Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: virtumonde

  1. #1
    Junior Member
    Join Date
    Aug 2009
    Location
    NC,USA
    Posts
    17

    Default virtumonde

    Hi

    I have clicked where I knew it was a bad idea and gotten a virtumonde trojan for my trouble. Sometime you really should listen to yourself... Different S&D scans have shown from 1 to 4 entries for virtumonde

    I have done an erunt registry backup and included the HJT log below.

    Thank you in advance for your assistance.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:22:10 AM, on 8/1/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\eMachines Bay Reader\shwiconem.exe
    C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Common Files\AOL\1106703461\ee\AOLSoftware.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Samsung\EmoDio\SMSTray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\kdx\KHost.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\PROGRA~1\Logitech\WINGMA~1\Lwpevntm.exe
    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\McAfee\VirusScan\McShield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://today.ask.com/emodio?gcht=SV&o=101676&l=dis
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1106703461\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Lwinst Run Profiler] C:\PROGRA~1\Logitech\WINGMA~1\Lwinst.exe -d -l "C:\PROGRA~1\Logitech\WINGMA~1\Lwpevntm.exe"
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [A00F66AF569.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F66AF569.exe
    O4 - HKCU\..\Run: [A00F7BEBC1.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F7BEBC1.exe
    O4 - HKCU\..\Run: [A00FBA384D.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00FBA384D.exe
    O4 - HKCU\..\Run: [A00F138D9D.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F138D9D.exe
    O4 - HKCU\..\Run: [A00F5B9D6F1.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F5B9D6F1.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - https://support.gateway.com/support/.../PCPitStop.CAB
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab
    O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://cdn.digitalcity.com/video/kdx.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab
    O20 - AppInit_DLLs: C:\WINDOWS\System32\digest32.dll
    O20 - Winlogon Notify: 8a1bfb1649 - C:\WINDOWS\System32\digest32.dll
    O20 - Winlogon Notify: __c001CACF - C:\WINDOWS\system32\__c001CACF.dat
    O20 - Winlogon Notify: __c0091FB2 - C:\WINDOWS\
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 11314 bytes

    Sorry for the multiple posting. indications on this end that the connection was not being made

    outdoer
    Last edited by tashi; 2009-08-01 at 19:23. Reason: Merged 2 posts, removed other topics ;-)

  2. #2
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
    "BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
    All advice given is taken at your own risk.
    Please make sure you have read this information so we are on the same page.

    You must have read and followed the "Before you Post" instructions.

    1) Please do not enable TeaTimer while we work together.

    2) Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    Once installed, you should see a blue screen prompt that says:

    The Recovery Console was successfully installed

    Please continue as follows:

    Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    http://www.bleepingcomputer.com/forums/topic114351.html
    Remember to re-enable them afterwards.

    Click Yes to allow ComboFix to continue scanning for malware.

    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    When the tool is finished, it will produce a report for you. Post that report and a new HJT log

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use

    3) Post also an uninstall list: Open Hijackthis.
    Click the "Open the Misc Tools" section Button.
    Click the "Open Uninstall Manager" Button.
    Click the "Save list..." Button.
    Save it to your desktop. Copy and paste the contents into your reply.
    Image: http://img.bleepingcomputer.com/tuto...nstall-man.jpg

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  3. #3
    Junior Member
    Join Date
    Aug 2009
    Location
    NC,USA
    Posts
    17

    Default Combofix log

    ComboFix 09-08-01.09 - Owner 08/02/2009 21:07.1.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.248 [GMT -4:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\Owner\LOCALS~1\Temp\2A.tmp
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\documents and settings\Owner\Application Data\0200000091d8d814649C.manifest
    c:\documents and settings\Owner\Application Data\0200000091d8d814649O.manifest
    c:\documents and settings\Owner\Application Data\0200000091d8d814649P.manifest
    c:\documents and settings\Owner\Application Data\0200000091d8d814649S.manifest
    c:\documents and settings\Owner\Local Settings\Temp\2A.tmp
    c:\program files\WinPCap
    c:\program files\WinPCap\daemon_mgm.exe
    c:\program files\WinPCap\INSTALL.LOG
    c:\program files\WinPCap\NetMonInstaller.exe
    c:\program files\WinPCap\npf_mgm.exe
    c:\program files\WinPCap\rpcapd.exe
    c:\program files\WinPCap\Uninstall.exe
    c:\recycler\S-1-5-21-1074224062-4008096682-718314365-1003
    c:\recycler\S-1-5-21-108238629-2543261533-15658814-1003
    c:\recycler\S-1-5-21-1237417076-4124189201-3592717025-1003
    c:\recycler\S-1-5-21-1692090417-3754952875-3743322987-1003
    c:\recycler\S-1-5-21-1935193532-3380928342-1166660273-1003
    c:\recycler\S-1-5-21-1960408961-2049760794-839522115-1003
    c:\recycler\S-1-5-21-2098471463-1984184332-3459855668-1003
    c:\recycler\S-1-5-21-2187232315-2653712155-2884993939-1003
    c:\recycler\S-1-5-21-369970505-783447879-1513832709-1003
    c:\recycler\S-1-5-21-3823185962-2795022387-281022331-1003
    c:\recycler\S-1-5-21-729851438-799874365-1875046073-1003
    c:\windows\Installer\381fe6a2.msi
    c:\windows\system32\__c001CACF.dat
    c:\windows\system32\__c001E440.dat
    c:\windows\system32\__c005AA24.dat
    c:\windows\system32\__c00E824E.dat
    c:\windows\system32\__c00F3C60.dat
    c:\windows\system32\__c00FBFA.dat
    c:\windows\system32\33i7pnswgPLDx.vbs
    c:\windows\system32\6QtvKnbC2nVZfex.vbs
    c:\windows\system32\7c67C.vbs
    c:\windows\system32\7IZelOKHF1UU41W.vbs
    c:\windows\system32\DIGEST32.DLL
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\e6ThsOr.vbs
    c:\windows\system32\eAwWOAuJrOO3s.vbs
    c:\windows\system32\GroupPolicy000.dat
    c:\windows\system32\IWux9ENDDMILN.vbs
    c:\windows\system32\LO5p6.vbs
    c:\windows\system32\muzapp.exe
    c:\windows\system32\nQjxOZKqrbeTQg3.vbs
    c:\windows\system32\Packet.dll
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\sffJJBa.vbs
    c:\windows\system32\svAHjUuBJWqP7iz.vbs
    c:\windows\system32\SystemX86
    c:\windows\system32\SystemX86\237.crack.zip
    c:\windows\system32\SystemX86\237.crack.zip.kwd
    c:\windows\system32\SystemX86\238.keygen.zip
    c:\windows\system32\SystemX86\238.keygen.zip.kwd
    c:\windows\system32\SystemX86\239.serial.zip
    c:\windows\system32\SystemX86\239.serial.zip.kwd
    c:\windows\system32\SystemX86\240.setup.zip
    c:\windows\system32\SystemX86\240.setup.zip.kwd
    c:\windows\system32\SystemX86\241.music.au
    c:\windows\system32\SystemX86\241.music.au.kwd
    c:\windows\system32\SystemX86\242.music2.au
    c:\windows\system32\SystemX86\242.music2.au.kwd
    c:\windows\system32\SystemX86\243.music3.au
    c:\windows\system32\SystemX86\243.music3.au.kwd
    c:\windows\system32\SystemX86\244.music.snd
    c:\windows\system32\SystemX86\244.music.snd.kwd
    c:\windows\system32\vaZxqLGpVwHQr.vbs
    c:\windows\system32\WanPacket.dll
    c:\windows\system32\wpcap.dll
    C:\xcrashdump.dat

    ----- BITS: Possible infected sites -----

    hxxp://www.spiralfrog.com
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_NPF


    ((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 )))))))))))))))))))))))))))))))
    .

    2009-08-02 16:09 . 2009-08-02 16:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2009-08-02 16:09 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-02 16:09 . 2009-08-02 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-08-02 16:09 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-02 16:09 . 2009-08-03 00:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-08-01 12:53 . 2009-08-01 12:53 -------- d-----w- c:\program files\Trend Micro
    2009-08-01 12:45 . 2009-08-01 12:45 -------- d-----w- c:\program files\ERUNT
    2009-07-26 02:50 . 2009-07-26 12:18 -------- d-----w- c:\temp\AnyDvd
    2009-07-25 22:23 . 2009-07-25 22:24 7366832 ----a-w- c:\temp\frostwire-4.18.0.windows.exe
    2009-07-21 23:12 . 2009-07-21 23:12 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
    2009-07-21 23:10 . 2009-07-21 23:10 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
    2009-07-17 11:03 . 2009-07-26 12:23 -------- d-----w- c:\program files\Advanced Registry Optimizer
    2009-07-17 02:57 . 2009-07-17 02:57 2803448 ----a-w- c:\temp\AROTrial_bt.exe
    2009-07-13 10:56 . 2009-07-13 10:56 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
    2009-07-13 10:03 . 2009-07-13 10:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2009-07-13 07:09 . 2009-07-13 07:09 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2009-07-13 03:02 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2009-07-13 03:02 . 2009-07-13 03:03 -------- d-----w- c:\windows\ie8updates
    2009-07-13 03:01 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2009-07-13 03:01 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2009-07-13 02:56 . 2009-07-13 03:00 -------- dc-h--w- c:\windows\ie8

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-03 01:07 . 2009-08-03 01:07 0 ----a-w- c:\windows\system32\47C.tmp
    2009-07-31 09:53 . 2004-10-25 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\X10 Settings
    2009-07-29 23:46 . 2004-10-31 01:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-07-26 12:44 . 2004-10-31 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-07-26 12:30 . 2007-11-04 14:37 -------- d-----w- c:\program files\SpiralFrog
    2009-07-26 12:30 . 2007-11-04 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spiralfrog
    2009-07-26 03:18 . 2009-03-10 00:33 -------- d-----w- c:\documents and settings\Owner\Application Data\FrostWire
    2009-07-03 17:09 . 2004-08-24 00:32 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-06-16 14:36 . 2002-02-15 16:51 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-16 14:36 . 2002-02-15 16:51 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-11 20:41 . 2002-02-15 18:16 -------- d-----w- c:\program files\Java
    2009-06-11 10:49 . 2009-06-11 10:49 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
    2009-06-03 19:09 . 2003-05-30 17:00 1291264 ----a-w- c:\windows\system32\quartz.dll
    2009-05-25 00:02 . 2009-05-25 00:02 390664 ----a-w- c:\documents and settings\Owner\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
    2009-05-07 15:32 . 2002-02-15 16:51 345600 ----a-w- c:\windows\system32\localspl.dll
    2007-01-31 23:21 . 2007-01-31 23:21 14994392 ----a-w- c:\program files\GoogleEarthWin.exe
    2006-05-03 01:59 . 2006-05-03 01:59 408256 ----a-w- c:\program files\DNLDSSC.exe
    2006-04-13 22:15 . 2006-04-13 22:15 1951432 ----a-w- c:\program files\ppviewer.exe
    2005-03-29 03:32 . 2004-10-27 01:06 1024 ----a-w- c:\program files\QW.CFG
    2005-03-29 03:32 . 2004-10-27 01:06 132 ---h--w- c:\program files\~QW~LINK.QDT
    2005-03-29 02:15 . 2005-03-29 01:29 241336 ---ha-w- c:\program files\QUICKEN6.GID
    2005-03-29 01:33 . 2005-03-29 01:33 15360 ----a-w- c:\program files\QDATA.QEL
    2005-02-17 23:51 . 2005-02-17 23:51 173120 ----a-w- c:\program files\yahoosearch.exe
    2004-10-31 01:06 . 2004-10-31 01:06 4354084 ----a-w- c:\program files\spybotsd13.exe
    2004-10-31 00:30 . 2004-10-31 00:30 2636408 ----a-w- c:\program files\adawarepersonal.exe
    2004-10-27 01:06 . 2004-10-27 01:06 52224 ----a-w- c:\program files\FILIST.QFI
    2004-10-27 01:06 . 2004-10-27 01:06 15360 ----a-w- c:\program files\.QEL
    2004-10-25 22:59 . 2004-10-25 22:36 10240 ----a-w- c:\program files\DeIsL1.isu
    2002-08-12 14:01 . 2004-10-27 01:43 32819 ----a-w- c:\program files\VIZ_DLL.DLL
    2002-08-12 12:20 . 2004-10-27 01:43 288256 ----a-w- c:\program files\ltkrn90n.dll
    2002-08-12 12:20 . 2004-10-27 01:43 98304 ----a-w- c:\program files\ltfil90n.dll
    1999-01-24 03:05 . 2005-03-29 01:36 26153 ----a-w- c:\program files\Qdata.QSD
    1999-01-24 03:05 . 2005-03-29 01:36 5798 ----a-w- c:\program files\Qdata.QMD
    2009-07-23 00:32 . 2008-09-26 01:47 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
    2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "kdx"="c:\windows\kdx\KHost.exe" [2005-10-04 2260992]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
    "SunKistEM"="c:\program files\eMachines Bay Reader\shwiconem.exe" [2004-03-11 135168]
    "PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
    "IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864]
    "MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-19 110592]
    "HostManager"="c:\program files\Common Files\AOL\1106703461\ee\AOLSoftware.exe" [2008-06-24 41824]
    "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-26 98304]
    "Lwinst Run Profiler"="c:\progra~1\Logitech\WINGMA~1\Lwinst.exe" [1998-09-25 114688]
    "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11776]
    "MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2008-01-29 69632]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-29 185896]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
    "SMSTray"="c:\program files\Samsung\EmoDio\SMSTray.exe" [2009-03-21 484888]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
    "SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2005-05-12 90112]
    "AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2005-05-12 2805248]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1106703461\\EE\\AOLServiceHost.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
    "c:\\WINDOWS\\kdx\\khost.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\America Online 9.0b\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1106703461\\EE\\aolsoftware.exe"=
    "c:\\Program Files\\AOL 9.0\\waol.exe"=
    "c:\\Program Files\\AOL 9.1\\waol.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
    "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [9/6/2007 6:15 AM 5504]
    S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [10/25/2004 3:00 PM 2944]
    S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [3/13/2003 8:04 PM 61952]
    S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [10/25/2004 3:00 PM 11008]
    S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [10/25/2004 3:07 PM 10368]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - ATWPKT2

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-08-02 c:\windows\Tasks\Disk Cleanup.job
    - c:\windows\system32\cleanmgr.exe [2002-02-15 00:12]

    2009-08-02 c:\windows\Tasks\Disk Defragmenter.job
    - c:\documents and settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Defragmenter.lnk [2002-02-15 11:38]

    2009-07-15 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-08-29 17:32]

    2009-08-01 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-08-29 17:32]

    2009-08-03 c:\windows\Tasks\User_Feed_Synchronization-{C8552FA2-E047-458D-BB91-ED017C75CCC5}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
    Notify-8a1bfb1649 - c:\windows\System32\digest32.dll
    Notify-__c0091FB2 - (no file)


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://today.ask.com/frostwire?gcht=SV&o=101676&l=dis
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
    Trusted Zone: musicmatch.com\online
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v5k6bqsh.default\
    FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v5k6bqsh.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
    FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-02 21:28
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(208)
    c:\windows\system32\WININET.dll
    c:\progra~1\Logitech\WINGMA~1\LWPEHook.dll
    c:\program files\Common Files\AOL\ACS\WLHook.dll
    c:\program files\AOL Deskbar\deskbar.dll
    c:\program files\Common Files\AOL\AOL Toolbar\Smartbox.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mshtml.dll
    c:\windows\system32\msls31.dll
    c:\program files\Common Files\AOL\AOL Toolbar\AOLHelper.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Common Files\aolshare\aolshcpy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\windows\system32\brss01a.exe
    c:\program files\Common Files\AOL\ACS\AOLacsd.exe
    c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    c:\progra~1\McAfee\MSC\mcmscsvc.exe
    c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
    c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
    c:\program files\McAfee\VirusScan\Mcshield.exe
    c:\program files\McAfee\MPF\MpfSrv.exe
    c:\windows\system32\tcpsvcs.exe
    c:\windows\wanmpsvc.exe
    c:\progra~1\COMMON~1\X10\Common\X10nets.exe
    c:\progra~1\McAfee.com\Agent\mcagent.exe
    c:\windows\system32\wscntfy.exe
    c:\progra~1\MUSICM~1\MUSICM~1\MMDiag.exe
    c:\progra~1\Logitech\WINGMA~1\LWPEvntM.exe
    c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    c:\progra~1\McAfee\MSC\mcuimgr.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-03 21:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-03 01:34

    PSKelly,

    Thank you for your assistance with this. It is greatly appreciated

    Pre-Run: 47,111,880,704 bytes free
    Post-Run: 47,916,269,568 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    319 --- E O F --- 2009-08-02 07:02

  4. #4
    Junior Member
    Join Date
    Aug 2009
    Location
    NC,USA
    Posts
    17

    Default HJT log

    ActiveHome Pro
    Ad-Aware
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 7.1.0
    AOL Coach Version 1.0(Build:20030807.3)
    AOL Coach Version 2.0(Build:20041026.5 en)
    AOL Deskbar
    AOL Hi-Q Video
    AOL Toolbar 5.0
    AOL Uninstaller (Choose which Products to Remove)
    AOL You've Got Pictures Screensaver
    CA Yahoo! Anti-Spy (remove only)
    Critical Update for Windows Media Player 11 (KB959772)
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Web Player
    eMachines Bay Reader
    EmoDio
    EmoDio
    ERUNT 1.1j
    ExtractNow
    Fly DVD Ripper Version 5.3
    FoxyTunes for Firefox
    Gateway Drivers and Applications Recovery
    High Definition Audio Driver Package - KB835221
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Adapters and Drivers
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.2
    Java(TM) 6 Update 13
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    K-Lite Codec Pack 4.6.2 (Full)
    Lame ACM MP3 Codec
    Learn2 Player (Uninstall Only)
    Malwarebytes' Anti-Malware
    McAfee SecurityCenter
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2004
    Microsoft Money 2004 System Pack
    Microsoft National Language Support Downlevel APIs
    Microsoft Office PowerPoint Viewer 2003
    Microsoft Picture It! Photo Premium 9
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft VC9 runtime libraries
    Microsoft Works 7.0
    Mozilla Firefox (3.0.12)
    MSN Music Assistant
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    Musicmatch® Jukebox
    MyFreeCodec
    NAVIGON Fresh 1.4.9
    PaperPort 8.0 SE
    PowerDVD
    Quicken 2006
    Quicken 6
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    Rhapsody Player Engine
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB973346)
    SoftV92 Data Fax Modem with SmartCP
    Spybot - Search & Destroy
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    VC80CRTRedist - 8.0.50727.762
    Viewpoint Media Player
    Windows Backup Utility
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Service Pack 3
    WMI ODBC Driver
    Yahoo! Install Manager
    Yahoo! Toolbar

  5. #5
    Junior Member
    Join Date
    Aug 2009
    Location
    NC,USA
    Posts
    17

    Default Malwarebytes

    Malwarebytes was initially showing 53 infected files prior to the combofix scan. The process appears to be moving in the right direction.

    Malwarebytes' Anti-Malware 1.39
    Database version: 2546
    Windows 5.1.2600 Service Pack 3

    8/2/2009 10:04:42 PM
    mbam-log-2009-08-02 (22-04-41).txt

    Scan type: Quick Scan
    Objects scanned: 88994
    Time elapsed: 7 minute(s), 13 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  6. #6
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    c:\windows\system32\SystemX86\237.crack.zip
    c:\windows\system32\SystemX86\237.crack.zip.kwd
    c:\windows\system32\SystemX86\238.keygen.zip
    c:\windows\system32\SystemX86\238.keygen.zip.kwd
    See this >>> http://forums.spybot.info/showpost.p...90&postcount=4
    Note: We do not support the use of illegal Pirated/Warez/Cracked software.
    Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.
    Hackers are using out of date programs to infect folks more and more,
    Here is a small free tool that lets you know when something needs an update if you are interested:
    http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.

    Adobe Flash Player 10 Plugin <<< check this
    Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier versions upgrade to the newest version 10.0.22.87
    http://www.adobe.com/support/securit...apsb09-01.html

    Adobe Reader 7.1.0 <<< out of date and unsafe:
    http://news.cnet.com/8301-1009_3-100...ml?tag=nl.e433
    http://www.adobe.com/products/reader/
    (if you want a smaller program, look at this one)
    Foxit Reader 3.0 for Windows (make sure to uncheck any toolbars)
    http://www.foxitsoftware.com/pdf/rd_intro.php

    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.2

    Java(TM) 6 Update 13 <<< valid but update 14 is relased
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1

    All but one are out of date and unsafe, see this:
    http://forums.spybot.info/showpost.p...80&postcount=2
    Be aware of this information so you can opt out of anything you do not want.
    Microsoft Does MSN Toolbar Distribution Deal With Java:
    http://searchengineland.com/microsof...java-15413.php

    Spybot - Search & Destroy <<< Please be sure Spybot S&D is up to date and fully immunized.
    http://www.safer-networking.org/en/
    http://www.safer-networking.org/en/faq/index.html
    http://www.safer-networking.org/en/tutorial/index.html

    Viewpoint Media Player <<< uninstall unless you use it:
    For your information, Viewpoint is installed by aol probably without your knowledge. I suggest you uninstall this resource waster in Add Remove programs.
    http://www.spywareinfo.com/newslette....php#viewpoint
    http://www.clickz.com/news/article.php/3561546
    http://vil.nai.com/vil/content/v_137262.htm


    Please post the requested HijackThis log.
    When the tool is finished, it will produce a report for you. Post that report and a new HJT log
    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  7. #7
    Junior Member
    Join Date
    Aug 2009
    Location
    NC,USA
    Posts
    17

    Default Current HJT log

    pskelly

    "post add/remove" HJT log

    Scan saved at 9:45:54 PM, on 8/3/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\McAfee\VirusScan\McShield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\eMachines Bay Reader\shwiconem.exe
    C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\Samsung\EmoDio\SMSTray.exe
    C:\WINDOWS\kdx\KHost.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\PROGRA~1\Logitech\WINGMA~1\Lwpevntm.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\WINDOWS\explorer.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://today.ask.com/frostwire?gcht=SV&o=101676&l=dis
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1106703461\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Lwinst Run Profiler] C:\PROGRA~1\Logitech\WINGMA~1\Lwinst.exe -d -l "C:\PROGRA~1\Logitech\WINGMA~1\Lwpevntm.exe"
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - https://support.gateway.com/support/.../PCPitStop.CAB
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab
    O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://cdn.digitalcity.com/video/kdx.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 9511 bytes

  8. #8
    Junior Member
    Join Date
    Aug 2009
    Location
    NC,USA
    Posts
    17

    Default

    Current uninstall list:


    ActiveHome Pro
    Ad-Aware
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    AOL Coach Version 1.0(Build:20030807.3)
    AOL Coach Version 2.0(Build:20041026.5 en)
    AOL Deskbar
    AOL Hi-Q Video
    AOL Toolbar 5.0
    AOL Uninstaller (Choose which Products to Remove)
    CA Yahoo! Anti-Spy (remove only)
    Critical Update for Windows Media Player 11 (KB959772)
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Web Player
    eMachines Bay Reader
    EmoDio
    EmoDio
    ERUNT 1.1j
    ExtractNow
    Fly DVD Ripper Version 5.3
    Foxit Reader
    FoxyTunes for Firefox
    Gateway Drivers and Applications Recovery
    High Definition Audio Driver Package - KB835221
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Adapters and Drivers
    Java(TM) 6 Update 14
    K-Lite Codec Pack 4.6.2 (Full)
    Lame ACM MP3 Codec
    Learn2 Player (Uninstall Only)
    Malwarebytes' Anti-Malware
    McAfee SecurityCenter
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2004
    Microsoft Money 2004 System Pack
    Microsoft National Language Support Downlevel APIs
    Microsoft Office PowerPoint Viewer 2003
    Microsoft Picture It! Photo Premium 9
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft VC9 runtime libraries
    Microsoft Works 7.0
    Mozilla Firefox (3.0.12)
    MSN Music Assistant
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    Musicmatch® Jukebox
    MyFreeCodec
    NAVIGON Fresh 1.4.9
    PaperPort 8.0 SE
    PowerDVD
    Quicken 2006
    Quicken 6
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    Rhapsody Player Engine
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB973346)
    SoftV92 Data Fax Modem with SmartCP
    Spybot - Search & Destroy
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    VC80CRTRedist - 8.0.50727.762
    Windows Backup Utility
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Service Pack 3
    WMI ODBC Driver
    Yahoo! Install Manager
    Yahoo! Toolbar

  9. #9
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    This information may help you help your computer run better:
    http://www.netsquirrel.com/msconfig/msconfig_xp.html
    http://users.telenet.be/bluepatchy/m...wcomputer.html
    http://www.malwareremoval.com/tutori...ningslowly.php
    http://www.bleepingcomputer.com/foru...2&#entry487112
    http://www.microsoft.com/atwork/getstarted/speed.mspx


    Please download ATF Cleaner by Atribune
    http://www.atribune.org/public-beta/ATF-Cleaner.exe
    Save it to your Desktop. We will use this later.

    Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://today.ask.com/frostwire?gcht=SV&o=101676&l=dis
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    Close all programs but HJT and all browser windows, then click on "Fix Checked"

    Run ATF Cleaner
    Double-click ATF-Cleaner.exe to run the program.
    Click Select All found at the bottom of the list.
    Click the Empty Selected button.
    Click Exit on the Main menu to close the program.

    *Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
    http://www.windowsnetworking.com/art...efetch-XP.html

    How is the computer running now, any malware issues?

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  10. #10
    Junior Member
    Join Date
    Aug 2009
    Location
    NC,USA
    Posts
    17

    Default Many thanks

    Pskelly,

    I'm on a plane to the mid-west this morning - back next Sunday. I will try to implement some of your additional recommendations when I return.

    The system does currently seem to be running somewhat better than it did and most importantly it seems to be free of the problems it had.

    Thank you very much!

    outdoer

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •