Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Worm.Win32.NetSky help?


  • This topic is locked This topic is locked
12 replies to this topic

#1 orca16588

orca16588

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 10 December 2007 - 06:38 PM

My computer started giving me messages last night about have this worm and keeps interfering with my finals work. I don't trust what pops up for trying to get rid of the virus, therefore I cam on here because you guys have greatly helped me before.

The main problem is the Worm.Win32.NetSky though a quick complete scan of how my computer runs would be beneficial because things have been running slower than usual over the past month and often times I've had to force quit some applications, including explorer.exe.

I use McAffee Security Center for protection and security issues. I also have on my computer AdAware SE and 6, Spybot, CC Cleaner (which I ran and restarted before I ran HijackThis), as well as SpywareBlaster. Thanks for all your assistance!




Here is my HijackThis log:


Logfile of HijackThis v1.99.1
Scan saved at 7:32:58, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Jupiter\wdservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0

\Apps\apdproxy.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stickies\Stickies.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.c.../*http://www.ya

hoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.c.../*http://www.ya

hoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL

= http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://us.rd.yahoo.c.../*http://www.ya

hoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.c.../*http://www.ya

hoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.c.../*http://www.ya

hoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://us.rd.yahoo.c.../*http://www.ya

hoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-

0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2

\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-

7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2

\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-

2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -

c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no

file)
O2 - BHO: OFK System - {F08487B1-AFEC-45CF-B2E9-D05DEE137D22} -

C:\WINDOWS\blopenvtok.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-

BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-

0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2

\yt.dll
O3 - Toolbar: The retnsrp - {9EF873D0-0259-4D2A-AA60-F61FA5B28FE8} -

C:\WINDOWS\retnsrp.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE"

/Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI

Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program

Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program

Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP

Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program

Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program

Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common

Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program

Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ProfileWatcher] C:\Program

Files\ProfileWatcher\profilewatcher.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program

Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program

Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BitTorrent] "C:\Program

Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Stickies] C:\Program Files\Stickies\Stickies.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program

Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!

\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2

\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0

\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My

Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program

Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary -

file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program

Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program

Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF

-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-

2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263}

- C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-

f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file

missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-

4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

(file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-

0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3

-B5C9-0050045C3C96} - C:\Program Files\Yahoo!

\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-

11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft

ProgressBar Control, version 5.0 (SP2)) -

http://download.mcaf...,80,22/ComCtl32

.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) - http://go.microsoft.com/fwlink/?

linkid=39204
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data

Collection Control) -

https://www.support....ActiveX/odc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com

Operating System Class) -

http://download.mcaf...,0,101/mcinsctl

.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl

Class) -

http://update.micros...rols/en/x86/cli

ent/muweb_site.cab?1134081331546
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr

Class) -

http://download.mcaf...0,26/mcgdmgr.ca

b
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Plug-in

1.5.0_05) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-

94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: nopzet - {4033E31D-6832-4F0B-8FC5-5E3397F0469C} -

C:\WINDOWS\nopzet.dll
O21 - SSODL: leorop - {E3E24925-039D-4980-958D-515531D888AE} -

C:\WINDOWS\leorop.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program

Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares

Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. -

C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program

Files\FolderSize\FolderSizeSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program

Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard

Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11

\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. -

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. -

C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. -

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. -

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1

\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. -

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. -

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee,

Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) -

McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. -

C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7

\Nero BackItUp\NBService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program

Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program

Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32

\HPZipm12.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner -

C:\Program Files\Jupiter\wdservice.exe

    Advertisements

Register to Remove


#2 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 12 December 2007 - 05:47 AM

Hello, and welcome to the forum.

My name is Simon V., and I'll be glad to help you with your computer problems.

Step 1

You have Word Wrap turned on, this is making your logs difficult to read.

  • Open Notepad.
  • Go to Format and untick Word Wrap.

Step 2

Please download SmitfraudFix (by S!ri).

  • Double-click on SmitfraudFix.exe. A screen will pop up. Select Option 1 (Search) by typing 1 and hit Enter. A text file will appear, which will list the infected files. Save it to a convenient location.
  • The log will also be saved here: C:\rapport.txt

Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Step 3

Open CCleaner. In the Left Pane, click Tools.

  • Verify that Uninstall is highlighted in color, or click on it.
  • In the lower right, click Save to Text File.
  • Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
  • You can leave the filename as install.txt.
  • Click Save.
  • Exit Ccleaner by clicking on the X button in the upper right of the CCleaner window.

Step 4

In your next reply, please post (make sure Word Wrap is turned off!):

  • the SmitfraudFix log (C:\rapport.txt)
  • the CCleaner Uninstall List (install.txt)
  • a new HijackThis log


#3 orca16588

orca16588

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 12 December 2007 - 01:57 PM

Ok here's the new HijackThis log


Logfile of HijackThis v1.99.1
Scan saved at 2:51:28, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stickies\Stickies.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Jupiter\wdservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: OFK System - {F08487B1-AFEC-45CF-B2E9-D05DEE137D22} - C:\WINDOWS\blopenvtok.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: The retnsrp - {9EF873D0-0259-4D2A-AA60-F61FA5B28FE8} - C:\WINDOWS\retnsrp.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Stickies] C:\Program Files\Stickies\Stickies.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcaf...22/ComCtl32.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://www.support....ActiveX/odc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134081331546
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.5.0_05) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: nopzet - {4033E31D-6832-4F0B-8FC5-5E3397F0469C} - C:\WINDOWS\nopzet.dll
O21 - SSODL: leorop - {E3E24925-039D-4980-958D-515531D888AE} - C:\WINDOWS\leorop.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\Jupiter\wdservice.exe


Here's the SmitFraudFix report


SmitFraudFix v2.260

Scan done at 14:47:22.92, Wed 12/12/2007
Run from C:\Documents and Settings\Michael Deibert\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stickies\Stickies.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Jupiter\wdservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Michael Deibert


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Michael Deibert\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MICHAE~1\FAVORI~1

C:\DOCUME~1\MICHAE~1\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\MICHAE~1\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\MICHAE~1\FAVORI~1\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\MICHAE~1\Desktop\Error Cleaner.url FOUND !
C:\DOCUME~1\MICHAE~1\Desktop\Privacy Protector.url FOUND !
C:\DOCUME~1\MICHAE~1\Desktop\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 802.11b/g WLAN - Packet Scheduler Miniport
DNS Server Search Order: 10.0.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E02B8687-5710-41EA-96B2-0FD29551C8CB}: DhcpNameServer=10.0.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E02B8687-5710-41EA-96B2-0FD29551C8CB}: DhcpNameServer=10.0.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E02B8687-5710-41EA-96B2-0FD29551C8CB}: DhcpNameServer=10.0.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



And here's the CCleaner list


1500Trb
1500_Help
1500
3DMark03
Ad-aware 6 Professional
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Illustrator CS
Adobe Photoshop 7.0
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.9
Adobe SVG Viewer 3.0
Adobe® Photoshop® Album Starter Edition 3.0
AiOSoftware
AiO_Scan
Apple Mobile Device Support
Apple Software Update
Ares 2.0.9
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audacity 1.3.0
AutoUpdate
AVS Disc Creator version 2.1
Blaze Media Pro
Broadcom 802.11 Wireless LAN Adapter
BufferChm
CCleaner (remove only)
Comcast Toolbar
Compatibility Pack for the 2007 Office system
Conexant AC-Link Audio
Copy
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CreativeProjectsTemplates
CreativeProjects
CueTour
Data Fax SoftModem with SmartCP
Destinations
Director
DivX Player
DivX
DocProc
DocumentViewer
Dolet Light for Finale 2006
DVD Shrink 3.2
DVDFab Decrypter 2.9.7.9
Fax
Finale 2006
Folder Size for Windows
Free iPod Video Converter 1.26
Free Mp3 Wma Converter V 1.4.0
GCom Broadcaster
Google Desktop
Google Earth Pro
Google Earth
Herbs
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB926239)
HP Extended Capabilities 4.7
HP Help and Support
HP Image Zone 4.7
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Wireless Assistant 1.01 A3
HPSystemDiagnostics
InstantShare
InterActual Player
InterVideo WinDVD
iPod for Windows 2006-03-23
IrfanView (remove only)
iSpQ VideoChat 7.5
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 7
Java™ 6 Update 2
Java™ 6 Update 3
Java™ SE Runtime Environment 6 Update 1
Jupiter
Kaspersky On-line Scanner
Logitech QuickCam Software
Logitech® Camera Driver
Macromedia Flash Player 8
Macromedia Shockwave Player
MarketResearch
McAfee SecurityCenter
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Money 2007
Microsoft Money Shared Libraries
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft Producer for Microsoft Office PowerPoint 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
MouseSoft Directory Size 1.1.23
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
muvee autoProducer 4.0 - SE
Nero 7 Essentials
Norton Spyware Scan - Yahoo!
Norton Spyware Scan provided by Yahoo!
Oblivion
Only Astrology
PanoStandAlone
PCFriendly
Pdf995
PdfEdit995
PerfectDisk
PhotoGallery
Picasa 2
ProductContext
QFolder
QuickTime
RCT3 Soaked
Readme
RealArcade
RealPlayer
REALTEK Gigabit and Fast Ethernet NIC Driver
RollerCoaster Tycoon® 3
Savings Bond Wizard
ScannerCopy
Scan
SDLDesktop Translator
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
SkinsHP1
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SoundCapture
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Stickies
Synaptics Pointing Device Driver
TaxCut Basic 2006
Texas Instruments PCIxx21/x515 drivers.
TIxx21
TrayApp
Trillian
Unload
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Viewpoint Media Player
WD Backup
WD Diagnostics
WD Firewire HID Driver
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
WinRAR archiver
WinZip
XP Codec Pack
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool
Yahoo! Photos Print-at-Home Tool
Yahoo! Toolbar

#4 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 12 December 2007 - 02:46 PM

Hi :)

I understand that downloading music and other files may be important to you; however, the Peer-to-Peer programs that you are using to do that, even if they are not infected with malware, will bring malware into your system. Therefore, the chances of you becoming infected again are very high. This obviously can result in disabling your computer and could even lead to someone stealing sensitive personal data from your computer. Beyond the inconvenience this causes you, these programs also tend to use your computer as a server to spread more infection all over the internet, so your computer becomes a part of the malware problem.

Remember that no matter how clean the program you're using for Peer-to-Peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via Peer-to-Peer filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Any program or file that offers you the ability to access non-freeware programs at no cost, e.g., pirated software and/or cracks/key generators for gaining access to legitimate software, is 100% guaranteed to contain malware.

Here is some information that looks at the rates of infection:

http://www.benedelman.org/spyware/p2p/

With that being said, I recommend that you remove the following Peer-to-Peer program(s):

Ares 2.0.9

Step 1

Click on Start, then Control Panel. Double click on Add or Remove Programs.

Please remove the following program(s):

  • J2SE Runtime Environment 5.0 Update 10
  • J2SE Runtime Environment 5.0 Update 11
  • J2SE Runtime Environment 5.0 Update 2
  • J2SE Runtime Environment 5.0 Update 6
  • J2SE Runtime Environment 5.0 Update 7
  • Java™ 6 Update 2
  • Java™ SE Runtime Environment 6 Update 1

Step 2

Please download and install AVG Anti-Spyware.

After the installation, open AVG Anti-Spyware and do the following:

  • Under Status, click on Change state, next to Resident shield (this will change from Active to Inactive)
  • Under the Update tab, click on Start update.
  • Under Scanner, click on the Settings tab:

  • Under How to act?, click on Recommended actions, and select Quarantine.
  • Under Reports, select Do not automatically generate reports.

Close AVG Anti-Spyware. Do not let it scan yet.

Note: If you have problems getting the update, you can download an installer for the full database here. Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed, then double-click on avgas-signatures-full-current.exe to install the database.

Step 3

Please download ATF Cleaner. Double-click on ATF-Cleaner.exe to start the program.

  • Under the Main tab, put a check next to Select All.
    Click the Empty Selected button. (Note: if you remove cookies, automated login at forums and sites will be disabled. If you do not want this, uncheck Cookies)
  • If you use the Firefox browser:
    Click on Firefox at the top and put a check next to Select All.
    If you would like to keep your saved passwords, click No at the prompt.
    Click the Empty Selected button. (Note: if you remove cookies, automated login at forums and sites will be disabled. If you do not want this, uncheck Cookies)
  • If you use the Opera browser:
    Click on Opera at the top and put a check next to Select All.
    If you would like to keep your saved passwords, click No at the prompt.
    Click the Empty Selected button. (Note: if you remove cookies, automated login at forums and sites will be disabled. If you do not want this, uncheck Cookies)

Step 4

Print these instructions or copy them to Notepad and save it to your desktop, as you won't be able to access internet in Safe Mode.

Please reboot into Safe Mode. To do this, go to Start > Turn off Computer, and select Restart. Rapidly tap F8 just before Windows starts to load. In the menu that appears, select Safe Mode (Without Networking).

Step 5

Double-click on Smifraudfix.exe.

  • A screen will pop up. Select Option 2 (Clean) by typing 2 and hit Enter.
  • You will be prompted: Registry Cleaning - Do you want to clean the registry? Answer Yes by typing Y and press Enter in order to clean registry keys associated with the infection.
  • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file; answer Yes by typing Y and hit Enter.
  • The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart Windows into Safe Mode.
  • A text file will appear onscreen, with results from the cleaning process; please save it to a convenient location. The report can also be found at C:\rapport.txt.

Note: running Option 2 (Clean) on a computer that is not infected will remove your desktop background.

Step 6

Please open AVG Anti-Spyware.

  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • After the scan, do the following:

    Important: Don't click on the Save Scan Report button before you hit the Apply all Actions button.
  • Make sure that Set all elements to: shows Quarantine (1). If not, click on the link and select Quarantine from the popup menu (2).
  • At the bottom of the window click on the Apply all Actions button (3).
  • When done, click the Save Report (4) button, and save the file to your desktop.

Posted Image

Reboot into Normal Mode.

Step 7

In your next reply, please post:

  • the SmitfraudFix report (C:\rapport.txt)
  • the AVG Anti-Spyware report
  • a new HijackThis log


#5 orca16588

orca16588

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 12 December 2007 - 08:59 PM

Here's the new logs:

Smitfraudfix report:

SmitFraudFix v2.260

Scan done at 16:46:24.68, Wed 12/12/2007
Run from C:\Documents and Settings\Michael Deibert\Desktop\Cleaning Spyware Stuff\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost





»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E02B8687-5710-41EA-96B2-0FD29551C8CB}: DhcpNameServer=10.0.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E02B8687-5710-41EA-96B2-0FD29551C8CB}: DhcpNameServer=10.0.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E02B8687-5710-41EA-96B2-0FD29551C8CB}: DhcpNameServer=10.0.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



here's the AVG report


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:31:34 12/12/2007

+ Scan result:



HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} -> Adware.LinkMaker : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} -> Adware.LinkMaker : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\svchost.com -> Downloader.Adload.bq : Cleaned with backup (quarantined).
:mozilla.162:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.150:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.220:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.97:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.119:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.120:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.121:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.122:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.48:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.74:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.41:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.61:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.62:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.52:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.174:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.175:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.176:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.44:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.230:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.181:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.182:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.183:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.184:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.185:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.186:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.54:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.60:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.63:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.68:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.77:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.78:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.80:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.81:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.172:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.173:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.223:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.45:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.46:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.47:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.289:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.290:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.291:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.293:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.153:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.155:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.156:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.157:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.158:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.227:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.100:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.64:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.65:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.66:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.67:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.69:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.191:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.256:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.98:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.49:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.53:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.55:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.56:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.57:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.59:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.70:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.71:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.50:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.58:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end



and here's a new HijackThis report

Logfile of HijackThis v1.99.1
Scan saved at 9:54:55, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Jupiter\wdservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stickies\Stickies.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: OFK System - {F08487B1-AFEC-45CF-B2E9-D05DEE137D22} - C:\WINDOWS\blopenvtok.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: The retnsrp - {9EF873D0-0259-4D2A-AA60-F61FA5B28FE8} - C:\WINDOWS\retnsrp.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Stickies] C:\Program Files\Stickies\Stickies.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.5.0_05) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: nopzet - {4033E31D-6832-4F0B-8FC5-5E3397F0469C} - C:\WINDOWS\nopzet.dll
O21 - SSODL: leorop - {E3E24925-039D-4980-958D-515531D888AE} - C:\WINDOWS\leorop.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\Jupiter\wdservice.exe



Hope this all helps

#6 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 13 December 2007 - 12:16 AM

Hi :)

Step 1

Please download SDFix and save it to your desktop.

Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows directory, typically C:\SDFix)

  • Print these instructions or copy them to Notepad and save it to your desktop, as you won't be able to access internet in Safe Mode.
  • Please reboot into Safe Mode. To do this, go to Start > Turn off Computer, and select Restart. Rapidly tap F8 just before Windows starts to load. In the menu that appears, select Safe Mode (Without Networking)

Once in Safe Mode, do the following:

  • Open the extracted SDFix folder and double-click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any trojan services and registry entries that it finds, then prompt you to press any key to reboot; press any key and it will restart the PC.
  • When the PC restarts SDFix will run again and complete the removal process then display Finished. Press any key to end the script and load your desktop icons.
  • Once the desktop icons load, the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to clipboard ready for posting back on the forum).

Step 2

In your next reply, please post:

  • the SDFix report (C:\SDFix\Report.txt)
  • a new HijackThis log


#7 orca16588

orca16588

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 13 December 2007 - 03:50 AM

Here is my SDFix log report:


SDFix: Version 1.118

Run by Michael Deibert on Thu 12/13/2007 at 04:07

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Documents and Settings\Michael Deibert\Desktop\Error Cleaner.url - Deleted
C:\Documents and Settings\Michael Deibert\Desktop\Cleaning Spyware Stuff\Error Cleaner.url - Deleted
C:\Documents and Settings\Michael Deibert\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\Michael Deibert\Desktop\Privacy Protector.url - Deleted
C:\Documents and Settings\Michael Deibert\Desktop\Cleaning Spyware Stuff\Privacy Protector.url - Deleted
C:\Documents and Settings\Michael Deibert\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\Michael Deibert\Desktop\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\Michael Deibert\Desktop\Cleaning Spyware Stuff\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\Michael Deibert\Favorites\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\system32\CatRoot\TMP1557.tmp - Deleted
C:\WINDOWS\system32\CatRoot\TMP155D.tmp - Deleted
C:\WINDOWS\system32\CatRoot\TMP2F.tmp - Deleted
C:\WINDOWS\system32\CatRoot\TMP5.tmp - Deleted
C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\ac8zt2.dat - Deleted
C:\lsass.exe - Deleted
C:\WINDOWS\blopenvtok.dll - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\jokvip.exe - Deleted
C:\WINDOWS\leorop.dll - Deleted
C:\WINDOWS\nopzet.dll - Deleted
C:\WINDOWS\retnsrp.dll - Deleted
C:\WINDOWS\search_res.txt - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 04:22:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{E02B8687-5710-41EA-96B2-0FD29551C8CB}\Parameters\Tcpip]
"DhcpIPAddress"="10.0.0.118"
"DhcpSubnetMask"="255.255.255.0"
"DhcpServer"="10.0.0.1"
"Lease"=dword:000005a0
"LeaseObtainedTime"=dword:4760f183
"T1"=dword:4760f453
"T2"=dword:4760f66f
"LeaseTerminatesTime"=dword:4760f723
"DhcpDefaultGateway"=str(7):"10.0.0.1\0"
"DhcpSubnetMaskOpt"=str(7):"255.255.255.0\0"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\xe1\21]
"DisplayName"="\xd4e8\x38e\xd4e8\x38e\1"
"DeviceDesc"="\xd4e8\x38e\xd4e8\x38e\1"
"ProviderName"="\xfed4\21\xee18\x7c90\xff44\21\b"
"MFG"="\x548"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\xe114\21\x80\xc010\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"d:\swsetup\video\sbdrv\smbus\smbusati.inf"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat 8 Apr 2006 417 A..H. --- "C:\Documents and Settings\Michael Deibert\IPH.BAK"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 22 Aug 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Fri 6 Jan 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 17 Aug 2007 114 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti12D.tmp"
Wed 7 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\Documents and Settings\Michael Deibert\Local Settings\Temp\BIT10F.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\Documents and Settings\Michael Deibert\Local Settings\Temp\BIT175.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\Documents and Settings\Michael Deibert\Local Settings\Temp\BIT1B6.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\Documents and Settings\Michael Deibert\Local Settings\Temp\BIT1C2.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\Documents and Settings\Michael Deibert\Local Settings\Temp\BIT20C.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\Documents and Settings\Michael Deibert\Local Settings\Temp\BIT215.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\Documents and Settings\Michael Deibert\Local Settings\Temp\BIT24E.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\Documents and Settings\Michael Deibert\Local Settings\Temp\BIT2B5.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\Documents and Settings\Michael Deibert\Local Settings\Temp\BIT3.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\Documents and Settings\Michael Deibert\Local Settings\Temp\BIT307.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\Documents and Settings\Michael Deibert\Local Settings\Temp\BIT5ED.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\Documents and Settings\Michael Deibert\Local Settings\Temp\BIT5FB.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\Documents and Settings\Michael Deibert\Local Settings\Temp\BIT632.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\Documents and Settings\Michael Deibert\Local Settings\Temp\BITC1.tmp"
Tue 11 Dec 2007 33,792 ...H. --- "C:\Documents and Settings\Michael Deibert\Application Data\Microsoft\Word\~WRL0418.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\Documents and Settings\Michael Deibert\Application Data\U3\temp\Launchpad Removal.exe"
Fri 6 Jan 2006 4,348 ...H. --- "C:\Documents and Settings\Michael Deibert\My Documents\My Music\License Backup\drmv1key.bak"
Wed 7 Feb 2007 20 ...H. --- "C:\Documents and Settings\Michael Deibert\My Documents\My Music\License Backup\drmv1lic.bak"
Sun 20 Aug 2006 488 A.SH. --- "C:\Documents and Settings\Michael Deibert\My Documents\My Music\License Backup\drmv2key.bak"
Fri 30 Mar 2007 26,624 ...H. --- "C:\Documents and Settings\Michael Deibert\My Documents\School\Clarion\Spring '07\French IV\~WRL0379.tmp"
Wed 1 Mar 2006 90,112 ...H. --- "C:\Documents and Settings\Michael Deibert\My Documents\School\Clarion\Fall '05\Modes of Discourse\Geertz Paper\~WRL1054.tmp"
Sun 23 Oct 2005 33,280 ...H. --- "C:\Documents and Settings\Michael Deibert\My Documents\School\Clarion\Fall '05\Modes of Discourse\Paper #2\~WRL0173.tmp"
Thu 30 Mar 2006 43,520 ...H. --- "C:\Documents and Settings\Michael Deibert\My Documents\School\Clarion\Fall '05\Modes of Discourse\Rodriguez Paper\~WRL2771.tmp"
Tue 5 Dec 2006 24,064 ...H. --- "C:\Documents and Settings\Michael Deibert\My Documents\School\Clarion\Fall '06\Honors - Slavery on the Screne\Final Project\~WRL1288.tmp"
Mon 4 Dec 2006 62,464 ...H. --- "C:\Documents and Settings\Michael Deibert\My Documents\School\Clarion\Fall '06\Play Directing\Speed The Play\~WRL0043.tmp"
Fri 17 Nov 2006 31,232 ...H. --- "C:\Documents and Settings\Michael Deibert\My Documents\School\Clarion\Fall '06\Play Directing\There's A Girl In My Soup\~WRL1913.tmp"
Mon 19 Apr 2004 54,784 ...H. --- "C:\Documents and Settings\Michael Deibert\My Documents\School\Hempfield Area\11th Grade\A.P. English\Author Projects\~WRL2787.tmp"
Wed 7 Apr 2004 44,032 ...H. --- "C:\Documents and Settings\Michael Deibert\My Documents\School\Hempfield Area\11th Grade\A.P. English\Author Projects\~WRL3879.tmp"
Mon 1 Dec 2003 35,840 ...H. --- "C:\Documents and Settings\Michael Deibert\My Documents\School\Hempfield Area\11th Grade\A.P. English\Reseach paper\~WRL0005.tmp"
Mon 1 Dec 2003 36,864 ...H. --- "C:\Documents and Settings\Michael Deibert\My Documents\School\Hempfield Area\11th Grade\A.P. English\Reseach paper\~WRL0821.tmp"
Mon 1 Dec 2003 49,152 ...H. --- "C:\Documents and Settings\Michael Deibert\My Documents\School\Hempfield Area\11th Grade\A.P. English\Reseach paper\~WRL1504.tmp"
Mon 1 Dec 2003 35,840 ...H. --- "C:\Documents and Settings\Michael Deibert\My Documents\School\Hempfield Area\11th Grade\A.P. English\Reseach paper\~WRL2148.tmp"
Mon 1 Dec 2003 37,376 ...H. --- "C:\Documents and Settings\Michael Deibert\My Documents\School\Hempfield Area\11th Grade\A.P. English\Reseach paper\~WRL3339.tmp"
Mon 1 Dec 2003 36,352 ...H. --- "C:\Documents and Settings\Michael Deibert\My Documents\School\Hempfield Area\11th Grade\A.P. English\Reseach paper\~WRL3511.tmp"

Finished!



And here is the new HijackThis Log:


Logfile of HijackThis v1.99.1
Scan saved at 4:40:38, on 12/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Jupiter\wdservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stickies\Stickies.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijackthis\Scan.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Stickies] C:\Program Files\Stickies\Stickies.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.5.0_05) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\Jupiter\wdservice.exe

#8 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 13 December 2007 - 05:28 AM

Hi :)

Step 1

Open HijackThis, perform a scan and put a check next to the following items (if present):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Close all programs except HijackThis and click on Fix checked.

Step 2

Please do an online scan with Kaspersky WebScanner.

Click on Kaspersky Online Scanner. On the welcome screen, click Accept.

You will be promted to install an ActiveX component from Kaspersky, click Install.

  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on Next.
  • Now click on Scan Settings.
  • In the scan settings make sure that the following are selected:

  • Scan using the following Anti-Virus database:

    Extended (if available, otherwise Standard)

  • Scan Options:

    Scan Archives
    Scan Mail Bases

  • Click OK.
  • Now under Select a Target to Scan:

    Select My Computer.

  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button and save the file to your desktop.

Step 3

In your next reply, please post:

  • the Kaspersky Online Scan report
  • a new HijackThis log
  • How is your computer running now?


#9 orca16588

orca16588

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 13 December 2007 - 10:43 AM

Here's the new Logs... the Kaspersky Report :

KASPERSKY ONLINE SCANNER REPORT
Thursday, December 13, 2007 11:36:37
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/12/2007
Kaspersky Anti-Virus database records: 481561
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 125027
Number of viruses found 6
Number of infected objects 10
Number of suspicious objects 0
Duration of the scan process 02:08:28

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{0812CDB4-1E04-4D1B-93A1-F06C16D6EDD8}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR3.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00000002.ps1 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00000002.ps2 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00010005.ci Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\cicat.fid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\cicat.hsh Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiCL0001.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiP10000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiP20000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiSL0001.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiSP0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiVP0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\INDEX.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\propstor.bk1 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\propstor.bk2 Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cert8.db Object is locked skipped
C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\history.dat Object is locked skipped
C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\key3.db Object is locked skipped
C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\parent.lock Object is locked skipped
C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Michael Deibert\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Michael Deibert\Desktop\Cleaning Spyware Stuff\SmitfraudFix\Reboot.exe Object is locked skipped
C:\Documents and Settings\Michael Deibert\Desktop\Cleaning Spyware Stuff\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Michael Deibert\Desktop\Cleaning Spyware Stuff\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Michael Deibert\Desktop\Cleaning Spyware Stuff\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Michael Deibert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Michael Deibert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael Deibert\Local Settings\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Michael Deibert\Local Settings\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Michael Deibert\Local Settings\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Michael Deibert\Local Settings\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Michael Deibert\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael Deibert\Local Settings\History\History.IE5\MSHist012007121320071214\index.dat Object is locked skipped
C:\Documents and Settings\Michael Deibert\Local Settings\Temp\~DF1523.tmp Object is locked skipped
C:\Documents and Settings\Michael Deibert\Local Settings\Temp\~DFA2C0.tmp Object is locked skipped
C:\Documents and Settings\Michael Deibert\Local Settings\Temp\~DFE868.tmp Object is locked skipped
C:\Documents and Settings\Michael Deibert\Local Settings\Temp\~WRF0000.tmp Object is locked skipped
C:\Documents and Settings\Michael Deibert\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Michael Deibert\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael Deibert\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Michael Deibert\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\ntboot.bat Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\SDFix\backups\backups.zip/backups/blopenvtok.dll Infected: not-a-virus:AdWare.Win32.Vapsup.qq skipped
C:\SDFix\backups\backups.zip/backups/leorop.dll Infected: not-a-virus:AdWare.Win32.Vapsup.qr skipped
C:\SDFix\backups\backups.zip/backups/nopzet.dll Infected: not-a-virus:AdWare.Win32.Vapsup.qs skipped
C:\SDFix\backups\backups.zip/backups/retnsrp.dll Infected: not-a-virus:AdWare.Win32.Vapsup.qt skipped
C:\SDFix\backups\backups.zip ZIP: infected - 4 skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\0001000A.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\winboot.bat Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\FP00000.SHD Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\FP00000.SPL Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\FP00001.SHD Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\FP00001.SPL Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\FP00002.SHD Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\FP00002.SPL Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\mcafee_6ie4eXpiBcqQoLh Object is locked skipped
C:\WINDOWS\temp\mcafee_P2WVsgAxxhbwH0R Object is locked skipped
C:\WINDOWS\temp\mcmsc_6IxYFouNKkTXVJa Object is locked skipped
C:\WINDOWS\temp\mcmsc_iLkIabQEa2MKCtO Object is locked skipped
C:\WINDOWS\temp\mcmsc_jMwBSjTiFwT3WRr Object is locked skipped
C:\WINDOWS\temp\mcmsc_PKsxyDf7npQwRlx Object is locked skipped
C:\WINDOWS\temp\mcmsc_Q9FDeJacqZnsU0O Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.


Here's the new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:35:55, on 12/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Jupiter\wdservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\Scan.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Stickies] C:\Program Files\Stickies\Stickies.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.5.0_05) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\Jupiter\wdservice.exe



My computer is doing ok.... the popups for that virus have stopped... however I had run stuff before and they went away but were back the next day. It is still slow to start up though, and explorer.exe will still occasionally take up most of the CPU speed.

#10 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 13 December 2007 - 11:20 AM

Hi :)

Navigate to the following files using Windows Explorer and delete them when found:

C:\ntboot.bat
C:\winboot.bat

For the slow startup, there are some programs that you can disable to run at startup. All the items that follow are optionals, and if you wish to keep one of them starting when Windows loads, don't check it in HijackThis.

Open HijackThis, perform a scan and put a check next to the following items (if present):

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Stickies] C:\Program Files\Stickies\Stickies.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe


Close all programs except HijackThis and click on Fix checked.

Also, see here for more information on how to improve your computer's performance.

Let me know whether that helped, and whether there are still problems with your computer. If not, I'll give you a few prevention tips to stay clean in the future.

#11 orca16588

orca16588

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 13 December 2007 - 01:18 PM

So far things have been going good... though I will check out that link for other options to keep things cleaned and running smoothly. If things come back again then I'll naturally post a new reply to this or depending on how long it's been, a new topic itself. Thanks for the help! Again you helped keep me here b/c the rapidity of the help and success I've had with this site. Hopefully I won't need to be back here again but I will if something arises. Thanks!

#12 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 13 December 2007 - 01:37 PM

I'm glad to hear your computer is running OK again :) Follow these simple steps to keep your computer clean in the future:

You can now delete the following programs:

  • SmitfraudFix
  • SDFix

Disable and Enable System Restore - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

Step 1: Turn off System Restore:

  • On the desktop, right-click My Computer
  • Click Properties
  • Click the System Restore tab
  • Check Turn off System Restore
  • Click Apply, and then click OK

Step 2: Reboot your computer.

Step 3: Turn on System Restore:

  • On the desktop, right-click My Computer
  • Click Properties
  • Click the System Restore tab
  • Uncheck Turn off System Restore
  • Click Apply, and then click OK

Note: Only do this once, NOT on a regular basis!

Make your Internet Explorer More Secure

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab.
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.

  • Change the Download signed ActiveX controls to Prompt.
  • Change the Download unsigned ActiveX controls to Disable.
  • Change the Initialise and script ActiveX controls not marked as safe to Disable.
  • Change the Installation of desktop items to Prompt.
  • Change the Launching programs and files in an IFRAME to Prompt.
  • Change the Navigate sub-frames across different domains to Prompt.
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.

  • Next press the Apply button and then the OK to exit the Internet Properties page.

Update your Anti-Virus Software - It is very imprtant that you update your anti-virus software at least once a week (even more if you wish). If you do not update your anti-virus software then it will not be able to catch any of the new variants that will come out.

Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Update all your programs regularly - Make sure you update all your security programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Stand Up and Be Counted! - Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints: Malware Complaints. You have to be registered to post. After registering just find your country room and register your complaint. The infection you had was Smitfraud.

#13 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 15 December 2007 - 07:57 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.Everyone else please begin a New Topic.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users