another virtumonde problem [Archive] - Safer-Networking Forums

View Full Version : another virtumonde problem

WishIWasAGeek

2007-09-12, 02:01

hey.....I been trying hard to get rid of malicous pop ups I have followed other threads almost verbatium-so i wouldnt have to post another thread on virtumonde. But i am at my whits end and need help.

high jackthis log file before renaming it:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:50:24 PM, on 9/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\LSUpdateManager.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--
End of file - 2330 bytes

below is after changing it to whatjack.exe

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:00:02 PM, on 9/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\LSUpdateManager.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\whatjack.exe

--
End of file - 2335 bytes:spider:

WishIWasAGeek

2007-09-12, 03:30

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, September 11, 2007 8:28:22 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 12/09/2007
Kaspersky Anti-Virus database records: 412422
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 50345
Number of viruses found: 17
Number of infected objects: 38
Number of suspicious objects: 0
Duration of the scan process: 01:19:20

Infected Object Name / Virus Name / Last Action
C:\check_LSA7.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\logs\update.log Object is locked skipped
C:\Documents and Settings\COLORTYME\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\COLORTYME\Application Data\Mozilla\Firefox\Profiles\4hjxl3y7.default\cert8.db Object is locked skipped
C:\Documents and Settings\COLORTYME\Application Data\Mozilla\Firefox\Profiles\4hjxl3y7.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\COLORTYME\Application Data\Mozilla\Firefox\Profiles\4hjxl3y7.default\history.dat Object is locked skipped
C:\Documents and Settings\COLORTYME\Application Data\Mozilla\Firefox\Profiles\4hjxl3y7.default\key3.db Object is locked skipped
C:\Documents and Settings\COLORTYME\Application Data\Mozilla\Firefox\Profiles\4hjxl3y7.default\parent.lock Object is locked skipped
C:\Documents and Settings\COLORTYME\Application Data\Mozilla\Firefox\Profiles\4hjxl3y7.default\search.sqlite Object is locked skipped
C:\Documents and Settings\COLORTYME\Application Data\Mozilla\Firefox\Profiles\4hjxl3y7.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\COLORTYME\Application Data\MySpace\IM\Logs\MySpaceIM-20070911-175456.log Object is locked skipped
C:\Documents and Settings\COLORTYME\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Microsoft\Messenger\j_holder22@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Microsoft\Messenger\j_holder22@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Microsoft\Messenger\j_holder22@hotmail.com\SharingMetadata\Working\database_9638_FB17_38FA_F559\dfsr.db Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Microsoft\Messenger\j_holder22@hotmail.com\SharingMetadata\Working\database_9638_FB17_38FA_F559\fsr.log Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Microsoft\Messenger\j_holder22@hotmail.com\SharingMetadata\Working\database_9638_FB17_38FA_F559\fsrtmp.log Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Microsoft\Messenger\j_holder22@hotmail.com\SharingMetadata\Working\database_9638_FB17_38FA_F559\tmp.edb Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Microsoft\Windows Live Contacts\j_holder22@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Microsoft\Windows Live Contacts\j_holder22@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Mozilla\Firefox\Profiles\4hjxl3y7.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Mozilla\Firefox\Profiles\4hjxl3y7.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Mozilla\Firefox\Profiles\4hjxl3y7.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Mozilla\Firefox\Profiles\4hjxl3y7.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\History\History.IE5\MSHist012007091120070912\index.dat Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Temp\Perflib_Perfdata_98c.dat Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Temp\~DF370A.tmp Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Temp\~DF47F3.tmp Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Temp\~DF4904.tmp Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Temp\~DFD25.tmp Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Temp\~DFDA3.tmp Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Temp\~DFDE84.tmp Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Temp\~DFE098.tmp Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Temp\~DFE16D.tmp Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Temp\~DFF4CC.tmp Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\COLORTYME\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\COLORTYME\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\COLORTYME\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_COLORTYME.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_COLORTYME.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_COLORTYME.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0005040.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005754.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005755.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005756.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005757.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005765.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005767.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005768.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005769.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005770.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005771.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005772.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005773.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005774.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005775.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005776.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005777.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005778.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005780.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005782.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005784.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005785.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005787.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005788.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005789.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005790.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005793.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005794.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005795.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005796.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005797.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005798.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005799.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005800.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005801.dll Infected: not-a-virus:AdWare.Win32.MyWay.v skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005822.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP51\A0007128.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP63\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Antivirus.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_3f8.dat Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_630.dat Object is locked skipped
C:\WINDOWS\temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

WishIWasAGeek

2007-09-12, 03:55

ComboFix 07-09-10.6 - "COLORTYME" 2007-09-11 20:39:51.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.234 [GMT -5:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\fwnsihcm.exe

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_DOMAINSERVICE

((((((((((((((((((((((((( Files Created from 2007-08-12 to 2007-09-12 )))))))))))))))))))))))))))))))
.

2007-09-10 14:38 95,608 --a------ C:\WINDOWS\SYSTEM32\AvastSS.scr
2007-09-10 14:38 94,416 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
2007-09-10 14:38 92,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys
2007-09-10 14:38 801,144 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-09-10 14:38 42,912 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
2007-09-10 14:38 26,624 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
2007-09-10 14:38 23,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
2007-09-10 14:38 <DIR> d-------- C:\Program Files\Alwil Software
2007-09-10 14:14 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-10 00:25 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2007-09-10 00:09 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-09 19:59 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-09-09 19:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-09 19:26 <DIR> d-------- C:\VundoFix Backups
2007-09-09 15:02 <DIR> d-------- C:\Program Files\PopCap Games
2007-09-08 22:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
2007-09-08 11:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-08 11:47 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-09-08 05:10 2,039,881 ---hs---- C:\WINDOWS\SYSTEM32\ilkkj.bak2
2007-09-07 14:18 6,448 --ahs---- C:\WINDOWS\SYSTEM32\ilkkj.bak1
2007-09-07 14:17 244,832 --a------ C:\WINDOWS\SYSTEM32\jkkli.dll
2007-09-07 14:12 <DIR> d-------- C:\Temp
2007-09-02 13:17 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-02 13:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-02 13:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-26 22:46 <DIR> d-------- C:\Program Files\Common Files\PXIINSTC
2007-08-26 22:46 <DIR> d-------- C:\Program Files\Common Files\PXIINST64C
2007-08-26 22:46 <DIR> d-------- C:\Program Files\Common Files\PAC207
2007-08-26 22:46 <DIR> d-------- C:\Program Files\Basic Webcam
2007-08-22 14:41 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\McAfee.com Personal Firewall
2007-08-21 16:17 <DIR> d-------- C:\Program Files\Virtools
2007-08-20 14:00 135,168 --a------ C:\WINDOWS\SYSTEM32\igfxres.dll
2007-08-20 13:38 23,040 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\fltmc.exe
2007-08-20 13:38 16,896 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\fltlib.dll
2007-08-20 13:38 128,896 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\fltmgr.sys
2007-08-19 15:59 <DIR> d-------- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\APPLIC~1\McAfee.com Personal Firewall
2007-08-19 15:59 <DIR> d-------- C:\DOCUME~1\COLORT~1\APPLIC~1\McAfee.com Personal Firewall
2007-08-19 15:57 <DIR> d--h----- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\APPLIC~1\Gtek
2007-08-19 15:57 <DIR> d--h----- C:\DOCUME~1\COLORT~1\APPLIC~1\Gtek
2007-08-19 15:57 <DIR> d-------- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\APPLIC~1\Sonic
2007-08-19 15:57 <DIR> d-------- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\APPLIC~1\Jasc Software Inc
2007-08-19 15:57 <DIR> d-------- C:\DOCUME~1\COLORT~1\APPLIC~1\Sonic
2007-08-19 15:57 <DIR> d-------- C:\DOCUME~1\COLORT~1\APPLIC~1\Jasc Software Inc
2007-08-19 15:55 9,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys
2007-08-19 15:55 14,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kbdhid.sys
2007-08-19 15:55 12,160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys
2007-08-17 13:37 <DIR> d-------- C:\WINDOWS\PAC207
2007-08-17 13:04 <DIR> d-------- C:\webcam driver pack
2007-08-16 21:53 <DIR> d-------- C:\Program Files\Micro Innovations
2007-08-16 09:37 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-08-16 09:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-08-16 09:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-10 16:36 --------- d-------- C:\Program Files\MySpace
2007-09-08 15:50 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
2007-09-08 11:47 --------- d-------- C:\Program Files\Yahoo!
2007-09-08 11:34 --------- d-------- C:\Program Files\Sonic
2007-08-21 13:02 --------- d-------- C:\Program Files\MSN Messenger
2007-08-20 12:42 --------- d-------- C:\Program Files\Google
2007-08-20 12:29 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-16 21:53 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-10 11:21 --------- d-------- C:\DOCUME~1\COLORT~1\APPLIC~1\Google
2007-08-07 16:11 --------- d-------- C:\DOCUME~1\COLORT~1\APPLIC~1\AdobeUM
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-06 08:23 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
2007-08-02 22:57 --------- d-------- C:\DOCUME~1\COLORT~1\APPLIC~1\PlayFirst
2007-08-02 22:57 --------- d-------- C:\DOCUME~1\COLORT~1\APPLIC~1\GameHouse
2007-08-02 22:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9
2007-08-01 20:12 --------- d-------- C:\DOCUME~1\COLORT~1\APPLIC~1\Corel
2007-08-01 18:57 --------- d-------- C:\Program Files\iTunes
2007-08-01 18:57 --------- d-------- C:\Program Files\iPod
2007-08-01 18:57 --------- d-------- C:\DOCUME~1\COLORT~1\APPLIC~1\Apple Computer
2007-08-01 18:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-01 18:56 --------- d-------- C:\Program Files\QuickTime
2007-08-01 18:56 --------- d-------- C:\Program Files\Apple Software Update
2007-08-01 18:55 --------- d-------- C:\Program Files\Common Files\Apple
2007-08-01 18:55 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-01 10:55 --------- d-------- C:\Program Files\America Online 9.0
2007-08-01 10:54 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\SYSTEM32\WUPS.DLL
2007-07-30 19:18 33624 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2007-07-30 18:28 --------- d-------- C:\DOCUME~1\COLORT~1\APPLIC~1\MySpace
2007-07-30 15:25 --------- d-------- C:\DOCUME~1\COLORT~1\APPLIC~1\Yahoo!
2007-07-30 15:24 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-07-30 15:11 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-07-19 01:59 3583488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-07-12 18:31 765952 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\vgx.dll
2007-06-27 09:34 823808 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-06-27 09:34 671232 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-06-27 09:34 6058496 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-06-27 09:34 52224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-06-27 09:34 477696 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-06-27 09:34 459264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-06-27 09:34 44544 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-06-27 09:34 384512 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-06-27 09:34 383488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-06-27 09:34 27648 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-06-27 09:34 267776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-06-27 09:34 232960 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-06-27 09:34 230400 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-06-27 09:34 193024 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-06-27 09:34 153088 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-06-27 09:34 132608 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-06-27 09:34 124928 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-06-27 09:34 1152000 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-06-27 09:34 105984 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-06-27 09:34 102400 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-06-27 03:27 63488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-06-27 03:27 625152 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-06-27 03:27 13824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-06-27 02:00 161792 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-06-26 22:10 317440 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\unregmp2.exe
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2007-06-26 01:08 1104896 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msxml3.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\SYSTEM32\gdi32.dll
2007-06-19 08:31 282112 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 05:23 1033216 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\explorer.exe
2007-06-11 23:51 10834944 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wmp.dll
.

WishIWasAGeek

2007-09-12, 03:56

((((((((((((((((((((((((((((( snapshot_2007-09-10_ 02217.82 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\spuninst.exe
----a-w 2,854,400 2007-04-18 16:14:43 C:\WINDOWS\$hf_mig$\KB927891\SP2QFE\msi31.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB933360\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB933360\spuninst.exe
----a-w 60,416 2007-07-18 10:33:06 C:\WINDOWS\$hf_mig$\KB933360\SP2QFE\tzchange.exe
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB933360\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB933360\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB933360\update\updspapi.dll
-c----w 2,890,240 2005-05-04 19:45:32 C:\WINDOWS\$NtUninstallKB927891$\msi.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB927891$\spuninst\updspapi.dll
-c----w 60,416 2007-01-29 08:58:06 C:\WINDOWS\$NtUninstallKB933360$\tzchange.exe
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$NtUninstallKB933360$\spuninst\updspapi.dll
-c----w 315,904 2006-11-01 23:31:34 C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe
-c----w 213,216 2005-06-28 15:23:26 C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 15:23:54 C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll
-c----w 132,608 2007-06-27 14:39:42 C:\WINDOWS\ie7updates\KB937143-IE7\extmgr.dll
-c----w 22,752 2007-03-06 01:22:34 C:\WINDOWS\ie7updates\KB937143-IE7\spcustom.dll
-c----w 14,048 2007-03-06 01:22:36 C:\WINDOWS\ie7updates\KB937143-IE7\spmsg.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\ie7updates\KB937143-IE7\spuninst.exe
-c----w 716,000 2007-03-06 01:22:59 C:\WINDOWS\ie7updates\KB937143-IE7\update.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\ie7updates\KB937143-IE7\updspapi.dll
----a-w 317,440 2007-06-27 03:10:26 C:\WINDOWS\INF\unregmp2.exe
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\spuninst.exe
----a-w 765,952 2007-07-12 23:31:54 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\sp2gdr\vgx.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\spuninst.exe
----a-w 60,416 2007-07-18 12:42:22 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\sp2gdr\tzchange.exe
----a-w 60,416 2007-07-18 10:33:06 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\sp2qfe\tzchange.exe
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\spuninst.exe
----a-w 2,854,400 2007-04-18 16:12:23 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\SP2GDR\msi31.dll
----a-w 2,854,400 2007-04-18 16:14:43 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\SP2QFE\msi31.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\update\updspapi.dll
----a-w 13,536 2005-06-28 15:20:24 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spmsg.dll
----a-w 213,216 2005-06-28 15:23:26 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spuninst.exe
----a-w 317,440 2007-06-27 03:10:26 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\unregmp2.exe
----a-w 716,000 2005-06-28 15:24:52 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\update\update.exe
----a-w 371,424 2005-06-28 15:23:54 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\spuninst.exe
----a-w 124,928 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\advpack.dll
----a-w 132,608 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\extmgr.dll
----a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ie4uinit.exe
----a-w 153,088 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ieakeng.dll
----a-w 230,400 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ieaksie.dll
----a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ieakui.dll
----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ieapfltr.dat
----a-w 383,488 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ieapfltr.dll
----a-w 384,512 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\iedkcs32.dll
----a-w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ieframe.dll
----a-w 44,544 2007-06-27 14:34:55 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\iernonce.dll
----a-w 267,776 2007-06-27 14:34:55 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\iertutil.dll
----a-w 13,824 2007-06-27 08:27:05 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ieudinit.exe
----a-w 625,152 2007-06-27 08:27:30 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\iexplore.exe
----a-w 27,648 2007-06-27 14:34:56 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\jsproxy.dll
----a-w 459,264 2007-06-27 14:34:56 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\msfeeds.dll
----a-w 52,224 2007-06-27 14:34:56 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\msfeedsbs.dll
----a-w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\mshtml.dll
----a-w 477,696 2007-06-27 14:34:57 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\mshtmled.dll
----a-w 193,024 2007-06-27 14:34:58 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\msrating.dll
----a-w 671,232 2007-06-27 14:34:58 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\mstime.dll
----a-w 102,400 2007-06-27 14:34:58 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\occache.dll
----a-w 105,984 2007-06-27 14:34:58 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\url.dll
----a-w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\urlmon.dll
----a-w 232,960 2007-06-27 14:34:59 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\webcheck.dll
----a-w 823,808 2007-06-27 14:34:59 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\wininet.dll
----a-w 124,928 2007-06-27 14:39:42 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\advpack.dll
----a-w 132,608 2007-06-27 14:39:42 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\extmgr.dll
----a-w 63,488 2007-06-27 09:16:27 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\ie4uinit.exe
----a-w 153,088 2007-06-27 14:39:42 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\ieakeng.dll
----a-w 230,400 2007-06-27 14:39:43 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\ieaksie.dll
----a-w 161,792 2007-06-27 07:07:01 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\ieakui.dll
----a-w 384,512 2007-06-27 14:39:44 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\iedkcs32.dll
----a-w 6,059,008 2007-06-27 14:39:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\ieframe.dll
----a-w 44,544 2007-06-27 14:39:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\iernonce.dll
----a-w 267,776 2007-06-27 14:39:52 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\iertutil.dll
----a-w 13,824 2007-06-27 09:16:27 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\ieudinit.exe
----a-w 625,152 2007-06-27 09:16:52 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\iexplore.exe
----a-w 27,648 2007-06-27 14:39:54 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\jsproxy.dll
----a-w 459,264 2007-06-27 14:39:55 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\msfeeds.dll
----a-w 52,224 2007-06-27 14:39:55 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\msfeedsbs.dll
----a-w 477,696 2007-06-27 14:40:00 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\mshtmled.dll
----a-w 193,024 2007-06-27 14:40:01 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\msrating.dll
----a-w 671,232 2007-06-27 14:40:01 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\mstime.dll
----a-w 102,400 2007-06-27 14:40:01 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\occache.dll
----a-w 105,984 2007-06-27 14:40:01 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\url.dll
----a-w 1,154,048 2007-06-27 14:40:02 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\urlmon.dll
----a-w 232,960 2007-06-27 14:40:02 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\webcheck.dll
----a-w 824,320 2007-06-27 14:40:03 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\update\updspapi.dll
------w 61,952 2006-10-17 16:58:20 C:\WINDOWS\SYSTEM32\icardie.dll
------w 180,736 2006-11-08 02:03:36 C:\WINDOWS\SYSTEM32\ieui.dll
----a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\SYSTEM32\MRT.exe
------w 12,288 2006-10-17 16:58:32 C:\WINDOWS\SYSTEM32\msfeedssync.exe
----a-w 2,854,400 2007-04-18 16:12:23 C:\WINDOWS\SYSTEM32\msi.dll
----a-w 60,416 2007-07-18 12:42:22 C:\WINDOWS\SYSTEM32\tzchange.exe
------w 206,336 2006-10-17 17:05:58 C:\WINDOWS\SYSTEM32\WinFXDocObj.exe
----a-w 33,624 2007-07-31 00:18:40 C:\WINDOWS\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
----a-w 43,352 2007-07-31 00:19:12 C:\WINDOWS\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll
----atw 16,384 2007-09-11 23:27:08 C:\WINDOWS\temp\Perflib_Perfdata_3f8.dat
----atw 16,384 2007-09-12 01:44:18 C:\WINDOWS\temp\Perflib_Perfdata_648.dat
----atw 16,384 2007-09-11 04:17:34 C:\WINDOWS\temp\Perflib_Perfdata_658.dat
----atw 16,384 2007-09-11 04:09:13 C:\WINDOWS\temp\Perflib_Perfdata_660.dat
----atw 16,384 2007-09-10 22:43:52 C:\WINDOWS\temp\Perflib_Perfdata_66c.dat
----atw 16,384 2007-09-11 14:29:49 C:\WINDOWS\temp\Perflib_Perfdata_670.dat
.
-c----w 131,584 2006-11-08 02:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\extmgr.dll
----a-w 315,904 2006-11-01 23:31:34 C:\WINDOWS\INF\unregmp2.exe
----a-w 61,952 2006-10-17 16:58:20 C:\WINDOWS\SYSTEM32\icardie.dll
----a-w 180,736 2006-11-08 02:03:36 C:\WINDOWS\SYSTEM32\ieui.dll
----a-w 16,789,464 2007-08-03 04:34:10 C:\WINDOWS\SYSTEM32\MRT.exe
----a-w 12,288 2006-10-17 16:58:32 C:\WINDOWS\SYSTEM32\msfeedssync.exe
----a-w 2,890,240 2005-05-04 19:45:32 C:\WINDOWS\SYSTEM32\msi.dll
----a-w 60,416 2007-01-29 08:58:06 C:\WINDOWS\SYSTEM32\tzchange.exe
----a-w 206,336 2006-10-17 17:05:58 C:\WINDOWS\SYSTEM32\WinFXDocObj.exe
.

WishIWasAGeek

2007-09-12, 03:57

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03C1F11F-4BDD-4517-8D78-6676BA96F5F2}]
2007-09-07 14:17 244832 --a------ C:\WINDOWS\system32\jkkli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D2AD9C0-E695-4847-9C43-2F17228EEB01}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9656B444-F8E0-4105-ABCF-7E39FED22BC8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A47447B4-497A-42E1-B0C8-E187B007A3D2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D753262B-B605-486C-A328-3C783CAA5AC9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 16:42]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 09:50]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 16:15]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2004-08-17 19:26]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2004-08-17 19:29]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-02-08 14:04]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 17:55]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-08-22 16:31]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 05:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 08:51]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 15:17]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 19:04]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-02-08 14:03:21]
DESKTOP.INI [2004-08-10 14:04:12]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-02-08 13:52:45]

C:\DOCUME~1\COLORT~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-08-10 14:04:12]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-08-10 14:04:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomjkkj]
qomjkkj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\jkkli

R3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-12 01:45:20 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DJG6KS61-COLORTYME).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2007-09-12 01:47:56 C:\WINDOWS\Tasks\McAfee.com Update Check (DJG6KS61-COLORTYME).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-09-12 01:50:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DJG6KS61-Owner).job"
- c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-11 20:45:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-11 20:50:31 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-11 20:50
C:\ComboFix2.txt ... 2007-09-10 00:23
.
--- E O F ---

WishIWasAGeek

2007-09-12, 04:00

hijack.....now renamed whatever.exe

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:59 PM, on 9/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\whatever.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {03C1F11F-4BDD-4517-8D78-6676BA96F5F2} - C:\WINDOWS\system32\jkkli.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7D2AD9C0-E695-4847-9C43-2F17228EEB01} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9656B444-F8E0-4105-ABCF-7E39FED22BC8} - (no file)
O2 - BHO: (no name) - {A47447B4-497A-42E1-B0C8-E187B007A3D2} - (no file)
O2 - BHO: (no name) - {D753262B-B605-486C-A328-3C783CAA5AC9} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZKxdm011YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O20 - Winlogon Notify: qomjkkj - qomjkkj.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 9812 bytes

WishIWasAGeek

2007-09-12, 05:50

Help:
after running vundofix and doing an avast antivirus search it still say im effected and the same pop-ups keep popping up.

tashi

2007-09-27, 21:04

Hello.

Because of the volume of posts to your own topic, helpers may have thought you were already being assisted.

We ask only for a HJT log and the results of an on-line anti virus scan.

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

For people waiting who have not resolved their problem, we have a sticky topic:
The Waiting Room: Post here if waiting for help longer than four days (http://forums.spybot.info/forumdisplay.php?f=37)

However if members waiting for assistance do not post there, their topic is archived.

If you need the thread re-opened, please send me a private message (pm) and provide a link.