• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
hamzie

QLowZones-15 q3q99[1].exe

15 posts in this topic

Recently Mcafee detected QLowZones-15 q3q99[1].exe in my contents.ie5 folder it cannot clean delete or quarantine it. The file this folder is in (HAZLX4IL) when right clicked opens a box saying this page has an unspecified potential security risk would you like to continue...

 

Since everybody is doing it .. heres my log

Logfile of HijackThis v1.99.1

Scan saved at 11:16:54 PM, on 6/5/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Update: in the same folder i got another trojan detected.. xc29[1].exe from FakeAlert-I.dr

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\PROGRA~1\mcafee.com\mps\mscifapp.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

C:\Program Files\McAfee.com\VSO\oasclnt.exe

C:\Program Files\McAfee.com\VSO\mcvsshld.exe

C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\CTHELPER.EXE

C:\Documents and Settings\All Users.WINDOWS\Application Data\novsvida.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe

C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\XoftSpySE\XoftSpy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\HijackThis\HijackThis.exe

 

O2 - BHO: (no name) - {02460202-007A-4463-A935-47C5BD49FEF3} - C:\WINDOWS\system32\awcmnawm.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {038EF01B-9495-4CB4-A62D-E44BBE6E828B} - C:\WINDOWS\system32\urssq.dll (file missing)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll

O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: (no name) - {B53B7023-734F-4BE7-B147-F2B935EBC0E1} - C:\WINDOWS\system32\awcmnawm.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\Sleep Moon Xpress\msdxm.ocx

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft Hardware\Mouse\point32.exe"

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\smmvkaso.dll",realset

O4 - HKLM\..\Run: [novsvida.exe] C:\Documents and Settings\All Users.WINDOWS\Application Data\novsvida.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe

O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB

O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: MA111 Configuration Utility.lnk = ?

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab

O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab53083.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9D614E8E-03AA-11D3-90FC-0040C7157029} (PDMSInstallerCtl Class) - http://cityislam.com/download/PDMSInstaller.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53083.cab

O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab

O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O20 - Winlogon Notify: wintfj32 - C:\WINDOWS\SYSTEM32\wintfj32.dll

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

 

thank you for any help you can give me

Edited by hamzie

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hello,

 

* Download Combofix to your desktop.

Doubleclick combofix.exe

Follow the prompts.

Don't click on the window while the fix is running, because that will cause your system to hang.

 

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.

Post this log in your next reply together with a new hijackthislog.

Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Share this post


Link to post
Share on other sites

Thanks for helping here is the combofix log..

ComboFix 07-06-11.3 - C:\Documents and Settings\Games\Desktop\ComboFix.exe

"Games" - 2007-06-11 20:28:25 - Service Pack 2 NTFS

 

ADS removed - system32: deleted 67860 bytes in 1 streams.

 

Unable to gain System Privileges

 

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\amwvtmmw.dll

C:\WINDOWS\system32\awcmnawm.dll

C:\WINDOWS\system32\cnlrmqqk.dll

C:\WINDOWS\system32\crgcuuen.dll

C:\WINDOWS\system32\eafiwrvp.dll

C:\WINDOWS\system32\hkkyqtcb.dll

C:\WINDOWS\system32\jaafysuf.dll

C:\WINDOWS\system32\lfrchlok.dll

C:\WINDOWS\system32\twaqqlsx.dll

C:\WINDOWS\system32\cbxyyyv.dll

C:\WINDOWS\system32\cccdd.bak1

C:\WINDOWS\system32\cccdd.bak2

C:\WINDOWS\system32\cccdd.ini

C:\WINDOWS\system32\fusyfaaj.ini

C:\WINDOWS\system32\cccdd.bak1

C:\WINDOWS\system32\cccdd.bak2

C:\WINDOWS\system32\cccdd.ini

C:\WINDOWS\system32\qssru.bak1

C:\WINDOWS\system32\qssru.bak2

C:\WINDOWS\system32\qssru.ini

C:\WINDOWS\system32\qssru.ini2

C:\WINDOWS\system32\qssru.tmp

C:\WINDOWS\system32\qssru.bak1

C:\WINDOWS\system32\qssru.bak2

C:\WINDOWS\system32\qssru.ini

C:\WINDOWS\system32\qssru.ini2

C:\WINDOWS\system32\qssru.tmp

C:\WINDOWS\system32\ddccc.dll

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe

C:\WINDOWS\system32\drivers\sfsync02.sys

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_SFSYNC02

-------\nm

-------\sfsync02

 

 

((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 )))))))))))))))))))))))))))))))

 

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\amwvtmmw.dll

C:\WINDOWS\system32\awcmnawm.dll

C:\WINDOWS\system32\cnlrmqqk.dll

C:\WINDOWS\system32\crgcuuen.dll

C:\WINDOWS\system32\eafiwrvp.dll

C:\WINDOWS\system32\hkkyqtcb.dll

C:\WINDOWS\system32\jaafysuf.dll

C:\WINDOWS\system32\lfrchlok.dll

C:\WINDOWS\system32\twaqqlsx.dll

C:\WINDOWS\system32\cbxyyyv.dll

C:\WINDOWS\system32\cccdd.bak1

C:\WINDOWS\system32\cccdd.bak2

C:\WINDOWS\system32\cccdd.ini

C:\WINDOWS\system32\fusyfaaj.ini

C:\WINDOWS\system32\cccdd.bak1

C:\WINDOWS\system32\cccdd.bak2

C:\WINDOWS\system32\cccdd.ini

C:\WINDOWS\system32\qssru.bak1

C:\WINDOWS\system32\qssru.bak2

C:\WINDOWS\system32\qssru.ini

C:\WINDOWS\system32\qssru.ini2

C:\WINDOWS\system32\qssru.tmp

C:\WINDOWS\system32\qssru.bak1

C:\WINDOWS\system32\qssru.bak2

C:\WINDOWS\system32\qssru.ini

C:\WINDOWS\system32\qssru.ini2

C:\WINDOWS\system32\qssru.tmp

C:\WINDOWS\system32\ddccc.dll

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe

C:\WINDOWS\system32\drivers\sfsync02.sys

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_SFSYNC02

-------\nm

-------\sfsync02

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_SFSYNC02

-------\nm

-------\sfsync02

 

 

 

((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 )))))))))))))))))))))))))))))))

 

 

2007-06-11 20:38 0 --a------ C:\WINDOWS\system32\sfsync02.dll

2007-06-11 20:14 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-11 20:14 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-07 16:16 2,580 --a------ C:\WINDOWS\system32\ibbidgoq.exe

2007-06-07 16:16 2,580 --a------ C:\WINDOWS\system32\ibbidgoq.exe

2007-06-07 16:07 55,316 --a------ C:\WINDOWS\system32\ogxyidjn.dll

2007-06-07 16:07 55,316 --a------ C:\WINDOWS\system32\ogxyidjn.dll

2007-05-19 22:44 <DIR> d-------- C:\VundoFix Backups

2007-05-19 22:44 <DIR> d-------- C:\VundoFix Backups

2007-05-17 21:16 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll

2007-05-17 21:16 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll

2007-05-17 21:16 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll

2007-05-17 21:16 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll

2007-05-17 21:16 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll

2007-05-17 21:16 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll

2007-05-17 21:16 <DIR> d-------- C:\videooutput

2007-05-17 21:16 <DIR> d-------- C:\videooutput

2007-05-17 21:16 <DIR> d-------- C:\Program Files\Smallvideosoft

2007-05-17 21:16 <DIR> d-------- C:\Program Files\Smallvideosoft

2007-05-17 20:22 4,444 --a------ C:\WINDOWS\system32\tmp.reg

2007-05-17 20:21 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-05-17 20:21 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-05-17 20:21 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-05-16 00:15 196,608 --a------ C:\WINDOWS\system32\ssleay32.dll

2007-05-16 00:15 1,040,384 --a------ C:\WINDOWS\system32\libeay32.dll

2007-05-16 00:15 1,040,384 --a------ C:\WINDOWS\system32\libeay32.dll

2007-05-15 22:09 <DIR> d-------- C:\Program Files\ScanSpyware v3.8.0.4

2007-05-15 22:09 <DIR> d-------- C:\Program Files\ScanSpyware v3.8.0.4

2007-05-15 21:42 1,234 --a------ C:\WINDOWS\mozver.dat

2007-05-15 21:42 1,234 --a------ C:\WINDOWS\mozver.dat

2007-05-15 19:43 <DIR> d-------- C:\ddab01ee903e907fa549e0ae63db

2007-05-15 19:43 <DIR> d-------- C:\ddab01ee903e907fa549e0ae63db

2007-05-13 20:11 <DIR> d-------- C:\DOCUME~1\Games\APPLIC~1\Media Player Classic

2007-05-13 18:54 75,776 --a------ C:\pvdsjfp.exe

2007-05-13 18:54 75,776 --a------ C:\pvdsjfp.exe

2007-05-11 20:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\pixelStorm

2007-05-11 20:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\pixelStorm

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-10 13:23:20 -------- d-----w C:\Program Files\FlashGet

2007-06-07 21:46:16 -------- d-----w C:\DOCUME~1\Games\APPLIC~1\Metacafe

2007-06-07 06:41:33 -------- d-----w C:\DOCUME~1\Games\APPLIC~1\LimeWire

2007-05-27 01:08:13 -------- d-----w C:\Program Files\BitComet

2007-05-24 07:55:43 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-05-17 09:58:15 -------- d-----w C:\Program Files\RegCure

2007-05-17 09:33:22 -------- d-----w C:\Program Files\XoftSpySE

2007-05-17 07:47:23 -------- d-----w C:\Program Files\Messenger Plus! Live

2007-05-15 09:29:47 -------- d-----w C:\DOCUME~1\Games\APPLIC~1\McAfee.com Personal Firewall

2007-05-06 05:53:04 -------- d-----w C:\Program Files\Common Files\SWF Studio

2007-05-01 08:43:19 -------- d-----w C:\Program Files\Microsoft ActiveSync

2007-05-01 06:14:25 -------- d-----w C:\Program Files\Swf2Avi

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-17 08:00:30 -------- d-----w C:\DOCUME~1\Games\APPLIC~1\Creative ASR2

2007-04-08 17:55:25 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2007-04-08 17:55:25 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll

No new files created in this timespan

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-10 13:23:20 -------- d-----w C:\Program Files\FlashGet

2007-06-07 21:46:16 -------- d-----w C:\DOCUME~1\Games\APPLIC~1\Metacafe

2007-06-07 06:41:33 -------- d-----w C:\DOCUME~1\Games\APPLIC~1\LimeWire

2007-05-27 01:08:13 -------- d-----w C:\Program Files\BitComet

2007-05-24 07:55:43 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-05-17 09:58:15 -------- d-----w C:\Program Files\RegCure

2007-05-17 09:33:22 -------- d-----w C:\Program Files\XoftSpySE

2007-05-17 07:47:23 -------- d-----w C:\Program Files\Messenger Plus! Live

2007-05-15 09:29:47 -------- d-----w C:\DOCUME~1\Games\APPLIC~1\McAfee.com Personal Firewall

2007-05-06 05:53:04 -------- d-----w C:\Program Files\Common Files\SWF Studio

2007-05-01 08:43:19 -------- d-----w C:\Program Files\Microsoft ActiveSync

2007-05-01 06:14:25 -------- d-----w C:\Program Files\Swf2Avi

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-17 08:00:30 -------- d-----w C:\DOCUME~1\Games\APPLIC~1\Creative ASR2

2007-04-08 17:55:25 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2007-04-08 17:55:25 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll

 

 

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

 

 

*Note* empty entries & legit default entries are not shown

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-11-21 15:54]

{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-11-21 15:54]

{038EF01B-9495-4CB4-A62D-E44BBE6E828B}=C:\WINDOWS\system32\urssq.dll []

{038EF01B-9495-4CB4-A62D-E44BBE6E828B}=C:\WINDOWS\system32\urssq.dll []

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]

{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}=c:\program files\mcafee.com\mps\mcbrhlpr.dll [2005-10-28 10:30]

{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}=c:\program files\mcafee.com\mps\mcbrhlpr.dll [2005-10-28 10:30]

{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-01-22 17:50]

{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-01-22 17:50]

{3EC8255F-E043-4cae-8B3B-B191550C2A22}=c:\program files\mcafee.com\mps\popupkiller.dll [2005-10-28 10:30]

{3EC8255F-E043-4cae-8B3B-B191550C2A22}=c:\program files\mcafee.com\mps\popupkiller.dll [2005-10-28 10:30]

{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}=c:\program files\mcafee\spamkiller\mcapfbho.dll [2005-11-03 14:10]

{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}=c:\program files\mcafee\spamkiller\mcapfbho.dll [2005-11-03 14:10]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22]

{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29]

{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29]

{9394EDE7-C8B5-483E-8773-474BF36AF6E4}=C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 17:42]

{9394EDE7-C8B5-483E-8773-474BF36AF6E4}=C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 17:42]

{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-19 22:55]

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 21:04]

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 21:04]

{C333CF63-767F-4831-94AC-E683D962C63C}=C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll [2006-05-10 09:13]

{C333CF63-767F-4831-94AC-E683D962C63C}=C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll [2006-05-10 09:13]

{F156768E-81EF-470C-9057-481BA8380DBA}=C:\Program Files\FlashGet\getflash.dll [2007-01-15 13:40]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{F156768E-81EF-470C-9057-481BA8380DBA}=C:\Program Files\FlashGet\getflash.dll [2007-01-15 13:40]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 10:56 C:\WINDOWS\system32\bthprops.cpl]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 10:56 C:\WINDOWS\system32\bthprops.cpl]

"IntelliPoint"="C:\Program Files\Microsoft Hardware\Mouse\point32.exe" [2002-08-30 11:03]

"IntelliPoint"="C:\Program Files\Microsoft Hardware\Mouse\point32.exe" [2002-08-30 11:03]

"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-08-31 13:32]

"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-08-31 13:32]

"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]

"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]

"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05]

"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05]

"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 17:00]

"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 17:00]

"MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [2006-03-30 14:31]

"MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [2006-03-30 14:31]

"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 10:26]

"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 10:26]

"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 13:49]

"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 13:49]

"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02]

"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18]

"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18]

"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49]

"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49]

"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2002-09-13 06:04]

"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2002-09-13 06:04]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]

"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 14:18]

"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 14:18]

"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]

"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 08:36]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 08:36]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-12 04:39]

"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 01:00]

"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 01:00]

"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06]

"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06]

"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 C:\WINDOWS\CTHELPER.EXE]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 02:24]

"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]

"Steam"="" []

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 02:24]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:56 C:\WINDOWS\system32\ctfmon.exe]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-09-10 19:46]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:56]

"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe" [2002-11-21 09:33]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-09-10 19:46]

"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 10:19]

"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe" [2002-11-21 09:33]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

@=

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 10:19]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"="C:\PROGRA~1\COMMON~1\Stardock\MCPCore.dll" [2005-05-10 13:31]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtroli]

awtroli.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]

C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]

wintfj32.dll

path=

backup=

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^MetaCafe.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\MetaCafe.lnk

backup=C:\WINDOWS\pss\MetaCafe.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^hamza.MOC-BEEFC3F9795^Start Menu^Programs^Startup^MetaCafe.lnk]

path=C:\Documents and Settings\hamza.MOC-BEEFC3F9795\Start Menu\Programs\Startup\MetaCafe.lnk

backup=C:\WINDOWS\pss\MetaCafe.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]

D:\Program Files\Athan\Athan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopWeather]

C:\Program Files\NetComm\NB2\dslstat.exe icon

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]

C:\Program Files\NetComm\NB2\dslagent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLSTATEXE]

C:\Program Files\NetComm\NB2\dslstat.exe icon

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

C:\Program Files\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIDEBAR]

"D:\Program Files\Desktop Sidebar\dsidebar.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]

C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

C:\WINDOWS\UpdReg.EXE

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

"ForkFlag"=C:\DOCUME~1\Games\APPLIC~1\PLAYBL~1\bone phone close.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"CTDVDDet"=C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

"CTHelper"=CTHELPER.EXE

"InCD"=C:\Program Files\Ahead\InCD\InCD.exe

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

"SBDrvDet"=C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

"AsioReg"=REGSVR32.EXE /S CTASIO.DLL

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

"FlashGet"=C:\Program Files\FlashGet\FlashGet.exe /min

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs

UxTuneUp

 

 

Contents of the 'Scheduled Tasks' folder

2007-06-08 07:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job

2007-06-06 00:48:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

2007-06-11 10:50:27 C:\WINDOWS\tasks\RegCure Program Check.job

2007-06-06 21:27:37 C:\WINDOWS\tasks\RegCure.job

2007-06-11 10:50:44 C:\WINDOWS\tasks\Symantec NetDetect.job

2007-06-11 10:50:10 C:\WINDOWS\tasks\XoftSpySE 2.job

2007-06-08 17:00:00 C:\WINDOWS\tasks\XoftSpySE.job

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-11 20:47:44

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTStartup = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run?Z?A~d???*?A~????????F???????h?@?x?????B~D??????sx??s????????y??w????@@@????|D@@?????>??w????X:2?H??????|???|???????|L(?sX:2??????/?s????????D???????????????????,????????????+?s@@@?D???`|?w??????@

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]

 

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001101-0000-1000-8000-00805f9b34fb}]

 

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001105-0000-1000-8000-00805f9b34fb}]

 

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]

 

 

Completion time: 2007-06-11 20:52:59 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-06-11 20:52

 

--- E O F ---

and here is the hijackthis log

 

Logfile of HijackThis v1.99.1

Scan saved at 9:02:36 PM, on 6/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTsvcCDA.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\PROGRA~1\mcafee.com\vso\OasClnt.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

c:\program files\mcafee.com\vso\mcvsshld.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\PROGRA~1\mcafee.com\mps\mscifapp.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\CTHELPER.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe

C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/index.php?rvs=hompag

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {038EF01B-9495-4CB4-A62D-E44BBE6E828B} - C:\WINDOWS\system32\urssq.dll (file missing)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll

O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\Sleep Moon Xpress\msdxm.ocx

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft Hardware\Mouse\point32.exe"

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe

O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB

O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: MA111 Configuration Utility.lnk = ?

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab

O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab53083.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9D614E8E-03AA-11D3-90FC-0040C7157029} (PDMSInstallerCtl Class) - http://cityislam.com/download/PDMSInstaller.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53083.cab

O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab

O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: awtroli - awtroli.dll (file missing)

O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

 

Thanks alot!! (still dont get what you guys understand from all these logs)

Share this post


Link to post
Share on other sites

Thanks for helping here is the combofix log..

ComboFix 07-06-11.3 - C:\Documents and Settings\Games\Desktop\ComboFix.exe

"Games" - 2007-06-11 20:28:25 - Service Pack 2 NTFS

 

ADS removed - system32: deleted 67860 bytes in 1 streams.

 

Unable to gain System Privileges

 

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\amwvtmmw.dll

C:\WINDOWS\system32\awcmnawm.dll

C:\WINDOWS\system32\cnlrmqqk.dll

C:\WINDOWS\system32\crgcuuen.dll

C:\WINDOWS\system32\eafiwrvp.dll

C:\WINDOWS\system32\hkkyqtcb.dll

C:\WINDOWS\system32\jaafysuf.dll

C:\WINDOWS\system32\lfrchlok.dll

C:\WINDOWS\system32\twaqqlsx.dll

C:\WINDOWS\system32\cbxyyyv.dll

C:\WINDOWS\system32\cccdd.bak1

C:\WINDOWS\system32\cccdd.bak2

C:\WINDOWS\system32\cccdd.ini

C:\WINDOWS\system32\fusyfaaj.ini

C:\WINDOWS\system32\cccdd.bak1

C:\WINDOWS\system32\cccdd.bak2

C:\WINDOWS\system32\cccdd.ini

C:\WINDOWS\system32\qssru.bak1

C:\WINDOWS\system32\qssru.bak2

C:\WINDOWS\system32\qssru.ini

C:\WINDOWS\system32\qssru.ini2

C:\WINDOWS\system32\qssru.tmp

C:\WINDOWS\system32\qssru.bak1

C:\WINDOWS\system32\qssru.bak2

C:\WINDOWS\system32\qssru.ini

C:\WINDOWS\system32\qssru.ini2

C:\WINDOWS\system32\qssru.tmp

C:\WINDOWS\system32\ddccc.dll

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe

C:\WINDOWS\system32\drivers\sfsync02.sys

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_SFSYNC02

-------\nm

-------\sfsync02

 

 

((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 )))))))))))))))))))))))))))))))

 

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\amwvtmmw.dll

C:\WINDOWS\system32\awcmnawm.dll

C:\WINDOWS\system32\cnlrmqqk.dll

C:\WINDOWS\system32\crgcuuen.dll

C:\WINDOWS\system32\eafiwrvp.dll

C:\WINDOWS\system32\hkkyqtcb.dll

C:\WINDOWS\system32\jaafysuf.dll

C:\WINDOWS\system32\lfrchlok.dll

C:\WINDOWS\system32\twaqqlsx.dll

C:\WINDOWS\system32\cbxyyyv.dll

C:\WINDOWS\system32\cccdd.bak1

C:\WINDOWS\system32\cccdd.bak2

C:\WINDOWS\system32\cccdd.ini

C:\WINDOWS\system32\fusyfaaj.ini

C:\WINDOWS\system32\cccdd.bak1

C:\WINDOWS\system32\cccdd.bak2

C:\WINDOWS\system32\cccdd.ini

C:\WINDOWS\system32\qssru.bak1

C:\WINDOWS\system32\qssru.bak2

C:\WINDOWS\system32\qssru.ini

C:\WINDOWS\system32\qssru.ini2

C:\WINDOWS\system32\qssru.tmp

C:\WINDOWS\system32\qssru.bak1

C:\WINDOWS\system32\qssru.bak2

C:\WINDOWS\system32\qssru.ini

C:\WINDOWS\system32\qssru.ini2

C:\WINDOWS\system32\qssru.tmp

C:\WINDOWS\system32\ddccc.dll

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe

C:\WINDOWS\system32\drivers\sfsync02.sys

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_SFSYNC02

-------\nm

-------\sfsync02

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_SFSYNC02

-------\nm

-------\sfsync02

 

 

 

((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 )))))))))))))))))))))))))))))))

 

 

2007-06-11 20:38 0 --a------ C:\WINDOWS\system32\sfsync02.dll

2007-06-11 20:14 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-11 20:14 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-07 16:16 2,580 --a------ C:\WINDOWS\system32\ibbidgoq.exe

2007-06-07 16:16 2,580 --a------ C:\WINDOWS\system32\ibbidgoq.exe

2007-06-07 16:07 55,316 --a------ C:\WINDOWS\system32\ogxyidjn.dll

2007-06-07 16:07 55,316 --a------ C:\WINDOWS\system32\ogxyidjn.dll

2007-05-19 22:44 <DIR> d-------- C:\VundoFix Backups

2007-05-19 22:44 <DIR> d-------- C:\VundoFix Backups

2007-05-17 21:16 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll

2007-05-17 21:16 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll

2007-05-17 21:16 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll

2007-05-17 21:16 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll

2007-05-17 21:16 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll

2007-05-17 21:16 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll

2007-05-17 21:16 <DIR> d-------- C:\videooutput

2007-05-17 21:16 <DIR> d-------- C:\videooutput

2007-05-17 21:16 <DIR> d-------- C:\Program Files\Smallvideosoft

2007-05-17 21:16 <DIR> d-------- C:\Program Files\Smallvideosoft

2007-05-17 20:22 4,444 --a------ C:\WINDOWS\system32\tmp.reg

2007-05-17 20:21 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-05-17 20:21 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-05-17 20:21 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-05-16 00:15 196,608 --a------ C:\WINDOWS\system32\ssleay32.dll

2007-05-16 00:15 1,040,384 --a------ C:\WINDOWS\system32\libeay32.dll

2007-05-16 00:15 1,040,384 --a------ C:\WINDOWS\system32\libeay32.dll

2007-05-15 22:09 <DIR> d-------- C:\Program Files\ScanSpyware v3.8.0.4

2007-05-15 22:09 <DIR> d-------- C:\Program Files\ScanSpyware v3.8.0.4

2007-05-15 21:42 1,234 --a------ C:\WINDOWS\mozver.dat

2007-05-15 21:42 1,234 --a------ C:\WINDOWS\mozver.dat

2007-05-15 19:43 <DIR> d-------- C:\ddab01ee903e907fa549e0ae63db

2007-05-15 19:43 <DIR> d-------- C:\ddab01ee903e907fa549e0ae63db

2007-05-13 20:11 <DIR> d-------- C:\DOCUME~1\Games\APPLIC~1\Media Player Classic

2007-05-13 18:54 75,776 --a------ C:\pvdsjfp.exe

2007-05-13 18:54 75,776 --a------ C:\pvdsjfp.exe

2007-05-11 20:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\pixelStorm

2007-05-11 20:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\pixelStorm

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-10 13:23:20 -------- d-----w C:\Program Files\FlashGet

2007-06-07 21:46:16 -------- d-----w C:\DOCUME~1\Games\APPLIC~1\Metacafe

2007-06-07 06:41:33 -------- d-----w C:\DOCUME~1\Games\APPLIC~1\LimeWire

2007-05-27 01:08:13 -------- d-----w C:\Program Files\BitComet

2007-05-24 07:55:43 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-05-17 09:58:15 -------- d-----w C:\Program Files\RegCure

2007-05-17 09:33:22 -------- d-----w C:\Program Files\XoftSpySE

2007-05-17 07:47:23 -------- d-----w C:\Program Files\Messenger Plus! Live

2007-05-15 09:29:47 -------- d-----w C:\DOCUME~1\Games\APPLIC~1\McAfee.com Personal Firewall

2007-05-06 05:53:04 -------- d-----w C:\Program Files\Common Files\SWF Studio

2007-05-01 08:43:19 -------- d-----w C:\Program Files\Microsoft ActiveSync

2007-05-01 06:14:25 -------- d-----w C:\Program Files\Swf2Avi

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-17 08:00:30 -------- d-----w C:\DOCUME~1\Games\APPLIC~1\Creative ASR2

2007-04-08 17:55:25 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2007-04-08 17:55:25 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll

No new files created in this timespan

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-10 13:23:20 -------- d-----w C:\Program Files\FlashGet

2007-06-07 21:46:16 -------- d-----w C:\DOCUME~1\Games\APPLIC~1\Metacafe

2007-06-07 06:41:33 -------- d-----w C:\DOCUME~1\Games\APPLIC~1\LimeWire

2007-05-27 01:08:13 -------- d-----w C:\Program Files\BitComet

2007-05-24 07:55:43 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-05-17 09:58:15 -------- d-----w C:\Program Files\RegCure

2007-05-17 09:33:22 -------- d-----w C:\Program Files\XoftSpySE

2007-05-17 07:47:23 -------- d-----w C:\Program Files\Messenger Plus! Live

2007-05-15 09:29:47 -------- d-----w C:\DOCUME~1\Games\APPLIC~1\McAfee.com Personal Firewall

2007-05-06 05:53:04 -------- d-----w C:\Program Files\Common Files\SWF Studio

2007-05-01 08:43:19 -------- d-----w C:\Program Files\Microsoft ActiveSync

2007-05-01 06:14:25 -------- d-----w C:\Program Files\Swf2Avi

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-17 08:00:30 -------- d-----w C:\DOCUME~1\Games\APPLIC~1\Creative ASR2

2007-04-08 17:55:25 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2007-04-08 17:55:25 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll

 

 

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

 

 

*Note* empty entries & legit default entries are not shown

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-11-21 15:54]

{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-11-21 15:54]

{038EF01B-9495-4CB4-A62D-E44BBE6E828B}=C:\WINDOWS\system32\urssq.dll []

{038EF01B-9495-4CB4-A62D-E44BBE6E828B}=C:\WINDOWS\system32\urssq.dll []

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]

{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}=c:\program files\mcafee.com\mps\mcbrhlpr.dll [2005-10-28 10:30]

{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}=c:\program files\mcafee.com\mps\mcbrhlpr.dll [2005-10-28 10:30]

{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-01-22 17:50]

{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-01-22 17:50]

{3EC8255F-E043-4cae-8B3B-B191550C2A22}=c:\program files\mcafee.com\mps\popupkiller.dll [2005-10-28 10:30]

{3EC8255F-E043-4cae-8B3B-B191550C2A22}=c:\program files\mcafee.com\mps\popupkiller.dll [2005-10-28 10:30]

{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}=c:\program files\mcafee\spamkiller\mcapfbho.dll [2005-11-03 14:10]

{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}=c:\program files\mcafee\spamkiller\mcapfbho.dll [2005-11-03 14:10]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22]

{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29]

{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29]

{9394EDE7-C8B5-483E-8773-474BF36AF6E4}=C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 17:42]

{9394EDE7-C8B5-483E-8773-474BF36AF6E4}=C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 17:42]

{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-19 22:55]

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 21:04]

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 21:04]

{C333CF63-767F-4831-94AC-E683D962C63C}=C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll [2006-05-10 09:13]

{C333CF63-767F-4831-94AC-E683D962C63C}=C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll [2006-05-10 09:13]

{F156768E-81EF-470C-9057-481BA8380DBA}=C:\Program Files\FlashGet\getflash.dll [2007-01-15 13:40]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{F156768E-81EF-470C-9057-481BA8380DBA}=C:\Program Files\FlashGet\getflash.dll [2007-01-15 13:40]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 10:56 C:\WINDOWS\system32\bthprops.cpl]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 10:56 C:\WINDOWS\system32\bthprops.cpl]

"IntelliPoint"="C:\Program Files\Microsoft Hardware\Mouse\point32.exe" [2002-08-30 11:03]

"IntelliPoint"="C:\Program Files\Microsoft Hardware\Mouse\point32.exe" [2002-08-30 11:03]

"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-08-31 13:32]

"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-08-31 13:32]

"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]

"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]

"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05]

"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05]

"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 17:00]

"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 17:00]

"MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [2006-03-30 14:31]

"MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [2006-03-30 14:31]

"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 10:26]

"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 10:26]

"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 13:49]

"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 13:49]

"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02]

"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18]

"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18]

"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49]

"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49]

"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2002-09-13 06:04]

"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2002-09-13 06:04]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]

"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 14:18]

"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 14:18]

"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]

"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 08:36]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 08:36]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-12 04:39]

"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 01:00]

"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 01:00]

"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06]

"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06]

"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 C:\WINDOWS\CTHELPER.EXE]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 02:24]

"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]

"Steam"="" []

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 02:24]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:56 C:\WINDOWS\system32\ctfmon.exe]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-09-10 19:46]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:56]

"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe" [2002-11-21 09:33]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-09-10 19:46]

"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 10:19]

"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe" [2002-11-21 09:33]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

@=

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 10:19]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"="C:\PROGRA~1\COMMON~1\Stardock\MCPCore.dll" [2005-05-10 13:31]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtroli]

awtroli.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]

C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]

wintfj32.dll

path=

backup=

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^MetaCafe.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\MetaCafe.lnk

backup=C:\WINDOWS\pss\MetaCafe.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^hamza.MOC-BEEFC3F9795^Start Menu^Programs^Startup^MetaCafe.lnk]

path=C:\Documents and Settings\hamza.MOC-BEEFC3F9795\Start Menu\Programs\Startup\MetaCafe.lnk

backup=C:\WINDOWS\pss\MetaCafe.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]

D:\Program Files\Athan\Athan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopWeather]

C:\Program Files\NetComm\NB2\dslstat.exe icon

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]

C:\Program Files\NetComm\NB2\dslagent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLSTATEXE]

C:\Program Files\NetComm\NB2\dslstat.exe icon

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

C:\Program Files\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIDEBAR]

"D:\Program Files\Desktop Sidebar\dsidebar.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]

C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

C:\WINDOWS\UpdReg.EXE

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

"ForkFlag"=C:\DOCUME~1\Games\APPLIC~1\PLAYBL~1\bone phone close.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"CTDVDDet"=C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

"CTHelper"=CTHELPER.EXE

"InCD"=C:\Program Files\Ahead\InCD\InCD.exe

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

"SBDrvDet"=C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

"AsioReg"=REGSVR32.EXE /S CTASIO.DLL

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

"FlashGet"=C:\Program Files\FlashGet\FlashGet.exe /min

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs

UxTuneUp

 

 

Contents of the 'Scheduled Tasks' folder

2007-06-08 07:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job

2007-06-06 00:48:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

2007-06-11 10:50:27 C:\WINDOWS\tasks\RegCure Program Check.job

2007-06-06 21:27:37 C:\WINDOWS\tasks\RegCure.job

2007-06-11 10:50:44 C:\WINDOWS\tasks\Symantec NetDetect.job

2007-06-11 10:50:10 C:\WINDOWS\tasks\XoftSpySE 2.job

2007-06-08 17:00:00 C:\WINDOWS\tasks\XoftSpySE.job

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-11 20:47:44

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTStartup = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run?Z?A~d???*?A~????????F???????h?@?x?????B~D??????sx??s????????y??w????@@@????|D@@?????>??w????X:2?H??????|???|???????|L(?sX:2??????/?s????????D???????????????????,????????????+?s@@@?D???`|?w??????@

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]

 

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001101-0000-1000-8000-00805f9b34fb}]

 

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001105-0000-1000-8000-00805f9b34fb}]

 

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]

 

 

Completion time: 2007-06-11 20:52:59 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-06-11 20:52

 

--- E O F ---

and here is the hijackthis log

 

Logfile of HijackThis v1.99.1

Scan saved at 9:02:36 PM, on 6/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTsvcCDA.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\PROGRA~1\mcafee.com\vso\OasClnt.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

c:\program files\mcafee.com\vso\mcvsshld.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\PROGRA~1\mcafee.com\mps\mscifapp.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\CTHELPER.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe

C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/index.php?rvs=hompag

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {038EF01B-9495-4CB4-A62D-E44BBE6E828B} - C:\WINDOWS\system32\urssq.dll (file missing)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll

O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\Sleep Moon Xpress\msdxm.ocx

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft Hardware\Mouse\point32.exe"

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe

O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB

O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: MA111 Configuration Utility.lnk = ?

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab

O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab53083.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9D614E8E-03AA-11D3-90FC-0040C7157029} (PDMSInstallerCtl Class) - http://cityislam.com/download/PDMSInstaller.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53083.cab

O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab

O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: awtroli - awtroli.dll (file missing)

O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

 

Thanks alot!! (still dont get what you guys understand from all these logs)

Share this post


Link to post
Share on other sites

Hi,

 

Open notepad and copy/paste the text in the quotebox below into it:

 

File::

C:\WINDOWS\system32\ibbidgoq.exe

C:\WINDOWS\system32\ogxyidjn.dll

C:\WINDOWS\system32\sfsync02.dll

C:\pvdsjfp.exe

 

Folder::

C:\VundoFix Backups

C:\DOCUME~1\Games\APPLIC~1\PLAYBL~1

 

Registry::

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{038EF01B-9495-4CB4-A62D-E44BBE6E828B}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtroli]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ForkFlag"=-

 

Save this as ComboFix-Do.txt

 

Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below.

 

Combo-Do.gif

 

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

Share this post


Link to post
Share on other sites

Here the combofix log

tComboFix 07-06-11.3 - C:\Documents and Settings\Games\Desktop\ComboFix.exe

"Games" - 2007-06-11 21:56:25 - Service Pack 2 NTFS

Command switches used :: C:\ComboFix-Do.txt

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\pvdsjfp.exe

C:\VundoFix Backups

C:\VundoFix Backups\aecwwujv.ini.bad

C:\VundoFix Backups\bxksfnxj.ini.bad

C:\VundoFix Backups\jxnfskxb.dll.bad

C:\VundoFix Backups\osakvmms.ini.bad

C:\VundoFix Backups\urssq.dll.bad

C:\VundoFix Backups\uwjqevrb.dll.bad

C:\VundoFix Backups\vjuwwcea.dll.bad

C:\WINDOWS\system32\ibbidgoq.exe

C:\WINDOWS\system32\ogxyidjn.dll

C:\WINDOWS\system32\sfsync02.dll

 

 

((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 )))))))))))))))))))))))))))))))

 

 

2007-06-11 20:14 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-05-17 21:16 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll

2007-05-17 21:16 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll

2007-05-17 21:16 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll

2007-05-17 21:16 <DIR> d-------- C:\videooutput

2007-05-17 21:16 <DIR> d-------- C:\Program Files\Smallvideosoft

2007-05-17 20:22 4,444 --a------ C:\WINDOWS\system32\tmp.reg

2007-05-17 20:21 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-05-17 20:21 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-05-16 00:15 196,608 --a------ C:\WINDOWS\system32\ssleay32.dll

2007-05-16 00:15 1,040,384 --a------ C:\WINDOWS\system32\libeay32.dll

2007-05-15 22:09 <DIR> d-------- C:\Program Files\ScanSpyware v3.8.0.4

2007-05-15 21:42 1,234 --a------ C:\WINDOWS\mozver.dat

2007-05-15 19:43 <DIR> d-------- C:\ddab01ee903e907fa549e0ae63db

2007-05-13 20:11 <DIR> d-------- C:\DOCUME~1\Games\APPLIC~1\Media Player Classic

2007-05-11 20:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\pixelStorm

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-10 13:23:20 -------- d-----w C:\Program Files\FlashGet

2007-06-07 21:46:16 -------- d-----w C:\DOCUME~1\Games\APPLIC~1\Metacafe

2007-06-07 06:41:33 -------- d-----w C:\DOCUME~1\Games\APPLIC~1\LimeWire

2007-05-27 01:08:13 -------- d-----w C:\Program Files\BitComet

2007-05-24 07:55:43 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-05-17 09:58:15 -------- d-----w C:\Program Files\RegCure

2007-05-17 09:33:22 -------- d-----w C:\Program Files\XoftSpySE

2007-05-17 07:47:23 -------- d-----w C:\Program Files\Messenger Plus! Live

2007-05-15 09:29:47 -------- d-----w C:\DOCUME~1\Games\APPLIC~1\McAfee.com Personal Firewall

2007-05-06 05:53:04 -------- d-----w C:\Program Files\Common Files\SWF Studio

2007-05-01 08:43:19 -------- d-----w C:\Program Files\Microsoft ActiveSync

2007-05-01 06:14:25 -------- d-----w C:\Program Files\Swf2Avi

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-17 08:00:30 -------- d-----w C:\DOCUME~1\Games\APPLIC~1\Creative ASR2

2007-04-08 17:55:25 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2007-04-08 17:55:25 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-11-21 15:54]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]

{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}=c:\program files\mcafee.com\mps\mcbrhlpr.dll [2005-10-28 10:30]

{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-01-22 17:50]

{3EC8255F-E043-4cae-8B3B-B191550C2A22}=c:\program files\mcafee.com\mps\popupkiller.dll [2005-10-28 10:30]

{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}=c:\program files\mcafee\spamkiller\mcapfbho.dll [2005-11-03 14:10]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22]

{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29]

{9394EDE7-C8B5-483E-8773-474BF36AF6E4}=C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 17:42]

{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-19 22:55]

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 21:04]

{C333CF63-767F-4831-94AC-E683D962C63C}=C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll [2006-05-10 09:13]

{F156768E-81EF-470C-9057-481BA8380DBA}=C:\Program Files\FlashGet\getflash.dll [2007-01-15 13:40]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 10:56 C:\WINDOWS\system32\bthprops.cpl]

"IntelliPoint"="C:\Program Files\Microsoft Hardware\Mouse\point32.exe" [2002-08-30 11:03]

"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-08-31 13:32]

"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]

"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05]

"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 17:00]

"MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [2006-03-30 14:31]

"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 10:26]

"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 13:49]

"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02]

"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18]

"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49]

"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2002-09-13 06:04]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]

"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 14:18]

"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 08:36]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-12 04:39]

"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 01:00]

"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06]

"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 C:\WINDOWS\CTHELPER.EXE]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 02:24]

"Steam"="" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:56]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-09-10 19:46]

"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe" [2002-11-21 09:33]

"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 10:19]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

@=

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"="C:\PROGRA~1\COMMON~1\Stardock\MCPCore.dll" [2005-05-10 13:31]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]

C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll

path=

backup=

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^MetaCafe.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\MetaCafe.lnk

backup=C:\WINDOWS\pss\MetaCafe.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^hamza.MOC-BEEFC3F9795^Start Menu^Programs^Startup^MetaCafe.lnk]

path=C:\Documents and Settings\hamza.MOC-BEEFC3F9795\Start Menu\Programs\Startup\MetaCafe.lnk

backup=C:\WINDOWS\pss\MetaCafe.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]

D:\Program Files\Athan\Athan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopWeather]

C:\Program Files\NetComm\NB2\dslstat.exe icon

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]

C:\Program Files\NetComm\NB2\dslagent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLSTATEXE]

C:\Program Files\NetComm\NB2\dslstat.exe icon

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

C:\Program Files\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIDEBAR]

"D:\Program Files\Desktop Sidebar\dsidebar.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]

C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

C:\WINDOWS\UpdReg.EXE

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"CTDVDDet"=C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

"CTHelper"=CTHELPER.EXE

"InCD"=C:\Program Files\Ahead\InCD\InCD.exe

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

"SBDrvDet"=C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

"AsioReg"=REGSVR32.EXE /S CTASIO.DLL

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

"FlashGet"=C:\Program Files\FlashGet\FlashGet.exe /min

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs

UxTuneUp

 

 

Contents of the 'Scheduled Tasks' folder

2007-06-08 07:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job

2007-06-06 00:48:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

2007-06-11 12:03:34 C:\WINDOWS\tasks\RegCure Program Check.job

2007-06-06 21:27:37 C:\WINDOWS\tasks\RegCure.job

2007-06-11 12:03:51 C:\WINDOWS\tasks\Symantec NetDetect.job

2007-06-11 12:03:26 C:\WINDOWS\tasks\XoftSpySE 2.job

2007-06-08 17:00:00 C:\WINDOWS\tasks\XoftSpySE.job

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-11 22:03:51

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTStartup = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run?Z?A~d???*?A~????????&b??????h?@?x?????B~D??????sx??s?/??????y??w????@@@????|D@@?????>??w????X:2?H??????|???|???????|L(?sX:2??????/?s????????D???????????????????,????????????+?s@@@?D???`|?w??????@

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]

 

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001101-0000-1000-8000-00805f9b34fb}]

 

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001105-0000-1000-8000-00805f9b34fb}]

 

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]

 

 

Completion time: 2007-06-11 22:08:05 - machine was rebooted

C:\ComboFix-Do.txt ... 2007-06-11 21:55

C:\ComboFix-quarantined-files.txt ... 2007-06-11 22:07

C:\ComboFix2.txt ... 2007-06-11 21:55

 

--- E O F ---

and heres the hijackthis log

Logfile of HijackThis v1.99.1

Scan saved at 10:35:10 PM, on 6/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\PROGRA~1\mcafee.com\mps\mscifapp.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

C:\Program Files\McAfee.com\VSO\oasclnt.exe

c:\program files\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\CTHELPER.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe

C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/index.php?rvs=hompag

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll

O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\Sleep Moon Xpress\msdxm.ocx

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft Hardware\Mouse\point32.exe"

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe

O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB

O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: MA111 Configuration Utility.lnk = ?

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab

O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab53083.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9D614E8E-03AA-11D3-90FC-0040C7157029} (PDMSInstallerCtl Class) - http://cityislam.com/download/PDMSInstaller.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53083.cab

O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab

O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

Share this post


Link to post
Share on other sites

Hi,

 

I see you have this "ScanSpyware v3.8.0.4" installed. This one is present on this blacklist: http://www.spywarewarrior.com/rogue_anti-s...re.htm#products

This means, they are the scanners NOT to install since they have a bad reputation and some are even bundled with spyware.

That's why I recommend you uninstall it.

 

Then remove next folder as well if still present:

 

C:\Program Files\ScanSpyware v3.8.0.4

 

Also remove the C:\Qoobox folder

 

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab

 

* Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer is closed when you click Fix Checked!

 

Then, Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6

    [*]Click the Remove or Change/Remove button.

    [*]Repeat as many times as necessary to remove each Java versions.

    [*]Reboot your computer once all Java components are removed.

    [*]Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.

Let me know in your next reply how things are now...

Share this post


Link to post
Share on other sites

No alerts from Mcafee yet.. im off too sleep now but if anything comes up I will let you know

 

Thanks alot!!

Share this post


Link to post
Share on other sites

Good to hear... and Glad I could help. :)

 

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

 

Happy Surfing again!

Share this post


Link to post
Share on other sites

Lol i just got home and I see mcafee has detected Vundo trojan in C:\System Volume Information folder...

I delete it but then it give me another error with generic packed trojan in the same folder, I delete it and once again I get the vundo detection.. any ideas?

Share this post


Link to post
Share on other sites

Hi,

 

Those are in your system restore points - when System restore creates a restore point at the time you are infected, it is in your system restore points as well. To delete it - Flush your system restore points:

To do this, you have to disable systemrestore and enable it afterwards again.

(note: this will delete all your system restore points and malware that were present in it).

 

How to disable system restore in XP <= click me for instructions with screenshots

After you disabled System Restore.... Reboot.. and after rebooting, enable it again, so a new systemrestorepoint will be made. A clean one now! :)

Share this post


Link to post
Share on other sites

lol! well thanks alot for all your help. one more question before you go.. when i was infected i had that "The PC will restart in 60 seconds" virus.. people told me to type shutdown -a in RUN to stop that count down. The countdown doesnt show up now but im not sure if that is because of the shutdown -a command or if its completely gone. Is there anyway to check this?

Share this post


Link to post
Share on other sites

You only ran the shutdown -a command once, so that was only performed once as well. This means, after a reboot you should receive the "The PC will restart in 60 seconds..." again if the problem was still present. So don't worry here. :)

Share this post


Link to post
Share on other sites

Since this issue appears resolved ... this Topic is closed.

 

If you need this topic reopened for continuations of existing problems, please tell the moderating team by replying here

This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0