Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] How do I remove Winable?


  • This topic is locked This topic is locked
12 replies to this topic

#1 Mike24970

Mike24970

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 06 November 2007 - 11:43 AM

I am in need of assistance. I am trying to clean up my brother-in-laws computer for him. One of the kids downloaded Viewpoint and possibly other programs that included adware/malware that allowed all kinds of pop-ups to virtually overrun their computer making it almost impossble for them to use the internet. They had allowed the anti-virus program subscription to expire and had no spyware or adware programs in place to protect the computer. I have installed an anti-virus program and Ad-Aware program. Ran scans with both and corrected everything that showed up. However, a couple of things showed up that have not been able to be removed Acoona and Winable. I performed an uninstall of the Viewpoint program but some files still exist. It is my understanding that the winable files are what is still allowing unwanted material into the computer. Whenever I connect to the internet something tries to change the internet security setting from medium high to the lowest setting. Eah time I connect to the internet, even for a short period of time, and then run a scan with Ad-Aware I have at least 50 to 70 additional infected files. I have been blocking these attempts but need a way to stop the attempts from happening. Any help that I can get in removing he winable program/files and any others that are causing this would be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 12:12:37 PM, on 11/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\ISP50\Bin\Bartshel.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\WinAble\winable.exe
C:\Documents and Settings\William E. McDowell\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\William E. McDowell\Application Data\Microsoft\Windows\iyewyq.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SiteAdvisor\SiteAdv.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {27CA9C29-FFAF-4527-9D5D-AC870CDF23EF} - \
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\tdesjmxf.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\zhwhbvkd.dll (file missing)
O2 - BHO: (no name) - {AC5343D8-7908-42DE-8BCB-2B5D905622B0} - C:\WINDOWS\system32\awtsp.dll (file missing)
O2 - BHO: (no name) - {C92B957B-4767-4E53-A63C-1E547C35F0C6} - C:\WINDOWS\system32\rqrppmj.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - (no file)
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\zhwhbvkd.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\BIN\PPCOLink -STATION
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\system32\PPCRunOnce.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\WILLIA~1.MCD\APPLIC~1\ICROSO~1\winlogon.exe" -vt yazb
O4 - HKCU\..\Run: [wfmo] C:\PROGRA~1\COMMON~1\wfmo\wfmom.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\William E. McDowell\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\William E. McDowell\Application Data\Microsoft\Windows\iyewyq.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0073611194362100) (0073611194362100mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP7361~1.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\imdrhgel.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 06 November 2007 - 06:21 PM

Hello Mike24970,

Welcome to the forum, let me tell ya, you have a real mess going on, :( you have a back door Trojan that is letting a lot of this stuff in, you also are infected with the Vundo trojan Lets do a few things.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall



Download VundoFix to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

C:\Program Files\Hijackthis\HijackThis.exe <---Go here and right click on the HJT Icon, (looks like a red stick of dynamite with a plunger) and rename it to Scanner.exe.


I need to see the Combofix log, the Vundo fix log and a new HJT log with it renamed please.

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 Mike24970

Mike24970

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 07 November 2007 - 09:13 AM

Attached are the files you requested. When running ComboFix I received several alert pop-ups from the McAfee program asking about programs wanting to access the internet or change security settings. I allowed access for the ones identified as being from the ComboFix program but a couple of others were for executable files that I could not recognize as having anything to do with the Combofix program. These files were not granted access. I hope I didn't screw things up. I ran the ComboFix program, there are two files resulting from this, the ComboFix Notepad log and the ComboFix Quarantine-file. Just in case I will attach a copy of each. When I ran the VundoFix program it said no files were found and there was nothing listed as C:/vundofix.txt . I did a search for the file and found a Notepad document saying no files found, which is attached. I want to thank you for your help with this problem.
Mike24970



ComboFix 07-11-07.3 - William E. McDowell 2007-11-07 8:21:41.1 - NTFSx86
Running from: C:\Documents and Settings\William E. McDowell\Desktop\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\William E. McDowell\Application Data\ICROSO~1
C:\Documents and Settings\William E. McDowell\Application Data\ICROSO~1\?icrosoft\
C:\Documents and Settings\William E. McDowell\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\William E. McDowell\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\William E. McDowell\Application Data\WinTouch\WTUninstaller.exe
C:\Documents and Settings\William E. McDowell\Favorites\Online Security Guide.lnk
C:\Documents and Settings\William E. McDowell\ResErrors.log
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\PopSwatr\History\allowed
C:\Program Files\FunWebProducts\PopSwatr\History\notallow
C:\Program Files\FunWebProducts\ScreenSaver\Images\0C190FA8.urr
C:\Program Files\inetget2
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\network monitor
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\Program Files\WinAble\winable.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fCOe
C:\Temp\fCOe\tOasF.log
C:\WINDOWS\b122.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\oTt02e
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\SYSTEM32\pstwa.bak1
C:\WINDOWS\SYSTEM32\pstwa.bak2
C:\WINDOWS\SYSTEM32\pstwa.tmp
C:\WINDOWS\system32\smante~1
C:\WINDOWS\system32\tdesjmxf.dll
C:\WINDOWS\system32\vtutq.dll
C:\WINDOWS\system32\wcpicomsv.exe
C:\WINDOWS\system32\zhwhbvkd.dllbox

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-10-07 to 2007-11-07 )))))))))))))))))))))))))))))))
.

2007-11-07 08:18 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-06 10:14 <DIR> C:\WINDOWS\LastGood.Tmp
2007-11-03 14:21 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-03 14:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-03 14:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-03 13:56 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-03 13:51 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-11-03 13:29 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-02 11:50 <DIR> d-------- C:\Documents and Settings\William E. McDowell\Application Data\Motive
2007-11-02 07:30 954,368 -ra------ C:\WINDOWS\SYSTEM32\hpotiop5.dll
2007-11-02 07:30 675,840 -ra------ C:\WINDOWS\SYSTEM32\hpowiax5.dll
2007-11-02 07:30 303,104 -ra------ C:\WINDOWS\SYSTEM32\hpovst12.dll
2007-11-02 07:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-11-02 07:29 267,864 -ra------ C:\WINDOWS\SYSTEM32\hpzids01.dll
2007-11-02 07:29 118,272 --a------ C:\WINDOWS\SYSTEM32\hpz3l5ha.dll
2007-11-02 07:28 <DIR> d----c--- C:\WINDOWS\SYSTEM32\DRVSTORE
2007-11-02 07:28 364,544 -ra------ C:\WINDOWS\SYSTEM32\hppldcoi.dll
2007-11-02 07:28 309,760 -ra------ C:\WINDOWS\SYSTEM32\difxapi.dll
2007-11-02 06:43 <DIR> d-------- C:\WINDOWS\pss
2007-11-01 20:24 <DIR> d-------- C:\Program Files\Windows Defender
2007-11-01 19:42 6,058,496 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-11-01 19:42 2,455,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2007-11-01 19:42 459,264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-11-01 19:42 383,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-11-01 19:42 267,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-11-01 19:42 63,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-11-01 19:42 52,224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-11-01 19:42 33,792 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll
2007-11-01 19:42 13,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-11-01 19:02 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-01 18:59 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-11-01 18:59 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-11-01 13:48 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-11-01 13:48 <DIR> d-------- C:\Documents and Settings\William E. McDowell\Application Data\SiteAdvisor
2007-11-01 13:44 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-11-01 13:39 171,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-11-01 13:39 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-11-01 13:39 37,480 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-11-01 13:39 34,184 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-11-01 13:39 32,008 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-11-01 13:38 109,608 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-11-01 13:33 <DIR> d-------- C:\Program Files\McAfee.com
2007-11-01 13:31 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-11-01 13:30 <DIR> d-------- C:\Program Files\McAfee
2007-11-01 12:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-01 11:44 <DIR> d-------- C:\Documents and Settings\William E. McDowell\Application Data\Verizon
2007-11-01 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Verizon
2007-11-01 11:43 <DIR> d-------- C:\WINDOWS\bin
2007-11-01 11:43 <DIR> d-------- C:\Documents and Settings\WILLIA~1\LOCALS~1
2007-11-01 11:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2007-11-01 11:25 <DIR> d-------- C:\Program Files\Common Files\Motive
2007-11-01 11:21 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-01 11:03 <DIR> d-------- C:\WINDOWS\DSL
2007-11-01 11:03 <DIR> d-------- C:\Program Files\Verizon
2007-11-01 10:59 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2007-11-01 08:34 <DIR> d-------- C:\WINDOWS\wfmo
2007-11-01 08:34 <DIR> d-------- C:\Program Files\Common Files\wfmo
2007-11-01 08:32 17,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sermouse.sys
2007-11-01 08:32 17,664 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sermouse.sys
2007-10-27 18:22 <DIR> d--hs---- C:\WINDOWS\V2lsbGlhbSBFLiBNY0Rvd2VsbA
2007-10-26 14:52 1,060,864 --a------ C:\WINDOWS\SYSTEM32\mfc71.dll
2007-10-26 14:52 89,088 --a------ C:\WINDOWS\SYSTEM32\atl71.dll
2007-10-24 08:36 144,385 --a------ C:\WINDOWS\SYSTEM32\xilclrra.dll
2007-10-23 08:21 144,385 --a------ C:\WINDOWS\SYSTEM32\krshdqiq.dll
2007-10-18 20:03 172,080 --a------ C:\WINDOWS\SYSTEM32\pmnnn.dll
2007-10-17 22:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\ib1
2007-10-17 22:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\cp1
2007-10-17 22:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\bo2
2007-10-17 22:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\ap1
2007-10-17 22:48 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-05 01:03 --------- d-----w C:\Program Files\The Holy Bible v2.0
2007-11-02 22:12 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-02 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-01 23:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-01 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-08-22 12:55 474,112 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
2007-08-22 12:55 151,040 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
2007-08-22 12:55 1,498,112 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
2007-08-22 12:55 1,054,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
2007-08-22 12:55 1,022,976 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2007-08-20 20:34 3,584,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-08-20 10:04 824,832 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-08-20 10:04 671,232 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-08-20 10:04 477,696 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-08-20 10:04 27,648 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-08-20 10:04 214,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-08-20 10:04 193,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-08-20 10:04 132,608 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-08-20 10:04 1,152,000 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-08-13 23:54 413,696 ----a-w C:\WINDOWS\SYSTEM32\vbscript.dll
2007-08-13 23:54 413,696 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\vbscript.dll
2007-08-13 23:54 191,488 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
2007-08-13 23:54 156,160 ----a-w C:\WINDOWS\SYSTEM32\msls31.dll
2007-08-13 23:54 156,160 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msls31.dll
2007-08-13 23:45 78,336 ----a-w C:\WINDOWS\SYSTEM32\ieencode.dll
2007-08-13 23:45 78,336 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieencode.dll
2007-08-13 23:44 69,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2007-08-13 23:44 40,960 ----a-w C:\WINDOWS\SYSTEM32\licmgr10.dll
2007-08-13 23:44 40,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\licmgr10.dll
2007-08-13 23:42 17,408 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\corpol.dll
2007-08-13 23:39 92,672 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
2007-08-13 23:39 71,680 ----a-w C:\WINDOWS\SYSTEM32\admparse.dll
2007-08-13 23:39 71,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\admparse.dll
2007-08-13 23:39 55,296 ----a-w C:\WINDOWS\SYSTEM32\iesetup.dll
2007-08-13 23:39 55,296 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iesetup.dll
2007-08-13 23:38 491,520 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
2007-08-13 23:36 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2007-08-13 23:36 36,352 ----a-w C:\WINDOWS\SYSTEM32\imgutil.dll
2007-08-13 23:36 36,352 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\imgutil.dll
2007-08-13 23:35 346,624 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2007-08-13 23:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\mshta.exe
2007-08-13 23:32 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshta.exe
2007-08-13 23:18 60,416 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\hmmapi.dll
2007-08-13 23:01 48,128 ----a-w C:\WINDOWS\SYSTEM32\mshtmler.dll
2007-08-13 23:01 48,128 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmler.dll
2005-03-29 21:17 56,584 ----a-w C:\Documents and Settings\William E. McDowell\Application Data\GDIPFONTCACHEV1.DAT
2003-12-17 23:23 0 ---ha-w C:\Documents and Settings\William E. McDowell\hpothb07.dat
2003-12-17 23:13 0 ---ha-w C:\Documents and Settings\William E. McDowell\Application Data\hpothb07.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27CA9C29-FFAF-4527-9D5D-AC870CDF23EF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]
2005-12-14 09:52 180224 --a------ C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC5343D8-7908-42DE-8BCB-2B5D905622B0}]
C:\WINDOWS\system32\awtsp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A8FB8EB3-183B-4598-924D-86F0E5E37085}"= C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll [2005-12-14 09:52 180224]

[HKEY_CLASSES_ROOT\CLSID\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]
[HKEY_CLASSES_ROOT\PeoplePC.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{994D628D-4D22-4DB9-B6DB-F7D9F1635817}]
[HKEY_CLASSES_ROOT\PeoplePC.Toolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 07:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 07:59]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 C:\WINDOWS\BCMSMMSG.exe]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 02:04]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 02:01]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 20:47]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-08-14 18:29]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-11-19 11:37]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2005-10-13 22:26]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 15:30]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 08:21]
"Bart Station"="C:\Program Files\ISP50\BIN\PPCOLink -STATION" []
"PPCRunonce"="C:\WINDOWS\system32\PPCRunOnce.exe" [2004-06-29 17:46]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-16 08:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-30 23:49]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-06-06 18:52]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 15:20]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 15:30]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 14:08]
"wfmo"="C:\PROGRA~1\COMMON~1\wfmo\wfmom.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

S2 0073611194362100mcinstcleanup;McAfee Application Installer Cleanup (0073611194362100);C:\WINDOWS\TEMP\007361~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service

*Newly Created Service* - 0073611194362100MCINSTCLEANUP
.
Contents of the 'Scheduled Tasks' folder
"2004-02-22 17:11:42 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1069511551.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2007-11-01 18:36:39 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2007-11-01 18:36:38 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-11-07 13:37:27 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-07 08:34:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-07 8:44:36 - machine was rebooted
.
--- E O F ---


This is the ComboFix Quarantined-files Notepad document.

2003-01-30 13:52	  12073	--a------	C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\FAD.sys.vir
2004-04-01 17:06	  16	--a------	C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Settings\s_pid.dat.vir
2004-04-01 21:22	  1024	--a------	C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\History\search.vir
2004-04-02 09:35	  32768	--a------	C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\PopSwatr\History\notallow.vir
2004-04-03 11:00	  32768	--a------	C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\PopSwatr\History\allowed.vir
2004-06-16 20:34	  4	--a------	C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\ScreenSaver\ImagesC190FA8.urr.vir
2007-04-24 11:21	  9248	--a------	C:\Qoobox\Quarantine\C\Temp\1cb\syscheck.log.vir
2007-09-23 20:05	  279600	--a------	C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\pac.txt.vir
2007-10-17 22:51	  1858	--a------	C:\Qoobox\Quarantine\C\Temp\fCOe\tOasF.log.vir
2007-10-17 22:55	  145800	--a------	C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\vtutq.dll.vir
2007-10-24 09:20	  428792	--a------	C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\pstwa.bak1.vir
2007-10-24 09:24	  1184	--a------	C:\Qoobox\Quarantine\C\WINDOWS\cookies.ini.vir
2007-10-24 09:29	  77376	--a------	C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\tdesjmxf.dll.vir
2007-10-25 08:24	  53760	--a------	C:\Qoobox\Quarantine\C\WINDOWS\b122.exe.vir
2007-10-25 09:40	  97280	--a------	C:\Qoobox\Quarantine\C\WINDOWS\b147.exe.vir
2007-10-27 17:59	  0	--a------	C:\Qoobox\Quarantine\C\Program Files\Insider\Insider.exe.vir
2007-10-27 17:59	  0	--a------	C:\Qoobox\Quarantine\C\Program Files\Insider\UnInstall.exe.vir
2007-10-27 18:03	  61440	--a------	C:\Qoobox\Quarantine\C\Program Files\WinAble\winable.exe.vir
2007-11-01 08:35	  2	--a------	C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\wcpicomsv.exe.vir
2007-11-01 08:37	  2422	--a------	C:\Qoobox\Quarantine\C\Documents and Settings\William E. McDowell\ResErrors.log.vir
2007-11-01 08:50	  167424	--a------	C:\Qoobox\Quarantine\C\Documents and Settings\William E. McDowell\Application Data\WinTouch\WinTouch.exe.vir
2007-11-01 08:50	  48640	--a------	C:\Qoobox\Quarantine\C\Documents and Settings\William E. McDowell\Application Data\WinTouch\WTUninstaller.exe.vir
2007-11-01 11:09	  1268	--a------	C:\Qoobox\Quarantine\C\Documents and Settings\William E. McDowell\Favorites\Online Security Guide.lnk.vir
2007-11-01 14:16	  423215	--a------	C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\pstwa.bak2.vir
2007-11-01 15:42	  20640	--a------	C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\zhwhbvkd.dllbox.vir
2007-11-01 15:42	  413774	--a------	C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\pstwa.tmp.vir
2007-11-01 18:19	  177690	--a------	C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\NetMon\log.txt.vir
2007-11-01 18:19	  39	--a------	C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\NetMon\domains.txt.vir
2007-11-07 08:26	  161701	--a------	C:\Qoobox\Quarantine\catchme2007-11-07_ 83336.98.zip
2007-11-07 08:26	  2956	--a------	C:\Qoobox\Quarantine\Registry_backups\services_DomainService.reg.dat
2007-11-07 08:26	  370	--a------	C:\Qoobox\Quarantine\catchme.log
2007-11-07 08:26	  832	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_CMDSERVICE.reg.dat
2007-11-07 08:26	  846	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAINSERVICE.reg.dat
2007-11-07 08:26	  862	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_NETWORK_MONITOR.reg.dat


Folder PATH listing
Volume serial number is 301C-E931
C:\QOOBOX\QUARANTINE
|   catchme.log
|   catchme2007-11-07_ 83336.98.zip
|   
+---C
|   +---Documents and Settings
|   |   +---LocalService
|   |   |   \---Application Data
|   |   |	   \---NetMon
|   |   |			   domains.txt.vir
|   |   |			   log.txt.vir
|   |   |			   
|   |   \---William E. McDowell
|   |	   |   ResErrors.log.vir
|   |	   |   
|   |	   +---Application Data
|   |	   |   +---WinTouch
|   |	   |   |	   WinTouch.exe.vir
|   |	   |   |	   WTUninstaller.exe.vir
|   |	   |   |	   
|   |	   |   \---WinTouch.vir
|   |	   \---Favorites
|   |			   Online Security Guide.lnk.vir
|   |			   
|   +---Program Files
|   |   +---FunWebProducts
|   |   |   +---PopSwatr
|   |   |   |   \---History
|   |   |   |		   allowed.vir
|   |   |   |		   notallow.vir
|   |   |   |		   
|   |   |   \---ScreenSaver
|   |   |	   \---Images
|   |   |			   0C190FA8.urr.vir
|   |   |			   
|   |   +---Insider
|   |   |	   Insider.exe.vir
|   |   |	   UnInstall.exe.vir
|   |   |	   
|   |   +---MyWebSearch
|   |   |   \---bar
|   |   |	   +---History
|   |   |	   |	   search.vir
|   |   |	   |	   
|   |   |	   \---Settings
|   |   |			   s_pid.dat.vir
|   |   |			   
|   |   \---WinAble
|   |		   winable.exe.vir
|   |		   
|   +---Temp
|   |   +---1cb
|   |   |	   syscheck.log.vir
|   |   |	   
|   |   \---fCOe
|   |		   tOasF.log.vir
|   |		   
|   \---WINDOWS
|	   |   b122.exe.vir
|	   |   b147.exe.vir
|	   |   cookies.ini.vir
|	   |   
|	   \---SYSTEM32
|		   |   pac.txt.vir
|		   |   pstwa.bak1.vir
|		   |   pstwa.bak2.vir
|		   |   pstwa.tmp.vir
|		   |   tdesjmxf.dll.vir
|		   |   vtutq.dll.vir
|		   |   wcpicomsv.exe.vir
|		   |   zhwhbvkd.dllbox.vir
|		   |   
|		   \---DRIVERS
|				   FAD.sys.vir
|				   
\---Registry_backups
		LEGACY_CMDSERVICE.reg.dat
		LEGACY_DOMAINSERVICE.reg.dat
		LEGACY_NETWORK_MONITOR.reg.dat
		services_DomainService.reg.dat








VundoFix V6.5.11

Checking Java version...

Scan started at 8:51:45 AM 11/7/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...




Logfile of HijackThis v1.99.1
Scan saved at 9:18:08 AM, on 11/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ISP50\Bin\Bartshel.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hijackthis\Scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {27CA9C29-FFAF-4527-9D5D-AC870CDF23EF} - \
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O2 - BHO: (no name) - {AC5343D8-7908-42DE-8BCB-2B5D905622B0} - C:\WINDOWS\system32\awtsp.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - (no file)
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\BIN\PPCOLink -STATION
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\system32\PPCRunOnce.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [wfmo] C:\PROGRA~1\COMMON~1\wfmo\wfmom.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0073611194362100) (0073611194362100mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP7361~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Attached Files



#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 07 November 2007 - 11:50 AM

Your log looks so much better :thumbup:

Acoona Toolbar <-- See if you can uninstall this in the Add Remove Programs

PeoplePC\Toolbar <-- This one is causing some people grief, do you use PeoplePC ?? I suggest you uninstall this one also.
Read about it here
http://www.castlecop...al_Toolbar.html
http://www.spywareda...toolbar.dll.php

Uninstall these and post a new HJT log, we have a bit more to do but cant proceed until you let me know if you uninstalled these two, could not uninstall them, don't want to uninstall them

Ken :)

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#5 Mike24970

Mike24970

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 07 November 2007 - 02:50 PM

I used the Windows Add/Remove program in the Control Panel to remove the Acoona Toolbar previously (before sending the first log readouts). I have removed the PeoplePC Toolbar the same way at this time as you suggested. At this time there is no listing for Acoona or the PeoplePC toolbars in the Control Panel's Add/Remove . My brother-in-law's family use PeoplePC as their internet provider so I can't remove the whole program. What is next? Mike

#6 Mike24970

Mike24970

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 07 November 2007 - 02:56 PM

Here is the latest HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 3:51:22 PM, on 11/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ISP50\Bin\Bartshel.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\SiteAdvisor\SiteAdv.exe
C:\Program Files\Hijackthis\Scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {27CA9C29-FFAF-4527-9D5D-AC870CDF23EF} - \
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {AC5343D8-7908-42DE-8BCB-2B5D905622B0} - C:\WINDOWS\system32\awtsp.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\BIN\PPCOLink -STATION
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\system32\PPCRunOnce.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunOnce: [PPalUninstal] C:\WINDOWS\system32\ppaluninst.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [wfmo] C:\PROGRA~1\COMMON~1\wfmo\wfmom.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0073611194362100) (0073611194362100mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP7361~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

#7 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 07 November 2007 - 04:55 PM

Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad

File::
C:\WINDOWS\SYSTEM32\xilclrra.dll
C:\WINDOWS\SYSTEM32\krshdqiq.dll
C:\WINDOWS\SYSTEM32\pmnnn.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27CA9C29-FFAF-4527-9D5D-AC870CDF23EF}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]
2005-12-14 09:52 180224 --a------ C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC5343D8-7908-42DE-8BCB-2B5D905622B0}]
C:\WINDOWS\system32\awtsp.dll


[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A8FB8EB3-183B-4598-924D-86F0E5E37085}"= C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll [2005-12-14 09:52 180224]

[-HKEY_CLASSES_ROOT\CLSID\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]
[-HKEY_CLASSES_ROOT\PeoplePC.Toolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{994D628D-4D22-4DB9-B6DB-F7D9F1635817}]
[-HKEY_CLASSES_ROOT\PeoplePC.Toolbar]


Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.



Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

Most of these may be gone

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s

O2 - BHO: (no name) - {27CA9C29-FFAF-4527-9D5D-AC870CDF23EF} - \
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O2 - BHO: (no name) - {AC5343D8-7908-42DE-8BCB-2B5D905622B0} - C:\WINDOWS\system32\awtsp.dll (file missing)

O3 - Toolbar: (no name) - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - (no file)
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll

O4 - HKCU\..\Run: [wfmo] C:\PROGRA~1\COMMON~1\wfmo\wfmom.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.exe



Post the new Combofix log and a New HJT log and let me know how your system is running now??

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#8 Mike24970

Mike24970

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 07 November 2007 - 09:04 PM

I have completed the first section of your list things to do. Enclosed is a copy of the Combofix.txt and HijackThis logs. I will complete the remaining steps and post the new logs when completed. Mike

ComboFix 07-11-07.3 - William E. McDowell 2007-11-07 21:32:43.2 - NTFSx86
Running from: C:\Documents and Settings\William E. McDowell\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\William E. McDowell\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\SYSTEM32\krshdqiq.dll
C:\WINDOWS\SYSTEM32\pmnnn.dll
C:\WINDOWS\SYSTEM32\xilclrra.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\krshdqiq.dll
C:\WINDOWS\SYSTEM32\pmnnn.dll
C:\WINDOWS\SYSTEM32\xilclrra.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.

2007-11-07 08:51 <DIR> d-------- C:\VundoFix Backups
2007-11-07 08:18 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-03 14:21 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-03 14:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-03 14:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-03 13:56 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-03 13:51 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-11-03 13:29 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-02 11:50 <DIR> d-------- C:\Documents and Settings\William E. McDowell\Application Data\Motive
2007-11-02 07:30 954,368 -ra------ C:\WINDOWS\SYSTEM32\hpotiop5.dll
2007-11-02 07:30 675,840 -ra------ C:\WINDOWS\SYSTEM32\hpowiax5.dll
2007-11-02 07:30 303,104 -ra------ C:\WINDOWS\SYSTEM32\hpovst12.dll
2007-11-02 07:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-11-02 07:29 267,864 -ra------ C:\WINDOWS\SYSTEM32\hpzids01.dll
2007-11-02 07:29 118,272 --a------ C:\WINDOWS\SYSTEM32\hpz3l5ha.dll
2007-11-02 07:28 <DIR> d----c--- C:\WINDOWS\SYSTEM32\DRVSTORE
2007-11-02 07:28 364,544 -ra------ C:\WINDOWS\SYSTEM32\hppldcoi.dll
2007-11-02 07:28 309,760 -ra------ C:\WINDOWS\SYSTEM32\difxapi.dll
2007-11-02 06:43 <DIR> d-------- C:\WINDOWS\pss
2007-11-01 20:24 <DIR> d-------- C:\Program Files\Windows Defender
2007-11-01 19:42 6,058,496 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-11-01 19:42 2,455,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2007-11-01 19:42 459,264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-11-01 19:42 383,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-11-01 19:42 267,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-11-01 19:42 63,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-11-01 19:42 52,224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-11-01 19:42 33,792 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll
2007-11-01 19:42 13,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-11-01 19:02 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-01 18:59 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-11-01 18:59 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-11-01 13:48 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-11-01 13:48 <DIR> d-------- C:\Documents and Settings\William E. McDowell\Application Data\SiteAdvisor
2007-11-01 13:44 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-11-01 13:39 171,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-11-01 13:39 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-11-01 13:39 37,480 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-11-01 13:39 34,184 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-11-01 13:39 32,008 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-11-01 13:38 109,608 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-11-01 13:33 <DIR> d-------- C:\Program Files\McAfee.com
2007-11-01 13:31 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-11-01 13:30 <DIR> d-------- C:\Program Files\McAfee
2007-11-01 12:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-01 11:44 <DIR> d-------- C:\Documents and Settings\William E. McDowell\Application Data\Verizon
2007-11-01 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Verizon
2007-11-01 11:43 <DIR> d-------- C:\WINDOWS\bin
2007-11-01 11:43 <DIR> d-------- C:\Documents and Settings\WILLIA~1\LOCALS~1
2007-11-01 11:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2007-11-01 11:25 <DIR> d-------- C:\Program Files\Common Files\Motive
2007-11-01 11:21 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-01 11:03 <DIR> d-------- C:\WINDOWS\DSL
2007-11-01 11:03 <DIR> d-------- C:\Program Files\Verizon
2007-11-01 10:59 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2007-11-01 08:34 <DIR> d-------- C:\WINDOWS\wfmo
2007-11-01 08:34 <DIR> d-------- C:\Program Files\Common Files\wfmo
2007-11-01 08:32 17,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sermouse.sys
2007-11-01 08:32 17,664 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sermouse.sys
2007-10-27 18:22 <DIR> d--hs---- C:\WINDOWS\V2lsbGlhbSBFLiBNY0Rvd2VsbA
2007-10-26 14:52 1,060,864 --a------ C:\WINDOWS\SYSTEM32\mfc71.dll
2007-10-26 14:52 89,088 --a------ C:\WINDOWS\SYSTEM32\atl71.dll
2007-10-17 22:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\ib1
2007-10-17 22:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\cp1
2007-10-17 22:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\bo2
2007-10-17 22:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\ap1
2007-10-17 22:48 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-05 01:03 --------- d-----w C:\Program Files\The Holy Bible v2.0
2007-11-02 22:12 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-02 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-01 23:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-01 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2005-03-29 21:17 56,584 ----a-w C:\Documents and Settings\William E. McDowell\Application Data\GDIPFONTCACHEV1.DAT
2003-12-17 23:23 0 ---ha-w C:\Documents and Settings\William E. McDowell\hpothb07.dat
2003-12-17 23:13 0 ---ha-w C:\Documents and Settings\William E. McDowell\Application Data\hpothb07.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 07:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 07:59]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 C:\WINDOWS\BCMSMMSG.exe]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 02:04]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 02:01]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 20:47]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-08-14 18:29]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-11-19 11:37]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2005-10-13 22:26]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 15:30]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 08:21]
"Bart Station"="C:\Program Files\ISP50\BIN\PPCOLink -STATION" []
"PPCRunonce"="C:\WINDOWS\system32\PPCRunOnce.exe" [2004-06-29 17:46]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-16 08:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-30 23:49]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-06-06 18:52]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 15:20]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 15:30]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 14:08]
"wfmo"="C:\PROGRA~1\COMMON~1\wfmo\wfmom.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


.
Contents of the 'Scheduled Tasks' folder
"2004-02-22 17:11:42 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1069511551.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2007-11-01 18:36:39 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2007-11-01 18:36:38 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-11-08 02:44:45 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-07 21:40:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-07 21:50:26 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-07 08:44
.
--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 9:53:41 PM, on 11/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\ISP50\Bin\Bartshel.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\Scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\BIN\PPCOLink -STATION
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\system32\PPCRunOnce.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [wfmo] C:\PROGRA~1\COMMON~1\wfmo\wfmom.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0073611194362100) (0073611194362100mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP7361~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

#9 Mike24970

Mike24970

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 07 November 2007 - 09:49 PM

I have run the System scan Only and checked the R1 and 04 lines to be fixed. The other lines listed were not showing on the list. Attached are the Combofix and HJT logs that I ran after completing the Fix Checked step. The computer appears to be running much better now. The last Ad-Aware scan done a few minutes ago listed only a few tracking cookies. So far the alert pop-up showing a program wanting to change the internet security level has not re-appeared. All this looks so much better than a few days ago. Mike


Logfile of HijackThis v1.99.1
Scan saved at 10:11:28 PM, on 11/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Hijackthis\Scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\BIN\PPCOLink -STATION
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\system32\PPCRunOnce.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0073611194362100) (0073611194362100mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP7361~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe


ComboFix 07-11-07.3 - William E. McDowell 2007-11-07 22:13:01.3 - NTFSx86
Running from: C:\Documents and Settings\William E. McDowell\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.

2007-11-07 08:51 <DIR> d-------- C:\VundoFix Backups
2007-11-07 08:18 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-03 14:21 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-03 14:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-03 14:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-03 13:56 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-03 13:51 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-11-03 13:29 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-02 11:50 <DIR> d-------- C:\Documents and Settings\William E. McDowell\Application Data\Motive
2007-11-02 07:30 954,368 -ra------ C:\WINDOWS\SYSTEM32\hpotiop5.dll
2007-11-02 07:30 675,840 -ra------ C:\WINDOWS\SYSTEM32\hpowiax5.dll
2007-11-02 07:30 303,104 -ra------ C:\WINDOWS\SYSTEM32\hpovst12.dll
2007-11-02 07:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-11-02 07:29 267,864 -ra------ C:\WINDOWS\SYSTEM32\hpzids01.dll
2007-11-02 07:29 118,272 --a------ C:\WINDOWS\SYSTEM32\hpz3l5ha.dll
2007-11-02 07:28 <DIR> d----c--- C:\WINDOWS\SYSTEM32\DRVSTORE
2007-11-02 07:28 364,544 -ra------ C:\WINDOWS\SYSTEM32\hppldcoi.dll
2007-11-02 07:28 309,760 -ra------ C:\WINDOWS\SYSTEM32\difxapi.dll
2007-11-02 06:43 <DIR> d-------- C:\WINDOWS\pss
2007-11-01 20:24 <DIR> d-------- C:\Program Files\Windows Defender
2007-11-01 19:42 6,058,496 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-11-01 19:42 2,455,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2007-11-01 19:42 459,264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-11-01 19:42 383,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-11-01 19:42 267,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-11-01 19:42 63,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-11-01 19:42 52,224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-11-01 19:42 33,792 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll
2007-11-01 19:42 13,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-11-01 19:02 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-01 18:59 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-11-01 18:59 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-11-01 13:48 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-11-01 13:48 <DIR> d-------- C:\Documents and Settings\William E. McDowell\Application Data\SiteAdvisor
2007-11-01 13:44 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-11-01 13:39 171,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-11-01 13:39 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-11-01 13:39 37,480 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-11-01 13:39 34,184 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-11-01 13:39 32,008 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-11-01 13:38 109,608 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-11-01 13:33 <DIR> d-------- C:\Program Files\McAfee.com
2007-11-01 13:31 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-11-01 13:30 <DIR> d-------- C:\Program Files\McAfee
2007-11-01 12:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-01 11:44 <DIR> d-------- C:\Documents and Settings\William E. McDowell\Application Data\Verizon
2007-11-01 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Verizon
2007-11-01 11:43 <DIR> d-------- C:\WINDOWS\bin
2007-11-01 11:43 <DIR> d-------- C:\Documents and Settings\WILLIA~1\LOCALS~1
2007-11-01 11:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2007-11-01 11:25 <DIR> d-------- C:\Program Files\Common Files\Motive
2007-11-01 11:21 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-01 11:03 <DIR> d-------- C:\WINDOWS\DSL
2007-11-01 11:03 <DIR> d-------- C:\Program Files\Verizon
2007-11-01 10:59 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2007-11-01 08:34 <DIR> d-------- C:\WINDOWS\wfmo
2007-11-01 08:34 <DIR> d-------- C:\Program Files\Common Files\wfmo
2007-11-01 08:32 17,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sermouse.sys
2007-11-01 08:32 17,664 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sermouse.sys
2007-10-27 18:22 <DIR> d--hs---- C:\WINDOWS\V2lsbGlhbSBFLiBNY0Rvd2VsbA
2007-10-26 14:52 1,060,864 --a------ C:\WINDOWS\SYSTEM32\mfc71.dll
2007-10-26 14:52 89,088 --a------ C:\WINDOWS\SYSTEM32\atl71.dll
2007-10-17 22:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\ib1
2007-10-17 22:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\cp1
2007-10-17 22:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\bo2
2007-10-17 22:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\ap1
2007-10-17 22:48 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-05 01:03 --------- d-----w C:\Program Files\The Holy Bible v2.0
2007-11-02 22:12 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-02 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-01 23:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-01 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-08-22 12:55 474,112 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
2007-08-22 12:55 151,040 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
2007-08-22 12:55 1,498,112 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
2007-08-22 12:55 1,054,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
2007-08-22 12:55 1,022,976 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2007-08-20 20:34 3,584,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-08-20 10:04 824,832 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-08-20 10:04 671,232 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-08-20 10:04 477,696 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-08-20 10:04 27,648 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-08-20 10:04 214,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-08-20 10:04 193,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-08-20 10:04 132,608 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-08-20 10:04 1,152,000 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-08-13 23:54 413,696 ----a-w C:\WINDOWS\SYSTEM32\vbscript.dll
2007-08-13 23:54 413,696 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\vbscript.dll
2007-08-13 23:54 191,488 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
2007-08-13 23:54 156,160 ----a-w C:\WINDOWS\SYSTEM32\msls31.dll
2007-08-13 23:54 156,160 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msls31.dll
2007-08-13 23:45 78,336 ----a-w C:\WINDOWS\SYSTEM32\ieencode.dll
2007-08-13 23:45 78,336 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieencode.dll
2007-08-13 23:44 69,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2007-08-13 23:44 40,960 ----a-w C:\WINDOWS\SYSTEM32\licmgr10.dll
2007-08-13 23:44 40,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\licmgr10.dll
2007-08-13 23:42 17,408 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\corpol.dll
2007-08-13 23:39 92,672 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
2007-08-13 23:39 71,680 ----a-w C:\WINDOWS\SYSTEM32\admparse.dll
2007-08-13 23:39 71,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\admparse.dll
2007-08-13 23:39 55,296 ----a-w C:\WINDOWS\SYSTEM32\iesetup.dll
2007-08-13 23:39 55,296 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iesetup.dll
2007-08-13 23:38 491,520 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
2007-08-13 23:36 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2007-08-13 23:36 36,352 ----a-w C:\WINDOWS\SYSTEM32\imgutil.dll
2007-08-13 23:36 36,352 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\imgutil.dll
2007-08-13 23:35 346,624 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2007-08-13 23:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\mshta.exe
2007-08-13 23:32 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshta.exe
2007-08-13 23:18 60,416 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\hmmapi.dll
2007-08-13 23:01 48,128 ----a-w C:\WINDOWS\SYSTEM32\mshtmler.dll
2007-08-13 23:01 48,128 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmler.dll
2005-03-29 21:17 56,584 ----a-w C:\Documents and Settings\William E. McDowell\Application Data\GDIPFONTCACHEV1.DAT
2003-12-17 23:23 0 ---ha-w C:\Documents and Settings\William E. McDowell\hpothb07.dat
2003-12-17 23:13 0 ---ha-w C:\Documents and Settings\William E. McDowell\Application Data\hpothb07.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 07:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 07:59]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 C:\WINDOWS\BCMSMMSG.exe]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 02:04]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 02:01]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 20:47]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-08-14 18:29]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-11-19 11:37]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2005-10-13 22:26]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 15:30]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 08:21]
"Bart Station"="C:\Program Files\ISP50\BIN\PPCOLink -STATION" []
"PPCRunonce"="C:\WINDOWS\system32\PPCRunOnce.exe" [2004-06-29 17:46]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-16 08:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-30 23:49]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-06-06 18:52]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 15:20]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 15:30]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 14:08]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


.
Contents of the 'Scheduled Tasks' folder
"2004-02-22 17:11:42 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1069511551.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2007-11-01 18:36:39 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2007-11-01 18:36:38 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-11-08 02:44:45 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-07 22:16:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-07 22:19:15
C:\ComboFix2.txt ... 2007-11-07 21:50
C:\ComboFix3.txt ... 2007-11-07 08:44
.
--- E O F ---

#10 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 08 November 2007 - 04:07 AM

Good Morning Mike,

You have done well, all appears good :thumbup:


Download CCleaner from here to clean temp files from your computer.
  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location. Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.
*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!



  • Your Java is out of date and leaving your system vulnerable.
  • Go to your Add-Remove Programs in the Control Panel and uninstall any previous versions of Java (J2SE Runtime Environment)
  • It should have an icon next to it:
    Posted Image
    Select it and click Remove.
  • Reboot your system.
  • Then go to the Sun Microsystems and install the update
  • Java Runtime Environment Version 6 Update 3 <--This is what you need to download and install.
  • If you chose the online installation, it will prompt you to run the program.
  • If you chose the offline installation, you will be prompted to save the file and you can run it from wherever you saved it.
  • Then after install you can verify your installation here Sun Java Verify
I like to to do the offline installation and save the setup file in case I may need it in the future





System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

Turn off System Restore.
  • Right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore on all Drives.
  • Click Apply, and then click OK.

Reboot your computer


Turn ON System Restore.
  • Right-click My Computer.
  • ClickProperties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore on all Drives.
  • Click Apply, and then click OK.

Create a new Restore Point <-- Very Important
  • Go to Start/ Control Panel/ Performance and Maintenance/ System Restore/ Create a New Restore Point
    You need to go into the Control Panel and switch to Catagory View to be able to Create a New Restore Point
System Restore Tutorial <-- If you need it


Malware Complaints
Are you mad ? I mean really mad, seething mad, so mad your ready to spit, mad that you have taken your hard earned dollars to buy a computer only to have some Miscredents, Dirt Bags and Cyber Criminals install a malicious program on your computer without your knowledge or consent. You can post your complaint at the above site. If you live in the U.S.A. you can also report your grievance to your State Attorney Generals Office and the Federal Trade Commission's Bureau of Consumer Protection.




Here are some free programs to install, these are must haves to help keep you secure
  • Spybot Search and Destroy 1.5
    Check for Updates/ Immunize and run a Full System Scan on a regular basis.
  • Spyware Blaster It will prevent most spyware from ever being installed.
  • Spyware Guard It offers realtime protection from spyware installation attempts.
  • Win Patrol This program will warn you when any changes are being made to your system and give
    you the option to deny the change.
  • IE-Spyad
    IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads
    (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Firefox 2.0 It has more features and is a lot more secure than IE. It is a very easy and
    painless download and install, it will no way interfere with IE, you can use them both.
  • Zone Alarm Here is a free Firewall from Zone Labs, I
    wouldn't access the internet without it.

Glad we could help

Safe Surfn
Ken

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#11 Mike24970

Mike24970

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 08 November 2007 - 03:53 PM

Ken, thank you so much for your help. When I take my brother-in-law's computer back to him, I am definately recommending that he make a donation to help keep this site operating to help those of us that are less than technically proficient repair damage done by malicious software and viruses. Again, thank you. Mike

#12 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 08 November 2007 - 04:43 PM

Your more than welcome Mike, Stay well, Ken

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#13 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 18 November 2007 - 06:12 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users