16 . 2008-04-02 20:56 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-03-28 15:16 . 2008-03-28 20:14 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-03-28 15:16 . 2008-03-28 15:16 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-03-28 15:16 . 2008-03-28 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-03-28 15:15 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-03-28 15:12 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-03-28 15:12 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-03-28 15:12 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-03-28 15:12 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-03-28 15:12 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-03-28 15:12 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-03-28 15:11 . 2008-03-28 15:12 <DIR> d-------- C:\Program Files\McAfee.com
2008-03-28 15:11 . 2008-04-13 13:29 <DIR> d-------- C:\Program Files\McAfee
2008-03-28 15:11 . 2008-03-28 15:12 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-03-28 14:01 . 2008-03-28 14:06 838 --a------ C:\WINDOWS\Active Setup Log.BAK
2008-03-28 10:42 . 2008-03-28 14:02 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-28 10:42 . 2008-03-28 14:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-26 19:09 . 2008-03-27 23:44 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-03-26 19:09 . 2008-03-27 23:44 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-03-25 13:43 . 2008-03-27 18:46 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-03-25 13:43 . 2008-03-25 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-25 13:17 . 2008-03-25 13:19 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-03-25 12:44 . 2008-03-27 13:41 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-25 12:40 . 2008-03-27 20:17 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-03-25 11:54 . 2008-03-25 11:54 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-03-25 10:59 . 2008-04-10 20:40 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-22 23:53 . 2008-04-10 18:21 <DIR> d-------- C:\Program Files\Loader
2008-03-22 19:48 . 2008-03-22 19:49 <DIR> d-------- C:\Program Files\Lottso Deluxe
2008-03-22 16:02 . 2008-03-22 16:02 <DIR> d-------- C:\Program Files\DNA
2008-03-22 16:02 . 2008-04-17 18:47 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DNA
2008-03-22 16:01 . 2008-03-22 16:02 <DIR> d-------- C:\Program Files\BitTorrent
2008-03-22 11:56 . 2008-03-22 11:56 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Desktopicon
2008-03-22 00:00 . 2008-03-25 10:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-21 23:38 . 2008-03-21 23:38 63 --a------ C:\WINDOWS\system\SysSD.dll
2008-03-21 22:23 . 2008-04-02 17:18 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-03-20 23:01 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-03-20 22:53 . 2008-04-10 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-20 21:43 . 2008-04-02 20:03 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 22:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\gtk-2.0
2008-04-16 04:06 --------- d-----w C:\Program Files\PokerStars
2008-04-11 01:27 --------- d-----w C:\Program Files\Microsoft Works
2008-04-02 22:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-02 20:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-03-29 23:47 --------- d-----w C:\Program Files\Java
2008-03-28 22:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-27 23:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-27 19:02 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-25 15:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-23 01:04 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSN6
2008-03-22 17:33 --------- d-----w C:\Program Files\eGames
2008-03-22 03:35 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-03-22 03:34 --------- d-----w C:\Program Files\LimeWire
2008-03-19 12:37 --------- d-----w C:\Program Files\Google
2008-03-15 03:24 946 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-03-13 03:42 --------- d-----w C:\Program Files\GIMP-2.0
2008-03-09 17:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\YXXTWFDBYG
2008-03-03 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\NTXTWFDBYG
2008-03-02 04:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\MySpace
2008-02-18 03:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-18 03:16 --------- d-----w C:\Program Files\Qwest
2008-02-18 03:11 205 ----a-w C:\UnInstall.dat
2008-02-07 04:38 30,976 ----a-w C:\WINDOWS\rascntrl.dll
2007-12-16 18:54 0 ----a-w C:\Program Files\CASINOAPP.EXE
2007-12-11 00:07 77 ----a-w C:\Documents and Settings\Owner\1729.bat
2007-12-11 00:07 36,864 ----a-w C:\Documents and Settings\Owner\services.exe
2007-12-10 23:17 77 ----a-w C:\Documents and Settings\Owner\4877.bat
2007-12-09 23:54 77 ----a-w C:\Documents and Settings\Owner\3498.bat
2007-12-09 23:01 77 ----a-w C:\Documents and Settings\Owner\5266.bat
2007-12-09 22:31 77 ----a-w C:\Documents and Settings\Owner\4722.bat
2007-12-09 15:50 77 ----a-w C:\Documents and Settings\Owner\6385.bat
2007-12-09 15:22 77 ----a-w C:\Documents and Settings\Owner\4433.bat
2007-12-09 02:45 77 ----a-w C:\Documents and Settings\Owner\5357.bat
2007-12-08 15:30 77 ----a-w C:\Documents and Settings\Owner\2823.bat
2007-12-08 01:44 77 ----a-w C:\Documents and Settings\Owner\5465.bat
2007-12-08 01:27 77 ----a-w C:\Documents and Settings\Owner\2220.bat
2007-12-08 01:06 77 ----a-w C:\Documents and Settings\Owner\3751.bat
2007-12-08 00:26 77 ----a-w C:\Documents and Settings\Owner\3459.bat
2007-12-07 23:40 77 ----a-w C:\Documents and Settings\Owner\4369.bat
2007-12-16 20:33 456,592 --sha-w C:\WINDOWS\system32\gjkkj.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D266504-0FBC-4d3f-9E7C-4077A77C7DC4}]
2007-08-10 03:00 217088 --a------ C:\Program Files\Live Search Club Toolbar\LiveSearchClubToolbarBho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{719D74AB-1AF9-43A1-8C62-D8750628D93E}"= "C:\Program Files\Live Search Club Toolbar\Toolbar.dll" [2007-08-10 03:00 1908736]

[HKEY_CLASSES_ROOT\clsid\{719d74ab-1af9-43a1-8c62-d8750628d93e}]
[HKEY_CLASSES_ROOT\LiveToolbar.LiveToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{7507B80F-C1DE-4b0a-A0BA-120C64075F11}]
[HKEY_CLASSES_ROOT\LiveToolbar.LiveToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2005-06-14 10:05 6856704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-10 20:17 288576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04 135168]
"VTTrayp"="VTtrayp.exe" [2004-06-22 04:57 143360 C:\WINDOWS\system32\VTTrayp.exe]
"VTTimer"="VTTimer.exe" [2004-10-01 18:31 53248 C:\WINDOWS\system32\VTTimer.exe]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2004-09-30 16:44 7957504]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 22:24 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-12 09:25 98304]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-03-28 09:18 57344]
"QUICKCARE"="C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" [2006-11-07 21:07 192512]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 20:09 842584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 00:10 15872]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 16:57 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Phantom EFX\\OnlineCasino\\bin\\Prelauncher.exe"=
"C:\\Program Files\\Phantom EFX\\OnlineCasino\\Launcher\\OLCLauncher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2008-04-02 19:13]
S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S1 tdidrv32.sys;tdidrv32.sys;C:\WINDOWS\system32\tdidrv32.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90851827-0f02-11da-bb7c-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D49A2992-890A-0494-1101-C070EA64EF23}]
C:\WINDOWS\system32:svchost.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-28 20:12:15 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-28 20:12:13 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 18:50:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32:svchost.exe 30208 bytes executable


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6253\saHook.dll
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\BigFix\BigFix.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-04-17 19:11:44 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-04-18 00:10:21

Pre-Run: 40,608,595,968 bytes free
Post-Run: 44,964,548,608 bytes free
.
2008-04-11 04:37:14 --- E O F ---
-------------------------------------------------------------------------------------------------------------------------------
hjack this new one txt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:29 PM, on 4/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\BigFix\BigFix.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.partypoke...nstallstart.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: LiveSearchClubToolbarBhoApp Class - {3D266504-0FBC-4d3f-9E7C-4077A77C7DC4} - C:\Program Files\Live Search Club Toolbar\LiveSearchClubToolbarBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Live Search Club Toolbar - {719D74AB-1AF9-43a1-8C62-D8750628D93E} - C:\Program Files\Live Search Club Toolbar\Toolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinn...GamesLoader.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/...erInstaller.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1178924614812
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://runvirusscan.com/ols3/fscax.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinn...apit/swapit.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/installer.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...inematycoon.cab
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://candystand.co...acheManager.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/...ia.1.0.0.46.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 11068 bytes

Edited by computerneedhhelp, 17 April 2008 - 06:19 PM.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

ComboFix it just goes in the tab well go off lol help

Could you please write in intelligible sentences please, as I did not understand a word of this. The Queens English will do :)

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
tdidrv32.sys
SVKP

File::
C:\Documents and Settings\Owner\4877.bat
C:\Documents and Settings\Owner\3498.bat
C:\Documents and Settings\Owner\5266.bat
C:\Documents and Settings\Owner\4722.bat
C:\Documents and Settings\Owner\6385.bat
C:\Documents and Settings\Owner\4433.bat
C:\Documents and Settings\Owner\5357.bat
C:\Documents and Settings\Owner\2823.bat
C:\Documents and Settings\Owner\5465.bat
C:\Documents and Settings\Owner\2220.bat
C:\Documents and Settings\Owner\3751.bat
C:\Documents and Settings\Owner\3459.bat
C:\Documents and Settings\Owner\4369.bat
C:\WINDOWS\system32\gjkkj.ini2
C:\Documents and Settings\Owner\1729.bat
C:\Documents and Settings\Owner\services.exe
C:\WINDOWS\system32\tdidrv32.sys 
C:\WINDOWS\system32\SVKP.sys 
C:\WINDOWS\system\SysSD.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D49A2992-890A-0494-1101-C070EA64EF23}]

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#7
computerneedhhelp

computerneedhhelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
ComboFix 08-04-16.5 - Owner 2008-04-18 16:22:55.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.219 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Owner\1729.bat
C:\Documents and Settings\Owner\2220.bat
C:\Documents and Settings\Owner\2823.bat
C:\Documents and Settings\Owner\3459.bat
C:\Documents and Settings\Owner\3498.bat
C:\Documents and Settings\Owner\3751.bat
C:\Documents and Settings\Owner\4369.bat
C:\Documents and Settings\Owner\4433.bat
C:\Documents and Settings\Owner\4722.bat
C:\Documents and Settings\Owner\4877.bat
C:\Documents and Settings\Owner\5266.bat
C:\Documents and Settings\Owner\5357.bat
C:\Documents and Settings\Owner\5465.bat
C:\Documents and Settings\Owner\6385.bat
C:\Documents and Settings\Owner\services.exe
C:\WINDOWS\system\SysSD.dll
C:\WINDOWS\system32\gjkkj.ini2
C:\WINDOWS\system32\SVKP.sys
C:\WINDOWS\system32\tdidrv32.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\1729.bat
C:\Documents and Settings\Owner\2220.bat
C:\Documents and Settings\Owner\2823.bat
C:\Documents and Settings\Owner\3459.bat
C:\Documents and Settings\Owner\3498.bat
C:\Documents and Settings\Owner\3751.bat
C:\Documents and Settings\Owner\4369.bat
C:\Documents and Settings\Owner\4433.bat
C:\Documents and Settings\Owner\4722.bat
C:\Documents and Settings\Owner\4877.bat
C:\Documents and Settings\Owner\5266.bat
C:\Documents and Settings\Owner\5357.bat
C:\Documents and Settings\Owner\5465.bat
C:\Documents and Settings\Owner\6385.bat
C:\Documents and Settings\Owner\services.exe
C:\WINDOWS\system\SysSD.dll
C:\WINDOWS\system32\gjkkj.ini2
C:\WINDOWS\system32\SVKP.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SVKP
-------\Legacy_TDIDRV32.SYS
-------\Service_SVKP
-------\Service_tdidrv32.sys


((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))
.

2008-04-18 08:13 . 2008-04-18 08:13 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-04-17 23:22 . 2008-04-17 23:22 <DIR> d-------- C:\Program Files\JitBit
2008-04-17 22:58 . 2008-04-17 23:17 <DIR> d-------- C:\Program Files\GrassSoft
2008-04-17 22:58 . 2008-04-17 22:58 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grasssoft
2008-04-17 22:58 . 2008-04-17 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grasssoft
2008-04-16 20:50 . 2008-04-16 20:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-13 21:40 . 2008-04-16 08:08 <DIR> d-------- C:\Program Files\Cheat Engine
2008-04-13 21:40 . 2007-12-26 17:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-04-13 21:40 . 2007-12-26 17:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-04-13 20:13 . 2008-04-13 20:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-04-12 12:33 . 2008-04-13 20:00 <DIR> d-------- C:\Program Files\Cain
2008-04-09 19:49 . 2003-01-10 13:58 351,526 --a------ C:\WINDOWS\WBDDA34I.DLL
2008-04-02 20:06 . 2008-04-18 08:06 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-04-02 19:13 . 2008-04-02 19:22 <DIR> d-------- C:\Program Files\Iomatic
2008-04-02 18:28 . 2008-04-02 18:28 <DIR> d-------- C:\Program Files\FreshDevices
2008-03-31 22:37 . 2008-03-31 22:37 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.008\Application Data\MySpace
2008-03-31 22:36 . 2008-03-31 22:36 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.008\Application Data\SiteAdvisor
2008-03-29 12:13 . 2008-03-29 12:13 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.008\Application Data\MSNInstaller
2008-03-29 12:13 . 2008-03-29 12:13 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.008\Application Data\MSN6
2008-03-29 11:16 . 2008-03-29 11:16 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.008\Application Data\Desktopicon
2008-03-29 10:58 . 2004-08-27 04:54 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.008\WINDOWS
2008-03-29 10:58 . 2005-08-12 09:25 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.008\Application Data\You've Got Pictures Screensaver
2008-03-29 10:58 . 2005-08-12 09:22 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.008\Application Data\SampleView
2008-03-29 10:58 . 2005-08-12 09:29 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.008\Application Data\McAfee
2008-03-29 10:58 . 2005-08-12 10:45 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.008\Application Data\CyberLink
2008-03-29 10:58 . 2005-10-31 18:29 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.008\Application Data\AOL
2008-03-29 10:58 . 2008-03-29 10:58 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.008
2008-03-29 10:53 . 2004-08-27 04:54 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.007\WINDOWS
2008-03-29 10:53 . 2008-03-29 10:53 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.007
2008-03-28 22:11 . 2004-08-27 04:54 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.006\WINDOWS
2008-03-28 22:11 . 2008-03-28 22:11 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.006
2008-03-28 21:40 . 2004-08-27 04:54 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.005\WINDOWS
2008-03-28 21:40 . 2008-03-28 21:40 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.005
2008-03-28 20:43 . 2004-08-27 04:54 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.004\WINDOWS
2008-03-28 20:43 . 2008-03-28 20:43 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.004
2008-03-28 20:15 . 2004-08-27 04:54 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.003\WINDOWS
2008-03-28 20:15 . 2008-03-28 20:15 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.003
2008-03-28 20:07 . 2004-08-27 04:54 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.002\WINDOWS
2008-03-28 20:07 . 2008-03-28 20:07 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.002
2008-03-28 19:56 . 2004-08-27 04:54 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.001\WINDOWS
2008-03-28 19:56 . 2008-03-28 19:56 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.001
2008-03-28 19:47 . 2004-08-27 04:54 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.000\WINDOWS
2008-03-28 19:47 . 2008-03-28 19:47 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4.000
2008-03-28 19:26 . 2004-08-27 04:54 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4\WINDOWS
2008-03-28 19:26 . 2008-03-28 19:26 <DIR> d-------- C:\Documents and Settings\Administrator.GAONA4
2008-03-28 19:15 . 2004-08-27 04:54 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-03-28 19:15 . 2008-03-28 19:15 <DIR> d-------- C:\Documents and Settings\Administrator
2008-03-28 17:59 . 2008-03-28 17:59 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-03-28 17:49 . 2008-04-04 17:23 <DIR> d-------- C:\Program Files\Unlocker
2008-03-28 15:18 . 2008-04-18 16:34 12,727 --a------ C:\WINDOWS\system32\Config.MPF
2008-03-28 15:16 . 2008-04-02 20:56 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-03-28 15:16 . 2008-03-28 20:14 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-03-28 15:16 . 2008-03-28 15:16 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-03-28 15:16 . 2008-03-28 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-03-28 15:15 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-03-28 15:12 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-03-28 15:12 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-03-28 15:12 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-03-28 15:12 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-03-28 15:12 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-03-28 15:12 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-03-28 15:11 . 2008-03-28 15:12 <DIR> d-------- C:\Program Files\McAfee.com
2008-03-28 15:11 . 2008-04-13 13:29 <DIR> d-------- C:\Program Files\McAfee
2008-03-28 15:11 . 2008-03-28 15:12 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-03-28 14:01 . 2008-03-28 14:06 838 --a------ C:\WINDOWS\Active Setup Log.BAK
2008-03-28 10:42 . 2008-03-28 14:02 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-28 10:42 . 2008-03-28 14:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-26 19:09 . 2008-03-27 23:44 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-03-26 19:09 . 2008-03-27 23:44 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-03-25 13:43 . 2008-03-27 18:46 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-03-25 13:43 . 2008-03-25 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-25 13:17 . 2008-03-25 13:19 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-03-25 12:44 . 2008-03-27 13:41 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-25 12:40 . 2008-03-27 20:17 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-03-22 23:53 . 2008-04-10 18:21 <DIR> d-------- C:\Program Files\Loader
2008-03-22 19:48 . 2008-03-22 19:49 <DIR> d-------- C:\Program Files\Lottso Deluxe
2008-03-22 16:02 . 2008-03-22 16:02 <DIR> d-------- C:\Program Files\DNA
2008-03-22 16:02 . 2008-04-18 16:15 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DNA
2008-03-22 16:01 . 2008-03-22 16:02 <DIR> d-------- C:\Program Files\BitTorrent
2008-03-22 11:56 . 2008-03-22 11:56 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Desktopicon
2008-03-22 00:00 . 2008-04-17 23:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-21 22:23 . 2008-04-02 17:18 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-03-20 23:01 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-03-20 22:53 . 2008-04-10 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-20 21:43 . 2008-04-02 20:03 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 04:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-17 22:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\gtk-2.0
2008-04-16 04:06 --------- d-----w C:\Program Files\PokerStars
2008-04-11 01:27 --------- d-----w C:\Program Files\Microsoft Works
2008-04-02 22:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-02 20:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-03-29 23:47 --------- d-----w C:\Program Files\Java
2008-03-28 22:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-27 19:02 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-25 15:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-23 01:04 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSN6
2008-03-22 17:33 --------- d-----w C:\Program Files\eGames
2008-03-22 03:35 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-03-22 03:34 --------- d-----w C:\Program Files\LimeWire
2008-03-19 12:37 --------- d-----w C:\Program Files\Google
2008-03-15 03:24 946 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-03-13 03:42 --------- d-----w C:\Program Files\GIMP-2.0
2008-03-09 17:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\YXXTWFDBYG
2008-03-03 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\NTXTWFDBYG
2008-03-02 04:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\MySpace
2008-02-18 03:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-18 03:16 --------- d-----w C:\Program Files\Qwest
2008-02-18 03:11 205 ----a-w C:\UnInstall.dat
2008-02-07 04:38 30,976 ----a-w C:\WINDOWS\rascntrl.dll
2007-12-16 18:54 0 ----a-w C:\Program Files\CASINOAPP.EXE
.

((((((((((((((((((((((((((((( [email protected]_19.09.43.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-17 23:49:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-18 21:34:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-17 21:57:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-18 17:32:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-17 21:57:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-18 17:32:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-17 21:57:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-18 17:32:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-17 23:52:17 40,960 ----a-w C:\WINDOWS\Temp\rtdrvmon.exe
+ 2008-04-18 21:36:48 40,960 ----a-w C:\WINDOWS\Temp\rtdrvmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D266504-0FBC-4d3f-9E7C-4077A77C7DC4}]
2007-08-10 03:00 217088 --a------ C:\Program Files\Live Search Club Toolbar\LiveSearchClubToolbarBho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{719D74AB-1AF9-43A1-8C62-D8750628D93E}"= "C:\Program Files\Live Search Club Toolbar\Toolbar.dll" [2007-08-10 03:00 1908736]

[HKEY_CLASSES_ROOT\clsid\{719d74ab-1af9-43a1-8c62-d8750628d93e}]
[HKEY_CLASSES_ROOT\LiveToolbar.LiveToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{7507B80F-C1DE-4b0a-A0BA-120C64075F11}]
[HKEY_CLASSES_ROOT\LiveToolbar.LiveToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2005-06-14 10:05 6856704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-10 20:17 288576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04 135168]
"VTTrayp"="VTtrayp.exe" [2004-06-22 04:57 143360 C:\WINDOWS\system32\VTTrayp.exe]
"VTTimer"="VTTimer.exe" [2004-10-01 18:31 53248 C:\WINDOWS\system32\VTTimer.exe]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2004-09-30 16:44 7957504]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 22:24 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-12 09:25 98304]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-03-28 09:18 57344]
"QUICKCARE"="C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" [2006-11-07 21:07 192512]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 20:09 842584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 00:10 15872]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 16:57 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Phantom EFX\\OnlineCasino\\bin\\Prelauncher.exe"=
"C:\\Program Files\\Phantom EFX\\OnlineCasino\\Launcher\\OLCLauncher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S2 0198521208524408mcinstcleanup;McAfee Application Installer Cleanup (0198521208524408);C:\WINDOWS\TEMP\019852~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90851827-0f02-11da-bb7c-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

*Newly Created Service* - 0198521208524408MCINSTCLEANUP
.
Contents of the 'Scheduled Tasks' folder
"2008-03-28 20:12:15 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-28 20:12:13 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 16:35:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6253\saHook.dll
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-04-18 16:57:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-18 21:56:11
ComboFix2.txt 2008-04-18 00:11:46

Pre-Run: 44,863,672,320 bytes free
Post-Run: 44,856,242,176 bytes free
.
2008-04-11 04:37:14 --- E O F ---



---------------------------------------------------------------------------------------------------------------------------------------------
hjack this review

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:22 PM, on 4/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\BigFix\BigFix.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.partypoke...nstallstart.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: LiveSearchClubToolbarBhoApp Class - {3D266504-0FBC-4d3f-9E7C-4077A77C7DC4} - C:\Program Files\Live Search Club Toolbar\LiveSearchClubToolbarBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Live Search Club Toolbar - {719D74AB-1AF9-43a1-8C62-D8750628D93E} - C:\Program Files\Live Search Club Toolbar\Toolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinn...GamesLoader.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/...erInstaller.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1178924614812
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://runvirusscan.com/ols3/fscax.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinn...apit/swapit.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/installer.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...inematycoon.cab
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://candystand.co...acheManager.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/...ia.1.0.0.46.cab
O23 - Service: McAfee Application Installer Cleanup (0198521208524408) (0198521208524408mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\019852~1.EXE (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 11206 bytes
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A final registry sweep now to see if anything is missing

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

How is your computer running now ?
  • 0

#9
computerneedhhelp

computerneedhhelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Malwarebytes' Anti-Malware 1.11
Database version: 652

Scan type: Quick Scan
Objects scanned: 46538
Time elapsed: 13 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 19
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1962c5bc-e475-465b-823b-133e711bceb9} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Enter Casino (Adware.Casino) -> Quarantined and deleted successfully.

Files Infected:
C:\Casino\Enter Casino\cactivex.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Enter Casino\casino.hlp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Enter Casino\directsounddriver.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Enter Casino\fileinfo.dat (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Enter Casino\fileinfo2.dat (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Enter Casino\fileinfo2r.dat (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Enter Casino\gdigraphdriver.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Enter Casino\h264dec.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Enter Casino\nvssd430.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Enter Casino\replace.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gjkkj.ini (Malware.Trace) -> Quarantined and deleted successfully.

here u go anything else u need im going to Restart now and check k
  • 0

#10
computerneedhhelp

computerneedhhelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
only firefox not dowloading
part could not be saved, because the source file could not be read.

Try again later, or contact the server administrator.

still everthing else works fine
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now do the following

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Then Uninstall and re-install Firefox

Let me know the result and how your computer is running

Log required : a final hijackthis log
  • 0

#12
computerneedhhelp

computerneedhhelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
hjackthis review
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:08 PM, on 4/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\BigFix\BigFix.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.partypoke...nstallstart.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: LiveSearchClubToolbarBhoApp Class - {3D266504-0FBC-4d3f-9E7C-4077A77C7DC4} - C:\Program Files\Live Search Club Toolbar\LiveSearchClubToolbarBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Live Search Club Toolbar - {719D74AB-1AF9-43a1-8C62-D8750628D93E} - C:\Program Files\Live Search Club Toolbar\Toolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinn...GamesLoader.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/...erInstaller.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1178924614812
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://runvirusscan.com/ols3/fscax.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinn...apit/swapit.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/installer.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...inematycoon.cab
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://candystand.co...acheManager.CAB
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/...ia.1.0.0.46.cab
O23 - Service: McAfee Application Installer Cleanup (0204231208614892) (0204231208614892mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\020423~1.EXE (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 11089 bytes


and im missing my paint thing lol im missing alot of things lol i need paint,adobe i check for more k
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

and im missing my paint thing lol im missing alot of things lol i need paint,adobe i check for more k

Is this the desktop icons or the programs themselves ?
  • 0

#14
computerneedhhelp

computerneedhhelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
i think paint program and adobe to desktop
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that is relatively easy to fix. Locate the program file e.g. C:\Program Files\Adobe\Adobe.exe then right click and select Send to then select desktop-shortcut repeat on all programmes

Now the best part of the day ----- Your log now appears clean :)

You may now delete the programs I had you download

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP