Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Need help cleaning an infected PC

  1. #1
    Junior Member
    Join Date
    Sep 2007
    Posts
    7

    Default Need help cleaning an infected PC

    Thank you all in advance for taking the time to provide assistance.

    I recently came into possession of my girlfriends older Dell PC and have been attempting to get it Spyware free for her. The main concern seems to be incesstant Internet Explorer popups, as well as ad banners from unsolicited sources. She has tried numerous spyware removal techniques, including VundoFix, but the problem has persisted.

    Attached is a copy of the HijackThis log. Any insight you could provide would be greatly appreciated.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:35:46 PM, on 9/4/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\Rundll32.exe
    C:\PROGRA~1\mcafee.com\agent\McAgent.exe
    C:\Program Files\QuickTime\qttask.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\eFax Messenger 4.2\J2GTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\palmOne\HOTSYNC.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\WINDOWS\system32\divxsm.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Jason\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1C799E4E-4706-FAAF-DE3F-F91A46F89CAD} - C:\DOCUME~1\Jason\APPLIC~1\MEOWST~1\EncSafe.exe (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {922664B8-61CF-4A50-9498-1FA900A62DFC} - C:\Program Files\Windows NT\qucogajov43855.dll (file missing)
    O2 - BHO: (no name) - {92BD0FF0-7835-420D-8489-FA18190F48F5} - C:\WINDOWS\system32\ssqpm.dll (file missing)
    O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\gebywut.dll (file missing)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [njgqwprA] C:\WINDOWS\njgqwprA.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [FILE PROC] C:\DOCUME~1\Jason\APPLIC~1\BOREPL~1\chin flaw.exe
    O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.imageservr.com
    O15 - Trusted Zone: *.imagesrvr.com
    O15 - Trusted Zone: *.drivecleaner.com (HKLM)
    O15 - Trusted Zone: *.errorprotector.com (HKLM)
    O15 - Trusted Zone: *.imageservr.com (HKLM)
    O15 - Trusted Zone: *.imagesrvr.com (HKLM)
    O15 - Trusted Zone: *.systemdoctor.com (HKLM)
    O15 - Trusted Zone: *.winantispyware.com (HKLM)
    O15 - Trusted Zone: *.winantivirus.com (HKLM)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A23FE65-9341-4EBC-9200-40C84306183E}: NameServer = 208.67.220.220 208.67.222.222
    O20 - Winlogon Notify: gebywut - gebywut.dll (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\mbvvbabi.exe (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\xuwuen.html

    --
    End of file - 9446 bytes

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hello GatecrasherPH

    Welcome to Safer Networking.

    Please read Before You Post

    You have one heavily infected computer on your hands, I will do my best to try and clean you up.


    We need it to have HJT in its own folder for backup purposes. I would prefer that you delete HJT from where you have it installed and re install it like this

    Download and install Trendmicros Hijackthis

    Download the Trendmicro Hijackthis Installer, follow defauts and it will install in C:\Program Files\Trendmicro\Hijackthis and this is exactly where we want it to be.


    We need to run a few scans but so not to overwhelm you we will do a little at a time.


    Please download ATF Cleaner by Atribune to your desktop.
    • This program is for XP and Windows 2000 only
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.


    Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up



    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply

    Note: Do not mouseclick combofix's window while its running. That may cause it to stall


    Before you post a new HJT log, do this.
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe<-- Right click on Hijackthis.exe ( looks like a man with a spyglass )and rename it to Scanner.exe

  3. #3
    Junior Member
    Join Date
    Sep 2007
    Posts
    7

    Default

    Please find attached the ComboFix and HijackThis logs. Thanks for taking a look at this.

