[Closed] My topic was closed due to inactivity but I still need h

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

[Closed] My topic was closed due to inactivity but I still need h

Options

Xtremeyaya View Member Profile	May 25 2008, 05:46 PM Post #1
New Member Group: New Member Posts: 2 Joined: 20-May 08 Member No.: 79,152 Operating System: Windows XP	I'm sorry I was so slow in getting this done before the other thread was closed. My first thread was called: Please I need help! Can't get rid of Smitfraud-C It was posted on May 20th. I have finally gotten the things done that I was instructed to do on that thread. I was asked to complete those steps and then post a log from ComboFix as well as a new HiJackThis log. They are included here. Thank you again for your help! It is most sincerely appreciated! ComboFix 08-05-21.3 - Compaq_Owner 2008-05-25 18:04:38.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.108 [GMT -5:00] Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\d.exe C:\ftklhae.exe C:\Program Files\Google\googletoolbar1.dll C:\Program Files\internet explorer\msimg32.dll C:\WINDOWS\cookies.ini C:\WINDOWS\mpfanvqg.dll C:\WINDOWS\privacy_danger C:\WINDOWS\privacy_danger\images\capt.gif C:\WINDOWS\privacy_danger\images\danger.jpg C:\WINDOWS\privacy_danger\images\down.gif C:\WINDOWS\privacy_danger\images\spacer.gif C:\WINDOWS\privacy_danger\index.htm C:\WINDOWS\system32\agsycffc.ini C:\WINDOWS\system32\ahnnanyb.dll C:\WINDOWS\system32\AybKUvut.ini C:\WINDOWS\system32\AybKUvut.ini2 C:\WINDOWS\system32\bihdakln.ini C:\WINDOWS\system32\bpotjqtv.ini C:\WINDOWS\system32\btxdjdth.ini C:\WINDOWS\system32\bynannha.ini C:\WINDOWS\system32\cffcysga.dll C:\WINDOWS\system32\CISBcJjl.ini C:\WINDOWS\system32\CISBcJjl.ini2 C:\WINDOWS\system32\dvumtvwr.dll C:\WINDOWS\system32\f3PSSavr.scr C:\WINDOWS\system32\gqyjyjni.ini C:\WINDOWS\system32\irernjkm.dll C:\WINDOWS\system32\kplmpify.ini C:\WINDOWS\system32\kTBaHRqr.ini C:\WINDOWS\system32\kTBaHRqr.ini2 C:\WINDOWS\system32\ljJcBSIC.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mkjnreri.ini C:\WINDOWS\system32\moXFNqss.ini C:\WINDOWS\system32\moXFNqss.ini2 C:\WINDOWS\system32\MVwGOqss.ini C:\WINDOWS\system32\MVwGOqss.ini2 C:\WINDOWS\system32\nnnlkiGy.dll C:\WINDOWS\system32\OnoVyyay.ini C:\WINDOWS\system32\OnoVyyay.ini2 C:\WINDOWS\system32\pWEhQtwa.ini C:\WINDOWS\system32\pWEhQtwa.ini2 C:\WINDOWS\system32\rarwtnbn.ini C:\WINDOWS\system32\rwvtmuvd.ini C:\WINDOWS\system32\sclkiryt.ini C:\WINDOWS\system32\slnyqjhv.ini C:\WINDOWS\system32\swsrjewb.ini C:\WINDOWS\system32\TwaycMoq.ini C:\WINDOWS\system32\TwaycMoq.ini2 C:\WINDOWS\system32\TwGhOnpo.ini C:\WINDOWS\system32\TwGhOnpo.ini2 C:\WINDOWS\system32\vhjqynls.dll C:\WINDOWS\system32\yzbgqap.sys D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_yzbgqap ((((((((((((((((((((((((( Files Created from 2008-04-25 to 2008-05-25 ))))))))))))))))))))))))))))))) . 2008-05-24 23:44 . 2008-05-24 23:44 91,136 --a------ C:\WINDOWS\system32\nbntwrar.dll 2008-05-23 03:49 . 2008-05-23 04:04 <DIR> d-------- C:\Program Files\Magic Ball 2 New Worlds 2008-05-22 04:57 . 2008-05-22 04:57 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\iWinArcade 2008-05-20 00:07 . 2008-05-20 00:49 <DIR> d-------- C:\Program Files\Easy SpyRemover 2008-05-19 15:32 . 2006-02-02 12:17 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS 2008-05-19 15:32 . 2006-02-02 12:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit 2008-05-19 15:32 . 2008-05-19 15:32 <DIR> d-------- C:\Documents and Settings\Administrator 2008-05-19 01:55 . 2008-05-19 01:55 118 --a------ C:\WINDOWS\system32\MRT.INI 2008-05-17 01:14 . 2008-05-17 01:14 294 --ahs---- C:\WINDOWS\system32\jelxseao.ini 2008-05-16 06:57 . 2008-05-16 06:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee 2008-05-15 15:38 . 2008-05-17 03:34 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\wsInspector 2008-05-15 14:53 . 2008-05-15 14:56 <DIR> d-------- C:\Program Files\Startup Inspector for Windows 2008-05-15 14:40 . 2008-05-15 14:40 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Uniblue 2008-05-15 14:16 . 2008-05-15 14:16 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SoftwareDetectionScripts 2008-05-15 04:31 . 2008-05-15 04:31 <DIR> d-------- C:\WINDOWS\system32\FxsTmp 2008-05-13 21:57 . 2008-05-13 21:57 1,508,319 --ahs---- C:\WINDOWS\system32\npljlfsw.tmp 2008-05-12 15:06 . 2008-05-12 15:06 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\McAfee 2008-05-11 23:29 . 2008-05-19 14:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-11 22:44 . 2008-05-12 00:30 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\TmpRecentIcons 2008-05-11 22:17 . 2008-05-11 22:38 <DIR> d-------- C:\WINDOWS\privacy_danger(2) 2008-05-11 21:24 . 2008-05-13 00:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-05-11 21:24 . 2008-05-13 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-11 17:07 . 2008-05-11 17:07 0 --a------ C:\d1.exe 2008-05-11 17:06 . 2008-05-11 17:06 1 --a------ C:\WINDOWS\system32\kr_done1de 2008-05-11 17:06 . 2008-05-11 17:06 0 --a------ C:\704608571 2008-05-11 17:04 . 2008-05-09 19:14 94,208 --a------ C:\WINDOWS\oadkxrts.exe 2008-05-08 14:20 . 2008-05-14 17:57 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Jarte 2008-05-08 14:19 . 2008-05-08 14:19 <DIR> d-------- C:\Program Files\Jarte 2008-05-08 09:33 . 2008-05-08 09:34 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-05-06 13:36 . 2008-05-06 13:36 <DIR> d-------- C:\Program Files\Apple Software Update 2008-05-06 03:35 . 2008-05-15 04:13 <DIR> d-------- C:\Program Files\AOL Games 2008-05-01 00:21 . 2008-05-01 00:21 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\FUJIFILM 2008-04-25 05:58 . 2008-05-11 23:08 <DIR> d-------- C:\Program Files\Ascentive 2008-04-25 05:58 . 2008-04-17 16:22 208,896 --a------ C:\WINDOWS\system32\ConTest.dll 2008-04-25 05:58 . 2007-10-17 10:19 20,480 --a------ C:\WINDOWS\system32\SysRestore.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-25 23:06 --------- d-----w C:\Program Files\Google 2008-05-25 07:46 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\WeatherBug 2008-05-23 22:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-22 09:56 --------- d-----w C:\Program Files\iWin Games 2008-05-22 09:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\iWin Games 2008-05-21 23:22 --------- d-----w C:\Program Files\Waterbugs 2008-05-21 18:14 0 ----a-w C:\Program Files\temp01 2008-05-21 18:14 --------- d-----w C:\Program Files\bfgclient 2008-05-21 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache 2008-05-21 13:27 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-19 19:46 --------- d-----w C:\Program Files\InterActual 2008-05-19 19:44 --------- d-----w C:\Program Files\GamesBar 2008-05-15 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream 2008-05-15 09:28 --------- d-----w C:\Program Files\WaterBugsTrial_at 2008-05-15 09:27 --------- d-----w C:\Program Files\Yahoo! 2008-05-15 09:25 --------- d-----w C:\Program Files\Verizon 2008-05-15 09:25 --------- d-----w C:\Program Files\Common Files\Motive 2008-05-15 09:23 --------- d-----w C:\Program Files\Common Files\SupportSoft 2008-05-15 09:22 --------- d-----w C:\Program Files\Yahoo! Games 2008-05-15 09:22 --------- d-----w C:\Program Files\GameHouse 2008-05-15 09:22 --------- d-----w C:\Program Files\Family Games 2008-05-15 09:20 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Netscape 2008-05-15 05:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive 2008-05-12 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2008-05-12 03:57 --------- d-----w C:\Program Files\WildTangent 2008-05-08 14:31 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM 2008-05-05 05:18 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Image Zone Express 2008-05-02 07:07 --------- d-----w C:\Program Files\McAfee 2008-04-25 10:24 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Alawar 2008-04-14 06:12 --------- d-----w C:\Program Files\StarDefender3_at 2008-04-14 06:12 --------- d-----w C:\Program Files\iWin.com 2008-04-14 06:11 --------- d-----w C:\Program Files\Platypus2_at 2008-04-14 06:11 --------- d-----w C:\Program Files\MSN Games 2008-04-14 06:11 --------- d-----w C:\Program Files\Comcast Play Games 2008-04-14 06:09 --------- d-----w C:\Program Files\JewelQuestSolitaire_at 2008-04-14 06:07 --------- d-----w C:\Program Files\Disney Interactive 2008-04-14 06:07 --------- d-----w C:\Program Files\Common Files\Oberon Media 2008-04-14 06:06 --------- d-----w C:\Program Files\HP Games 2008-04-09 05:10 --------- d-----w C:\Program Files\support.com 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2006-05-24 17:42 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2006-06-24 03:33 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dbef30-d24c-4440-a125-d14e837a1438}] C:\WINDOWS\system32\rqRHaBTk.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{165908b8-b702-48b3-9a1b-3d508b3e2a56}] C:\WINDOWS\system32\ssqOGwVM.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1e169ed2-1351-4a8f-a4ed-a6878345d169}] C:\WINDOWS\system32\qoMcyawT.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37b1f29b-b1e7-4e9b-96d8-42b2f07f6061}] C:\WINDOWS\system32\tuvUKbyA.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F9D9BD2-81A1-4C45-8EB2-F79949565B4A}] C:\WINDOWS\system32\ssqNFXom.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76428a17-5630-4758-a7da-bb48d06aa2f6}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81181460-1347-4837-b521-a8be1f46f045}] C:\WINDOWS\system32\awtQhEWp.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88ebbe0b-5ff8-4b84-b043-71a216374a5b}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af49a2-94f3-42bd-f434-2604812c897d}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{df47fcfb-aa32-4ecc-9f32-c99e30385af3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f1770803-06ef-4474-9e85-891c9914381d}] C:\WINDOWS\system32\opnOhGwT.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{C17C95A8-9A32-4250-8F46-D7DFBB4B4947}"= "C:\WINDOWS\pvnsmfor.dll" [ ] [HKEY_CLASSES_ROOT\clsid\{c17c95a8-9a32-4250-8f46-d7dfbb4b4947}] [HKEY_CLASSES_ROOT\pvnsmfor.1] [HKEY_CLASSES_ROOT\TypeLib\{85116C11-B265-4635-8FD8-A500007A6915}] [HKEY_CLASSES_ROOT\pvnsmfor] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2004-11-08 17:13 1597440] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PCDrProfiler"="" [] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 12:29 249856] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-28 14:14 185632] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 18:14 237568] "29ff7994"="C:\WINDOWS\system32\vtqjtopb.dll" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 20:47 8720384] C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\ iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-05-22 04:56:45 107520] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-02-02 11:31:58 27136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-02-02 12:22:10 36903] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "mpfanvqg"= {EE9F88A1-9C64-4048-B352-BA93F3951A7E} - C:\WINDOWS\mpfanvqg.dll [ ] "vbksrofa"= {1EAD03F3-1577-4209-816B-70DC2EFC4020} - C:\WINDOWS\vbksrofa.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlkiGy] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\Yahoo! Games\\Ancient Tripeaks\\Tripeaks.exe"= "C:\\Program Files\\iWin Games\\iWinGames.exe"= "C:\\Program Files\\iWin Games\\WebUpdater.exe"= "C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= S2 MyWebSearchService;My Web Search Service;C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [] S3 GameConsoleService;GameConsoleService;"C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe" [2007-08-21 12:00] S3 PRISM_USB;Linksys Wireless-B USB Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\LSPMUSB.sys [2003-10-02 01:47] . Contents of the 'Scheduled Tasks' folder "2008-05-12 16:48:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-05-15 06:00:03 C:\WINDOWS\Tasks\McDefragTask.job" - c:\program files\mcafee\mqc\QcConsol.exe' "2008-05-01 06:00:12 C:\WINDOWS\Tasks\McQcTask.job" - c:\program files\mcafee\mqc\QcConsol.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-25 18:17:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\McAfee\MBK\MBackMonitor.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe C:\PROGRA~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MpfSrv.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\WINDOWS\system32\HPZipm12.exe C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\PROGRA~1\McAfee\MSC\mcuimgr.exe . ************************************************************************ . Completion time: 2008-05-25 18:24:19 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-25 23:24:11 Pre-Run: 77,099,659,264 bytes free Post-Run: 77,167,132,672 bytes free 280 --- E O F --- 2008-05-19 06:57:27 New HijackThis Log: Logfile of HijackThis v1.99.1 Scan saved at 6:45:49 PM, on 5/25/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\McAfee\MBK\MBackMonitor.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\AWS\WeatherBug\Weather.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\WINDOWS\system32\HPZipm12.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\McAfee\MPS\mpsevh.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Netscape\Navigator 9\navigator.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568 O2 - BHO: (no name) - {06dbef30-d24c-4440-a125-d14e837a1438} - C:\WINDOWS\system32\rqRHaBTk.dll (file missing) O2 - BHO: (no name) - {165908b8-b702-48b3-9a1b-3d508b3e2a56} - C:\WINDOWS\system32\ssqOGwVM.dll (file missing) O2 - BHO: (no name) - {1e169ed2-1351-4a8f-a4ed-a6878345d169} - C:\WINDOWS\system32\qoMcyawT.dll (file missing) O2 - BHO: (no name) - {37b1f29b-b1e7-4e9b-96d8-42b2f07f6061} - C:\WINDOWS\system32\tuvUKbyA.dll (file missing) O2 - BHO: (no name) - {6F9D9BD2-81A1-4C45-8EB2-F79949565B4A} - C:\WINDOWS\system32\ssqNFXom.dll (file missing) O2 - BHO: (no name) - {81181460-1347-4837-b521-a8be1f46f045} - C:\WINDOWS\system32\awtQhEWp.dll (file missing) O2 - BHO: (no name) - {f1770803-06ef-4474-9e85-891c9914381d} - C:\WINDOWS\system32\opnOhGwT.dll (file missing) O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll O3 - Toolbar: pvnsmfor - {C17C95A8-9A32-4250-8F46-D7DFBB4B4947} - C:\WINDOWS\pvnsmfor.dll (file missing) O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [29ff7994] rundll32.exe "C:\WINDOWS\system32\nbntwrar.dll",b O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe O8 - Extra context menu item: &Search - ?p=ZRfox000 O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: mpfanvqg - {EE9F88A1-9C64-4048-B352-BA93F3951A7E} - C:\WINDOWS\mpfanvqg.dll (file missing) O21 - SSODL: vbksrofa - {1EAD03F3-1577-4209-816B-70DC2EFC4020} - C:\WINDOWS\vbksrofa.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: MBackMonitor (mbackmonitor) - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe Please let me know if there is more for me to do. Thank you! Peace, Chrissy

LDTate View Member Profile	Jun 10 2008, 05:16 PM Post #2
Forum God Group: Root Admin Posts: 39,364 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Sorry about the delay in responding If you still need help, Scan again with HijackThis, and "copy/paste" a new log file into this thread. Also please describe how your computer behaves at the moment.

LDTate View Member Profile	Jun 15 2008, 09:37 AM Post #3
Forum God Group: Root Admin Posts: 39,364 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

« Next Oldest · HijackThis™ Logs and Infections Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
HijackThis™ Logs and Infections Removal [Resolved] How do I get rid of OFFERFORTODAY	8	ron_d	127	Today, 02:26 PM Last post by: Tomk
HijackThis™ Logs and Infections Removal [Resolved] Pretty sure Koobface virus has a hold of my laptop 12	20	xesist	183	Today, 01:42 PM Last post by: jpshortstuff
HijackThis™ Logs and Infections Removal [Resolved] Trojan.Vundo + Fixed part of it and now I get BUNCH of 12	15	Parth	124	Today, 10:29 AM Last post by: Rorschach112
HijackThis™ Logs and Infections Removal [Closed] HJT Log - Please help, so so many popups	6	Pepito00	79	Today, 09:00 AM Last post by: BHowett