My PC will not let me delete the program called PC Anti Spyware and PC Cleaner. I found a similar topic concerning the same situation and I discovered, that I needed to post my own HiJack Log so you could see where the infections are.
Before reading all of the forums I had taken a few steps from what I thought could solve my problem from, http://forums.whatth...elp_t90580.html
I stopped once it asked me to post logs from the (C:ComboFix.txt). I pulled the logs and they were posted to my desktop but I had no idea where the heck to post them until i figured out I needed to begin my own discussion for help. I stopped the process once I discovered that I needed you all to see my logs since everyones is diffferent.
I am going to post three sets of logs:
The first log is combo fix.
The second log is the resultant logs from from running the combo, I think?
The third log is what I recently pulled once I got the correct instructions on how to proceed.
Please take a look and let me know what to do going forward.
Thanks in advance,
TheDiva
FIRST LOG__________________________________________________________________________
ComboFix 08-05-01.3 - Christopher Marks 2008-05-02 14:44:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.53 [GMT -4:00]
Running from: C:\Documents and Settings\Christopher Marks\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Christopher Marks\Desktop\blackbird.jpg
C:\Documents and Settings\Christopher Marks\Desktop\EditorFKWP1.5.exe
C:\Documents and Settings\Christopher Marks\Desktop\EditorFKWP2.0.exe
C:\Documents and Settings\Christopher Marks\Desktop\filemanagerclient.exe
C:\Documents and Settings\Christopher Marks\Desktop\fkwp1.5.exe
C:\Documents and Settings\Christopher Marks\Desktop\fkwp2.0.exe
C:\Documents and Settings\Christopher Marks\Desktop\fwebd.exe
C:\Documents and Settings\Christopher Marks\Desktop\FWebdEditor.exe
C:\Documents and Settings\Christopher Marks\Desktop\Trojan.Win32.BlackBird.exe
C:\Documents and Settings\Kelly\Desktop\blackbird.jpg
C:\Documents and Settings\Kelly\Desktop\EditorFKWP1.5.exe
C:\Documents and Settings\Kelly\Desktop\EditorFKWP2.0.exe
C:\Documents and Settings\Kelly\Desktop\filemanagerclient.exe
C:\Documents and Settings\Kelly\Desktop\fkwp1.5.exe
C:\Documents and Settings\Kelly\Desktop\fkwp2.0.exe
C:\Documents and Settings\Kelly\Desktop\fwebd.exe
C:\Documents and Settings\Kelly\Desktop\FWebdEditor.exe
C:\Documents and Settings\Kelly\Desktop\Trojan.Win32.BlackBird.exe
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\Program Files\video activex object
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdkpfxqw.dll
C:\WINDOWS\bdn.com
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\qadovnel.dll
C:\WINDOWS\spwoqbmv.exe
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\geBuVNHw.dll
C:\WINDOWS\system32\gQBegMoq.ini
C:\WINDOWS\system32\gQBegMoq.ini2
C:\WINDOWS\system32\jtlvugyj.ini
C:\WINDOWS\system32\jyguvltj.dll
C:\WINDOWS\system32\qoMgeBQg.dll
C:\WINDOWS\system32\rqRIaWPI.dll
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\tdxpoxhu.ini
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winsystem.exe
C:\WINDOWS\wxdbpfvo.dll
C:\WINDOWS\xbaqktfv.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
.
((((((((((((((((((((((((( Files Created from 2008-04-03 to 2008-05-03 )))))))))))))))))))))))))))))))
.
2008-05-02 14:28 . 2008-05-02 14:28 102,400 --a------ C:\WINDOWS\system32\zwngnizo.exe
2008-05-01 01:25 . 2008-05-01 01:25 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-01 00:39 . 2008-05-01 01:25 <DIR> d-------- C:\Program Files\SpywareBlaster(2)
2008-04-30 15:00 . 2008-05-01 01:25 <DIR> d-------- C:\Program Files\PC-Antispyware
2008-04-30 14:51 . 2008-04-30 14:51 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-04-29 23:35 . 2008-04-29 23:37 <DIR> d-------- C:\Documents and Settings\Kelly\Application Data\PC-Cleaner
2008-04-29 23:14 . 2008-04-29 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\creturmp
2008-04-29 23:14 . 2008-04-29 23:14 110,592 --a------ C:\WINDOWS\system32\ypafktgl.exe
2008-04-18 10:13 . 2008-05-01 00:51 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-17 10:36 . 2008-04-17 10:36 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-04-10 23:17 . 2008-04-10 23:17 <DIR> d-------- C:\Program Files\My Downloaded Games
2008-04-10 23:17 . 2008-04-10 23:17 <DIR> d-------- C:\Program Files\BoontyGames
2008-04-10 22:58 . 2008-04-10 22:58 <DIR> d-------- C:\Program Files\Oberon Media
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 01:38 --------- d-----w C:\Program Files\PestPatrol
2008-05-01 03:50 --------- d-----w C:\Program Files\SpywareGuard
2008-04-29 04:21 --------- d-----w C:\Documents and Settings\Christopher Marks\Application Data\Yahoo!
2008-04-22 10:41 --------- d-----w C:\Documents and Settings\Kelly\Application Data\Yahoo!
2008-04-21 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-21 13:11 --------- d-----w C:\Program Files\ComcastToolbar
2008-04-21 05:33 --------- d-----w C:\Documents and Settings\Guest\Application Data\COMCASTTOOLBAR
2008-04-18 14:07 0 ----a-w C:\Program Files\temp01
2008-04-18 13:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-17 03:26 --------- d-----w C:\Documents and Settings\Christopher Marks\Application Data\COMCASTTOOLBAR
2008-04-11 03:15 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2008-04-01 02:19 --------- d-----w C:\Documents and Settings\Kelly\Application Data\Ruckus Network
2008-03-29 19:57 --------- d-----w C:\Program Files\HP
2008-03-26 20:34 83,064 -c--a-w C:\Documents and Settings\Kelly\Application Data\GDIPFONTCACHEV1.DAT
2008-03-14 18:55 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-10-10 01:46 81,864 -c--a-w C:\Documents and Settings\Guest\Application Data\GDIPFONTCACHEV1.DAT
2007-08-03 18:54 34,008 -c--a-w C:\Documents and Settings\Christopher Marks\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"zqmgeygw"="C:\WINDOWS\system32\zwngnizo.exe" [2008-05-02 14:28 102400]
"pfthtosu"="C:\WINDOWS\system32\nqpaxktg.exe" [2008-05-02 21:38 102400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 07:10 81990]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 03:11 135251]
"PestPatrol Control Center"="C:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-11-15 11:49 98304]
"PestPatrolCL"="" []
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2006-04-05 12:44 684032]
"IPInSightLAN 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 01:52 380928]
"IPInSightMonitor 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 01:52 122880]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 07:53 148480]
"CookiePatrol"="C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 09:35 73728]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2002-07-17 07:59 143360]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2002-07-17 07:45 90112]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"3325d2af"="C:\WINDOWS\system32\uhxopxdt.dll" [ ]
C:\Documents and Settings\Kelly\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Microsoft Works Calendar Reminders.lnk - C:\WINDOWS\Installer\{9944aa9e-362d-11d3-81ab-00c04fb932ba}\1960F8A9.exe [2007-08-11 09:24:38 29184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"WdbieWlubR"= C:\Documents and Settings\All Users\Application Data\creturmp\srwdgxkd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBuVNHw]
geBuVNHw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gateway\\SRCD\\gwdl.exe"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Ruckus Player\\Ruckus.exe"=
S3 iAimFP8;iAimFP8;C:\WINDOWS\system32\DRIVERS\wADV11nt.sys [2002-07-23 09:01]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-26 18:23:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-09 12:42:03 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 21:36:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\nqpaxktg.exe 102400 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-05-02 21:44:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-03 01:44:42
Pre-Run: 86,677,200,896 bytes free
Post-Run: 87,550,517,248 bytes free
207 --- E O F --- 2008-04-09 07:13:03
SECOND LOG_____________________________________________________________________
ComboFix 08-05-01.3 - Christopher Marks 2008-05-05 16:23:49.2 - NTFSx86
Running from: C:\Documents and Settings\Christopher Marks\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Christopher Marks\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.
2008-05-05 16:21 . 2008-05-05 16:22 <DIR> d-------- C:\327882R2FWJFW
2008-05-05 16:12 . 2008-05-05 16:12 122,880 --a------ C:\WINDOWS\system32\xarohwzi.exe
2008-05-02 21:38 . 2008-05-02 21:38 102,400 --a------ C:\WINDOWS\system32\nqpaxktg.exe
2008-05-02 14:28 . 2008-05-02 14:28 102,400 --a------ C:\WINDOWS\system32\zwngnizo.exe
2008-05-01 01:25 . 2008-05-01 01:25 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-01 00:39 . 2008-05-01 01:25 <DIR> d-------- C:\Program Files\SpywareBlaster(2)
2008-04-30 15:00 . 2008-05-01 01:25 <DIR> d-------- C:\Program Files\PC-Antispyware
2008-04-30 14:51 . 2008-04-30 14:51 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-04-29 23:35 . 2008-04-29 23:37 <DIR> d-------- C:\Documents and Settings\Kelly\Application Data\PC-Cleaner
2008-04-29 23:14 . 2008-04-29 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\creturmp
2008-04-29 23:14 . 2008-04-29 23:14 110,592 --a------ C:\WINDOWS\system32\ypafktgl.exe
2008-04-18 10:13 . 2008-05-01 00:51 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-17 10:36 . 2008-04-17 10:36 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-04-10 23:17 . 2008-04-10 23:17 <DIR> d-------- C:\Program Files\My Downloaded Games
2008-04-10 23:17 . 2008-04-10 23:17 <DIR> d-------- C:\Program Files\BoontyGames
2008-04-10 22:58 . 2008-04-10 22:58 <DIR> d-------- C:\Program Files\Oberon Media
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 20:15 --------- d-----w C:\Program Files\PestPatrol
2008-05-01 03:50 --------- d-----w C:\Program Files\SpywareGuard
2008-04-29 04:21 --------- d-----w C:\Documents and Settings\Christopher Marks\Application Data\Yahoo!
2008-04-22 10:41 --------- d-----w C:\Documents and Settings\Kelly\Application Data\Yahoo!
2008-04-21 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-21 13:11 --------- d-----w C:\Program Files\ComcastToolbar
2008-04-21 05:33 --------- d-----w C:\Documents and Settings\Guest\Application Data\COMCASTTOOLBAR
2008-04-18 14:07 0 ----a-w C:\Program Files\temp01
2008-04-18 13:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-17 03:26 --------- d-----w C:\Documents and Settings\Christopher Marks\Application Data\COMCASTTOOLBAR
2008-04-11 03:15 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2008-04-01 02:19 --------- d-----w C:\Documents and Settings\Kelly\Application Data\Ruckus Network
2008-03-29 19:57 --------- d-----w C:\Program Files\HP
2008-03-26 20:34 83,064 -c--a-w C:\Documents and Settings\Kelly\Application Data\GDIPFONTCACHEV1.DAT
2008-03-14 18:55 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-10-10 01:46 81,864 -c--a-w C:\Documents and Settings\Guest\Application Data\GDIPFONTCACHEV1.DAT
2007-08-03 18:54 34,008 -c--a-w C:\Documents and Settings\Christopher Marks\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2008-05-02_21.43.54.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-02 19:44:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-05 16:25:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"zqmgeygw"="C:\WINDOWS\system32\zwngnizo.exe" [2008-05-02 14:28 102400]
"pfthtosu"="C:\WINDOWS\system32\nqpaxktg.exe" [2008-05-02 21:38 102400]
"thebwjzm"="C:\WINDOWS\system32\xarohwzi.exe" [2008-05-05 16:12 122880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 07:10 81990]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 03:11 135251]
"PestPatrol Control Center"="C:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-11-15 11:49 98304]
"PestPatrolCL"="" []
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2006-04-05 12:44 684032]
"IPInSightLAN 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 01:52 380928]
"IPInSightMonitor 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 01:52 122880]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 07:53 148480]
"CookiePatrol"="C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 09:35 73728]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2002-07-17 07:59 143360]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2002-07-17 07:45 90112]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"3325d2af"="C:\WINDOWS\system32\uhxopxdt.dll" [ ]
C:\Documents and Settings\Kelly\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Microsoft Works Calendar Reminders.lnk - C:\WINDOWS\Installer\{9944aa9e-362d-11d3-81ab-00c04fb932ba}\1960F8A9.exe [2007-08-11 09:24:38 29184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"WdbieWlubR"= C:\Documents and Settings\All Users\Application Data\creturmp\srwdgxkd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBuVNHw]
geBuVNHw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gateway\\SRCD\\gwdl.exe"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Ruckus Player\\Ruckus.exe"=
S3 iAimFP8;iAimFP8;C:\WINDOWS\system32\DRIVERS\wADV11nt.sys [2002-07-23 09:01]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-26 18:23:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-09 12:42:03 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 16:29:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-05 16:35:46
ComboFix-quarantined-files.txt 2008-05-05 20:35:31
ComboFix2.txt 2008-05-03 01:44:59
Pre-Run: 87,496,105,984 bytes free
Post-Run: 87,486,189,568 bytes free
132 --- E O F --- 2008-04-09 07:13:03
THIRD LOG__________________________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 10:35:41 PM, on 5/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\creturmp\srwdgxkd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ypafktgl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [3325d2af] rundll32.exe "C:\WINDOWS\system32\uhxopxdt.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [dnqbfntd] C:\WINDOWS\system32\ypafktgl.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.co...ALStreaming.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/...tall/AxCtp2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O20 - Winlogon Notify: geBuVNHw - geBuVNHw.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Hello!
Even though I still haven't had any responses to my initial problem I was thinking i wanted to get rid of all my current Anti-Virus and Anti-Spyware protection on my PC I am currently running, since it's obviously not doing the job I had hoped! However, I thought I might want to run it by you guys first. Can I get new software now or should I just wait until everything gets cleaned up and then switch?
Wondering..........
TheDiva805