    HijackThis Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:15:46 PM, on 9/4/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\PROGRA~1\mcafee.com\agent\McAgent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\eFax Messenger 4.2\J2GTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\palmOne\HOTSYNC.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Jason\Desktop\HiJackThis.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1C799E4E-4706-FAAF-DE3F-F91A46F89CAD} - C:\DOCUME~1\Jason\APPLIC~1\MEOWST~1\EncSafe.exe (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {922664B8-61CF-4A50-9498-1FA900A62DFC} - C:\Program Files\Windows NT\qucogajov43855.dll (file missing)
    O2 - BHO: (no name) - {92BD0FF0-7835-420D-8489-FA18190F48F5} - C:\WINDOWS\system32\ssqpm.dll (file missing)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [njgqwprA] C:\WINDOWS\njgqwprA.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [FILE PROC] C:\DOCUME~1\Jason\APPLIC~1\BOREPL~1\chin flaw.exe
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.imageservr.com
    O15 - Trusted Zone: *.imagesrvr.com
    O15 - Trusted Zone: *.drivecleaner.com (HKLM)
    O15 - Trusted Zone: *.errorprotector.com (HKLM)
    O15 - Trusted Zone: *.imageservr.com (HKLM)
    O15 - Trusted Zone: *.imagesrvr.com (HKLM)
    O15 - Trusted Zone: *.systemdoctor.com (HKLM)
    O15 - Trusted Zone: *.winantispyware.com (HKLM)
    O15 - Trusted Zone: *.winantivirus.com (HKLM)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A23FE65-9341-4EBC-9200-40C84306183E}: NameServer = 208.67.220.220 208.67.222.222
    O20 - Winlogon Notify: gebywut - gebywut.dll (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\xuwuen.html

    --
    End of file - 8899 bytes






    ComboFix log:

    ComboFix 07-08-30.3 - "Jason" 2007-09-04 17:08:48.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.646 [GMT -7:00]
    * Created a new restore point


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Common Files\xuwuen.html
    C:\Program Files\winpop
    C:\temp\0b9
    C:\temp\0b9\tmpTF.log
    C:\temp\iee
    C:\temp\iee\tmpZTF.log
    C:\temp\tn3
    C:\WINDOWS\cs_cache.ini
    C:\WINDOWS\system32\drivers\core.cache.dsk
    C:\WINDOWS\system32\drivers\core.sys
    C:\WINDOWS\system32\F1
    C:\WINDOWS\system32\F2
    C:\WINDOWS\system32\F3
    C:\WINDOWS\system32\F4
    C:\WINDOWS\system32\F5
    C:\WINDOWS\system32\o02PrEz
    C:\WINDOWS\system32\win
    C:\WINDOWS\wr.txt


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_CORE
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_NET_AGENT
    -------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
    -------\core
    -------\DomainService
    -------\Net Agent


    ((((((((((((((((((((((((( Files Created from 2007-08-05 to 2007-09-05 )))))))))))))))))))))))))))))))


    2007-09-04 17:08 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-09-04 17:05 <DIR> d-------- C:\Program Files\Trend Micro
    2007-08-08 22:31 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-19 16:21 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-08-19 16:10 --------- d-------- C:\Program Files\Bodog Poker
    2007-08-10 18:11 --------- d-------- C:\Program Files\Full Tilt Poker.Net
    2007-08-05 14:05 --------- d-------- C:\Program Files\World of Warcraft
    2007-07-31 01:20 --------- d-------- C:\Program Files\Hitman Pro
    2007-07-31 01:14 --------- d-------- C:\Program Files\Spyware Doctor
    2007-07-30 23:58 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-07-30 23:31 --------- d-------- C:\Program Files\SpywareBlaster
    2007-07-30 23:20 --------- d-------- C:\Program Files\XoftSpySE
    2007-07-30 23:18 --------- d-------- C:\Program Files\Creative
    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
    2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
    2007-07-19 22:37 246 --a------ C:\Program Files\Common Files\tenaz386
    2007-07-18 23:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-07-13 15:27 246 --a------ C:\Program Files\Common Files\tenaz490
    2007-07-12 16:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
    2007-07-05 15:49 --------- d-------- C:\Program Files\Winamp
    2007-06-27 07:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
    2007-06-27 07:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
    2007-06-27 07:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-06-27 07:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-06-27 07:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-06-27 07:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-06-27 07:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-06-27 07:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-06-27 07:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-06-27 07:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-06-27 07:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-06-27 07:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-06-27 07:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-06-27 07:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
    2007-06-27 07:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-06-27 07:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-06-27 07:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
    2007-06-27 07:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-06-27 07:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
    2007-06-27 07:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
    2007-06-27 01:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-06-27 01:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-06-27 01:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-06-27 00:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
    2007-06-25 23:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
    2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
    2007-06-19 06:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
    2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
    2007-06-13 03:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C799E4E-4706-FAAF-DE3F-F91A46F89CAD}]
    C:\DOCUME~1\Jason\APPLIC~1\MEOWST~1\EncSafe.exe

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{922664B8-61CF-4A50-9498-1FA900A62DFC}]
    C:\Program Files\Windows NT\qucogajov43855.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92BD0FF0-7835-420D-8489-FA18190F48F5}]
    C:\WINDOWS\system32\ssqpm.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 11:52]
    "P17Helper"="P17.dll" [2004-06-10 10:51 C:\WINDOWS\SYSTEM32\P17.dll]
    "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2004-08-17 17:29]
    "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [2004-08-17 17:26]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
    "njgqwprA"="C:\WINDOWS\njgqwprA.exe" []
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 15:22]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AIM"="C:\Program Files\AIM\aim.exe" [2004-12-08 15:50]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
    "FILE PROC"="C:\DOCUME~1\Jason\APPLIC~1\BOREPL~1\chin flaw.exe" []

    C:\DOCUME~1\Jason\STARTM~1\Programs\Startup\
    DESKTOP.INI [2004-08-10 12:04:12]
    HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [2004-04-12 12:25:16]
    PowerReg Scheduler.exe [2005-07-10 17:58:11]

    C:\DOCUME~1\WOW\STARTM~1\Programs\Startup\
    DESKTOP.INI [2004-08-10 12:04:12]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= C:\Program Files\Common Files\xuwuen.html
    FriendlyName=

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "System"="cscfs.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebywut]
    gebywut.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS
    R3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys
    R3 P17;Sound Blaster Live! 24-bit;C:\WINDOWS\system32\drivers\P17.sys
    S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys


    Contents of the 'Scheduled Tasks' folder
    2007-09-05 00:00:01 C:\WINDOWS\Tasks\6359F309B1C70BC1.job - c:\docume~1\jason\applic~1\borepl~1\Drive New Type.exe
    2007-09-01 01:05:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    2007-09-02 16:05:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (CRAZYJAY-Jason).job - c:\program files\mcafee.com\vso\mcmnhdlr.exe
    2007-09-04 19:27:21 C:\WINDOWS\Tasks\McAfee.com Update Check (CRAZYJAY-Jason).job - C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    2007-09-04 12:49:12 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-04 17:13:34
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-09-04 17:15:13 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-09-04 17:15

    --- E O F ---

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    I need you to move HJT like instructed and to rename it, the reason being is that we are going to remove entries with HJT and those will not be able to be restored if there lost. Also, one of the infections you have has been written to evade a HJT scan and by renaming it if its present it will show up on your log.

    So please reread my post about moving it and renaming it. Please do not proceed until you have done so



    Open HijackThis > Do a System Scan Only, close your browser and all open windows, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

    02 - BHO: (no name) - {1C799E4E-4706-FAAF-DE3F-F91A46F89CAD} - C:\DOCUME~1\Jason\APPLIC~1\MEOWST~1\EncSafe.exe (file missing)
    O2 - BHO: (no name) - {922664B8-61CF-4A50-9498-1FA900A62DFC} - C:\Program Files\Windows NT\qucogajov43855.dll (file missing)
    O2 - BHO: (no name) - {92BD0FF0-7835-420D-8489-FA18190F48F5} - C:\WINDOWS\system32\ssqpm.dll (file missing)

    O4 - HKCU\..\Run: [FILE PROC] C:\DOCUME~1\Jason\APPLIC~1\BOREPL~1\chin flaw.exe
    O4 - Startup: PowerReg Scheduler.exe
    O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

    O20 - Winlogon Notify: gebywut - gebywut.dll (file missing)

    O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\xuwuen.html




    Download: DelDomains and save it to the desktop.
    • Close all open windows and your browser
    • Right Click DelDomains.inf and select > Install
    • Reboot your computer






    REGEDIT4

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C799E4E-4706-FAAF-DE3F-F91A46F89CAD}]
    C:\DOCUME~1\Jason\APPLIC~1\MEOWST~1\EncSafe.exe

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{922664B8-61CF-4A50-9498-1FA900A62DFC}]
    C:\Program Files\Windows NT\qucogajov43855.dll

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92BD0FF0-7835-420D-8489-FA18190F48F5}]
    C:\WINDOWS\system32\ssqpm.dll


    Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.



    Please Download No Lop to your desktop

    • First close any other programs you have running as this will require a reboot
    • Double click NoLop.exe to run it
    • Now click the button labeled "Search and Destroy"
      <<your computer will now be scanned for infected files>>
    • When scanning is finished you will be prompted to reboot only if infected, Click OK
    • Now click the "REBOOT" Button.
    • A Message should pop-up from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log after completing the next steps.
    --If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.


    C:\Program Files\NetPumper <--Delete this entire folder


    Let me see the No Lop report and a New HJT log in its own folder and renamed please

  5. #5
    Junior Member
    Join Date
    Sep 2007
    Posts
    7

    Default

    My apologies, I thought I had renamed it but must have missed something.

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    is not C:\Program Files\Trend Micro\HijackThis\Scanner.exe


    I will run these additional tests and resubmit log

  6. #6
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Thats fine, this stuff is a little overwhelming to some users so take your time.

    It would be easier like I said if you just removed HJT from where you have it and download it fresh, follow the defaults and it will install the proper folder. Make sure you download the HJT installer.

    Then just right click on the HJT icon and a menu will come up, then click on Rename and type in Scanner.exe <-- Dont forget the .exe

  7. #7
    Junior Member
    Join Date
    Sep 2007
    Posts
    7

    Default

    Attached are the updated HijackThis log as well as the NoLop log. I can already notice the computer running better.

    NoLop:

    NoLop! Log by Skate_Punk_21

    Fix running from: C:\Documents and Settings\Jason\Desktop
    [9/4/2007]
    [8:08:22 PM]

    ---Infection Files Found/Removed---
    C:\WINDOWS\tasks\6359F309B1C70BC1.job

    Beginning Removal...
    Rebooting...
    Removing Lop's Leftover Files/Folders...
    Editing Registry...
    **Fix Complete!**

    ---Listing AppData sub directories---

    C:\Documents and Settings\All Users\Application Data\Adobe
    C:\Documents and Settings\All Users\Application Data\Aol
    C:\Documents and Settings\All Users\Application Data\Apple Computer
    C:\Documents and Settings\All Users\Application Data\Dell
    C:\Documents and Settings\All Users\Application Data\Dell Photo Printer 720
    C:\Documents and Settings\All Users\Application Data\Efax Messenger 4.2 Setup
    C:\Documents and Settings\All Users\Application Data\Grisoft
    C:\Documents and Settings\All Users\Application Data\Hp
    C:\Documents and Settings\All Users\Application Data\Installshield
    C:\Documents and Settings\All Users\Application Data\Kodak
    C:\Documents and Settings\All Users\Application Data\Mcafee.com
    C:\Documents and Settings\All Users\Application Data\Microsoft
    C:\Documents and Settings\All Users\Application Data\Quicktime
    C:\Documents and Settings\All Users\Application Data\Sbsi
    C:\Documents and Settings\All Users\Application Data\Spamhtmbitsgreat
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    C:\Documents and Settings\All Users\Application Data\Winzip -- EMPTY Directory
    C:\Documents and Settings\Default User\Application Data\Creative
    C:\Documents and Settings\Default User\Application Data\Identities
    C:\Documents and Settings\Default User\Application Data\Jasc Software Inc
    C:\Documents and Settings\Default User\Application Data\Microsoft
    C:\Documents and Settings\Default User\Application Data\Sun
    C:\Documents and Settings\Jason\Application Data\.bittorrent
    C:\Documents and Settings\Jason\Application Data\Adobe
    C:\Documents and Settings\Jason\Application Data\Adobeum -- EMPTY Directory
    C:\Documents and Settings\Jason\Application Data\Aim
    C:\Documents and Settings\Jason\Application Data\Aol
    C:\Documents and Settings\Jason\Application Data\Apple Computer
    C:\Documents and Settings\Jason\Application Data\Avant Browser
    C:\Documents and Settings\Jason\Application Data\Boreplanheck
    C:\Documents and Settings\Jason\Application Data\Corel
    C:\Documents and Settings\Jason\Application Data\Creative
    C:\Documents and Settings\Jason\Application Data\Cyberlink
    C:\Documents and Settings\Jason\Application Data\Efax Messenger
    C:\Documents and Settings\Jason\Application Data\Grisoft
    C:\Documents and Settings\Jason\Application Data\Help -- EMPTY Directory
    C:\Documents and Settings\Jason\Application Data\Hp
    C:\Documents and Settings\Jason\Application Data\Identities
    C:\Documents and Settings\Jason\Application Data\Jasc Software Inc
    C:\Documents and Settings\Jason\Application Data\Lavasoft
    C:\Documents and Settings\Jason\Application Data\Leadertech
    C:\Documents and Settings\Jason\Application Data\Macromedia
    C:\Documents and Settings\Jason\Application Data\Mcafee.com Personal Firewall
    C:\Documents and Settings\Jason\Application Data\Meowstopdrv -- EMPTY Directory
    C:\Documents and Settings\Jason\Application Data\Microsoft
    C:\Documents and Settings\Jason\Application Data\Morpheus
    C:\Documents and Settings\Jason\Application Data\Mozilla
    C:\Documents and Settings\Jason\Application Data\My Games
    C:\Documents and Settings\Jason\Application Data\Pc Tools
    C:\Documents and Settings\Jason\Application Data\Real
    C:\Documents and Settings\Jason\Application Data\Shareaza
    C:\Documents and Settings\Jason\Application Data\Sun
    C:\Documents and Settings\Jason\Application Data\Utorrent
    C:\Documents and Settings\Jason\Application Data\Ventrilo
    C:\Documents and Settings\Jason\Application Data\Webroot
    C:\Documents and Settings\Jason\Application Data\Webshots -- EMPTY Directory
    C:\Documents and Settings\Localservice\Application Data\Mcafee.com Personal Firewall
    C:\Documents and Settings\Localservice\Application Data\Microsoft
    C:\Documents and Settings\Localservice\Application Data\Webroot
    C:\Documents and Settings\Networkservice\Application Data\Microsoft
    C:\Documents and Settings\Networkservice\Application Data\Webroot
    C:\Documents and Settings\Wow\Application Data\Creative
    C:\Documents and Settings\Wow\Application Data\Identities
    C:\Documents and Settings\Wow\Application Data\Jasc Software Inc
    C:\Documents and Settings\Wow\Application Data\Microsoft
    C:\Documents and Settings\Wow\Application Data\Sun



    HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:13:00 PM, on 9/4/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\Rundll32.exe
    C:\PROGRA~1\mcafee.com\agent\McAgent.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Winamp\winampa.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\eFax Messenger 4.2\J2GTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\palmOne\HOTSYNC.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Trend Micro\HijackThis\Scanner.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [njgqwprA] C:\WINDOWS\njgqwprA.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A23FE65-9341-4EBC-9200-40C84306183E}: NameServer = 208.67.220.220 208.67.222.222
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

    --
    End of file - 7560 bytes

  8. #8
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    I can already notice the computer running better. Little more to do.


    • Your Java is out of date and leaving your system vulnerable.
    • Go to your Add-Remove Programs in the Control Panel and uninstall any previous versions of Java (J2SE Runtime Environment)
    • It should have an icon next to it:

      Select it and click Remove.
    • Reboot your system.
    • Then go to the Sun Microsystems and install the update
    • Java Runtime Environment Version 6 Update 2 <--This is what you need to download and install.
    • If you chose the online installation, it will prompt you to run the program.
    • If you chose the offline installation, you will be prompted to save the file and you can run it from wherever you saved it.
    • Then after install you can verify your installation here Sun Java Verify
    I like to to do the offline installation and save the setup file in case I may need it in the future


    There is a file on your log that won't Google, when nothing comes up its almost 99.9% bad, but before we remove it I would like you to upload it to this site for analysis.

    Go to Jotti Upload and under the browse feature, browse to this file
    C:\WINDOWS\njgqwprA.exe

    Then click on upload and it will give you a report, post the report in your next reply along with a new HJT log

  9. #9
    Junior Member
    Join Date
    Sep 2007
    Posts
    7

    Default

    Will work on all of those. Unfortunately I am running out the door for work, I will update all of those when I return.

  10. #10
    Junior Member
    Join Date
    Sep 2007
    Posts
    7

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:05:31 PM, on 9/5/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\Rundll32.exe
    C:\PROGRA~1\mcafee.com\agent\McAgent.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Winamp\winampa.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\eFax Messenger 4.2\J2GTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\palmOne\HOTSYNC.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Trend Micro\HijackThis\Scanner.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A23FE65-9341-4EBC-9200-40C84306183E}: NameServer = 208.67.220.220 208.67.222.222
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

    --
    End of file - 7679 bytes



    I was not able to find that file you referenced in the WINDOWS folder.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •