IE Closes & Products keep being cked to ignore in scan and slow

**j-escalader72** · 2006-10-26, 16:20

Mr Jak,

This is the Remainder of Silent Runners Log from prior post.

I have completed all you requested and waiting for my next assignments. Thank you for your guidance. I appreciate it.

Jay Escalader

____________ continuation of Silent Runners Log _____________

Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Missing lines (compared with English-language version):
[Strings]: 1 line

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]
Lexar JD31, LxrJD31s, "LxrJD31s.exe" [null data]
WAN Miniport (ATW) Service, WANMiniportService, ""C:\WINDOWS\wanmpsvc.exe"" ["America Online, Inc."]
Webroot Spy Sweeper Engine, svcWRSSSDK, "C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe" ["Webroot Software, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt05\Driver = "hpzsnt05.dll" ["HP"]
hpzsnt07\Driver = "hpzsnt07.dll" ["HP"]

----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 264 seconds, including 18 seconds for message boxes)

**Mr_JAk3** · 2006-10-26, 17:39

Ok great, now we'll move the clean files back to the places they belong...

Go to My Computer and browse to the following folder:
C:\Program Files\HP\HPSoftware\BAK
Inside the BAK folder is a file named HPWuSchd2.exe
Right click it with your mouse and choose Cut
The go back to the main folder, C:\Program Files\HP\HPSoftware
Click the background with your mouse, choose Paste
Now you should have the HPWuSchd2.exe file in the C:\Program Files\HP\HPSoftware folder.
Now go ahead and delete the BAK folder

The same thing for other files:
C:\Program Files\MCAFEE.COM\AGENT\BAK
Inside the BAK folder are files named McAgent.exe & mcupdate.exe
Select the files with you mouse, right click it wiht your mouse and choose Cut
The go back to the main folder, C:\Program Files\MCAFEE.COM\AGENT
Click the background with your mouse, choose Paste
Now you should have the files in the C:\Program Files\MCAFEE.COM\AGENT folder
Now go ahead and delete the BAK folder

Two more to go:
C:\Program Files\Common Files\Real\Update_OB\BAK
Inside the BAK folder is a file named realsched.exe
Right click it with your mouse and choose Cut
The go back to the main folder, C:\Program Files\Common Files\Real\Update_OB
Click the background with your mouse, choose Paste
Now you should have the realsched.exe file in the C:\Program Files\Common Files\RealUpdate_OB folder.
Now go ahead and delete the BAK folder

One more:
C:\Program Files\Google\GoogleToolbarNotifier\1.1.720.5674BAK
Inside the BAK folder is a file named GoogleToolbarNotifier.exe
Right click it with your mouse and choose Cut
The go back to the main folder, C:\Program Files\Google\GoogleToolbarNotifier\1.1.720.5674
Click the background with your mouse, choose Paste
Now you should have the GoogleToolbarNotifier.exe file in the C:\Program Files\Google\GoogleToolbarNotifier\1.1.720.5674 folder.
Now go ahead and delete the BAK folder

Finally, delete the following folder:
C:\Program Files\Java

Restart the computer normally.

Then we'll run one more scanner in order to make sure that we got everything:

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
  Scan Mail Bases
Click OK
Now under select a target to scan:
- Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post along with a one more HijackThis log.

**j-escalader72** · 2006-10-27, 01:23

Mr Jak,

I did all you requested to move the clean files. Also, I did the Kaspersky Online Scan & HJT scan and I am posting the Logs in 3 posts due to size.

Thank you for your guidance.
Seems we are successfully knocking them bugz down.
I very much appreciate it.

Jay Escalader
P.S. Now my wireless mouse & keyboard delays. yuckie!!!
_________________________________

Kaspersky Online Scan
KASPERSKY ONLINE SCANNER REPORT
Thursday, October 26, 2006 4:49:37 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 26/10/2006
Kaspersky Anti-Virus database records: 235264
--------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 94022
Number of viruses found: 10
Number of infected objects: 20 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:04:44

Infected Object Name / Virus Name / Last Action
C:\!KillBox\ie.exe Infected: Trojan-Downloader.Win32.Agent.azn skipped
C:\2e31c488aa90f34d15450acf38e5de\common\spcustom.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\common\spmsg.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\common\spuninst.exe Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\common\update.exe Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp1\browser.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp1\callcont.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp1\EvTgProv.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp1\gdi32.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp1\H323.TSP Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp1\H323msp.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp1\HelpCtr.exe Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp1\ipnathlp.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp1\lsasrv.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp1\mf3216.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp1\msasn1.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp1\msgina.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp1\mst120.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp1\netapi32.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp1\nmcom.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp1\RTCDLL.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp1\schannel.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp1\update\KB835732.cat Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp1\update\update.inf Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp1\update\update.ver Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp2\callcont.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp2\evtgprov.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp2\gdi32.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp2\h323.tsp Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp2\h323msp.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp2\helpctr.exe Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp2\ipnathlp.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp2\lsasrv.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp2\mf3216.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp2\msasn1.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp2\msgina.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp2\mst120.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp2\netapi32.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp2\nmcom.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp2\rtcdll.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp2\schannel.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp2\spmsg.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp2\spuninst.exe Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp2\update\KB835732.cat Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp2\update\spcustom.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp2\update\update.exe Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp2\update\update.inf Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp2\update\update.ver Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\sp2\xpsp2res.dll Object is locked skipped
C:\2e31c488aa90f34d15450acf38e5de\xpsp1hfm.exe Object is locked skipped
C:\antispyware\backups\backup-20040829-134927-259.dll Infected: Trojan-Clicker.Win32.VB.br skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Motive\Acme\plugin\log\pchbtn.log Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\Program Files\Intel\Createshare\inetcam\INSTALL.LOG Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\logs\iserver_access.log Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\logs\iserver_error.log Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\Audio.exe Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\Audiops.dll Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\conf\magic Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\conf\mime.types Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\conf\usersdef.conf Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\conf\wireless.conf Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\ftpproc.exe Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\iconfig.exe Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\InetcamServer.exe Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\InetMotDet.exe Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\InetResp.exe Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\inst_util.exe Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\ipproc.exe Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\ivista-ex.exe Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\ivista.chm Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\iVista.exe Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\IVistaACapture.exe Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\IVistaVCapture.exe Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\ivrec.exe Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\ivrsmon.exe Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\iws.exe Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\IWSCore.dll Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\mfc42.dll Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\modules\mod_rewrite.so Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\msgproc.exe Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\msvcrt.dll Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\template.html Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\templates\aonlybase.tpl Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\templates\framedapplet.tpl Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\templates\main.tpl Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\templates\motdet.tpl Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\templates\tableframe.tpl Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\templates\tableindex.tpl Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\templates\videoclip.tpl Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\users\users Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\programs\Win9xConHook.dll Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\sounds\alarm1.wav Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\sounds\alarm2.wav Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\sounds\alarm3.wav Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\Uninstall.exe Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\avmail.cab Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\avmail.jar Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\cgi\nph-au.exe Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\cgi\nph-clip.exe Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\cgi\nph-gif.exe Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\cgi\nph-jpeg.exe Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\cgi\nph-mdlog.exe Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\cgi\nph-setparam.exe Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\aonlybase.html Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\abottom.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\aleft.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\alert.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\aonly.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\aright.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\arrow.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\atop.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\audclip.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\avleft.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\avright.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\back.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\bottom.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\bottom2.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\clipbottom.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\clipleft.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\clips.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\clipside.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\cliptop.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\left.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\logo.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\menubottomcap.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\menuclip.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\menuhome.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\menumotdet.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\menutopcap.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\motdetclip.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\motdetlogs.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\motdetnext.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\motdetpic.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\motdetprev.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\motdetprofile.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\noclips.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\nomotdet.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\notavail.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\right.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\top.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\voleft.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\images\voright.gif Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\jsaonlybase.html Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\jstableframe.html Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\jstableindex.html Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\jstemplate.html Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\tableframe.html Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\tableindex.html Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\dynamicindex\template.html Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\FTPCam.class Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\ijava.htm Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\ijpeg.htm Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\Inetcam.cab Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\Inetcam.jar Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\InetcamAudio.cab Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\InetcamAudio.jar Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\InetcamBase.cab Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\InetcamBase.jar Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\Inetcams.cab Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\Inetcams.jar Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\Inetcam_av.cab Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\Inetcam_av.jar Object is locked skipped

Remainder of Kaspersky Scan "continued on next post"

**j-escalader72** · 2006-10-27, 01:31

Mr Jak,

Heres the remainder of the Kaspersky Online Scan from the previous post.

My HJT Scan Log will be in the next post. .

Thank you for your guidance.

Kaspersky Scan "continued from prior post”

C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundleS_ar_SA.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundleS_de_DE.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundleS_en_GB.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundleS_es_ES.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundleS_fi_FI.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundleS_fr_FR.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundleS_he_IS.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundleS_it_IT.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundleS_ja_JP.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundleS_ko_KR.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundleS_nl_NL.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundleS_no_NO.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundleS_pt_PT.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundleS_ru_RU.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundleS_sv_SE.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundleS_zh_CN.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundleS_zh_TW.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundle_ar_SA.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundle_de_DE.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundle_en_GB.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundle_es_ES.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundle_fi_FI.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundle_fr_FR.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundle_he_IS.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundle_it_IT.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundle_ja_JP.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundle_ko_KR.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundle_nl_NL.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundle_no_NO.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundle_pt_PT.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundle_ru_RU.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundle_sv_SE.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundle_zh_CN.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\locales\InetcamBundle_zh_TW.properties Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\Readme.txt Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\vmail.cab Object is locked skipped
C:\Program Files\Intel\Createshare\inetcam\webcast\vmail.jar Object is locked skipped
C:\sti.log Object is locked skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP451\A0050692.exe Infected: Trojan-Downloader.Win32.Agent.azn skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP479\A0057039.exe Infected: Trojan-Downloader.Win32.Agent.azn skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP479\A0057055.dll Infected: Trojan-Spy.Win32.Goldun.lw skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP479\A0057056.dll Infected: Trojan-Spy.Win32.Goldun.lw skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP479\A0057057.exe Infected: Trojan-Spy.Win32.Goldun.lw skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP479\A0057058.exe Infected: Trojan-Spy.Win32.Agent.ow skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP479\A0057059.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP479\A0057060.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP479\A0057061.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP479\A0057062.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP479\A0057063.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP479\A0057064.dll Infected: Trojan-Downloader.Win32.ConHook.r skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP479\A0057065.dll Infected: Trojan-Downloader.Win32.ConHook.r skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP479\A0057066.dll Infected: Trojan-Downloader.Win32.ConHook.r skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP479\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\km_install.exe Infected: Trojan.Win32.SecondThought.h skipped
C:\WINDOWS\system32\sccmgr.exe Infected: Trojan-Downloader.Win32.Qoologic.m skipped
C:\WINDOWS\system32\t69l4fj8.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed

**j-escalader72** · 2006-10-27, 01:40

Mr Jak,

Here's my HJT Scan Log which is the completion of your request.
I'll be waiting for my next assignment.

Thank you for your guidance.
Jay Escalader

HJT scan

Logfile of HijackThis v1.99.1
Scan saved at 5:15:38 PM, on 10/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\LTMSG.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\BellSouth\Application Center\BsnAppCenter.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
C:\Program Files\America Online 7.0\aoltray.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
C:\Program Files\Labtec Wireless Desktop\OSD.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us6.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (disabled by BHODemon)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (disabled by BHODemon)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Propel Accelerator] C:\PROGRA~1\BELLSO~1\PropelAC.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [BellSouthSyn] C:\Program Files\BellSouth\Application Center\BsnAppCenter.exe /Synchronize
O4 - HKLM\..\Run: [BellSouthScheduler] C:\Program Files\BellSouth\Application Center\BsnAppCenter.exe /Scheduler
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Alarm Clock Icon.lnk.disabled
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O4 - Global Startup: Google Updater.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: ymetray.lnk.disabled
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll__BHODemonDisabled (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {DECDBEEF-D3AD-B3EF-DE4D-B3EFDEADB3EF} - C:\Program Files\BellSouth\Communications Suite\BstMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://usmilitary.about.com
O15 - Trusted Zone: http://www.la.ngb.army.mil
O15 - Trusted Zone: http://www.armyonesource.com
O15 - Trusted Zone: http://home.bellsouth.net
O15 - Trusted Zone: http://www.juno.com
O15 - Trusted Zone: www.militaryonesource.com
O15 - Trusted Zone: http://www.hotmail.msn.com
O15 - Trusted Zone: groups.msn.com
O15 - Trusted Zone: www.msnusers.com
O15 - Trusted Zone: http://vil.nai.com
O15 - Trusted Zone: *.nextel.com
O15 - Trusted Zone: http://loginnet.passport.com
O15 - Trusted Zone: http://*.subratam.org
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccom...ad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.3.1.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...29/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter hijack: text/xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

End of HJT Scan

**Mr_JAk3** · 2006-10-27, 14:03

Hi again, looks quite good now

Delete the following files:
C:\WINDOWS\system32\km_install.exe
C:\WINDOWS\system32\sccmgr.exe
C:\WINDOWS\system32\t69l4fj8.ini ´

Empty the recycle bin. (Let me know if you had problems)

You said via pm that your McAfee subscription is outdated. It won't protect you from new viruses.
Let's get you a replacement.

At first, please download one firewall and one antivirus to your desktop.

These are good (free) firewalls:

These are good (free) antiviruses:

Then, unplug your computer from the internet.
Uninstall McAfee via Control Panel, Add/Remove Programs

Install the firewall and antivirus you earlier downloaded.
Reboot the computer.
Reconnect to the internet.

Update the latest definitions to your antivirus and run a full system scan with it.

Then the first priority is to visit Windows Update and get your system updated
-> At first, install Win XP Service Pack 2 Update
-> Reboot and get back to the Windows Update
-> Install all remaining important updates
(NOTE: You'll propably have to reboot and get back to the update several times before all of them are installed)

Now you can clean AVG's Quarantine:

Open AVG Anti-Spyware
Click Infections
Click Quarantine tab
Click Select all
Click Remove finally
Close the program

You can remove the tools that we used during the cleaning process.
You can remove the following backup folder. C:\!Killbox

Now you can download and install the latest version of Java, Java Runtime Environment (JRE) 5.0 Update 9

Now you can make your hidden files hidden again.

Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Check "Hide protected operating system files"
Click Apply and then the OK and close My Computer.

If everything is running ok, please follow these simple steps in order to keep your computer clean and secure:

Clear your system restore
This will clear the system restore folders from possible malware that was left behind during the cleaning process.
Use ATF Cleaner
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
Use Ad-Aware
Download and install Ad-Aware. Update it and scan your computer regularly with it.
Use AVG Anti-Spyware
Update it and scan your computer regularly with it.
Use Spybot S&D
Download and install Spybot S&D. Update it and scan your computer regularly with it.
Install SpywareBlaster
SpywareBlaster will prevent spyware from being installed.
Install MVPS Hosts file
This prevents your computer from connecting to harmful sites.
Use Firefox browser
Firefox is faster, safer and better browser than Internet Explorer.
Keep your systen up-to-date
Visit Windows Update regularly.
Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.
Read this article by TonyKlein
So how did I get infected in the first place?
Stand Up and Be Counted !
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Stay clean and be safe

**j-escalader72** · 2006-10-29, 08:06

Mr Jak,
Questions....... Help!!!

When i deleted Mcafee programs, it asked me about the mcafee quarantined files and i didnt know what to do, so i told it 'no action'. I deleted all 3 mcafee programs from C/Program files & have rebooted 3 times, but it still shows 2 mcafee programs remaining. One is empty and the other looks like the install for mcafee spyware. What will happen to the 2 files and the Mcafee quarantined files.

I emptied Recycle bin and DL & installed Zone Alarm & AVG.... All went well.

Also, the zone alarm gave me notice that theese were trying to come in ... I denied all of them til i can talk to you.
They were

- CFD.exe
- mcinfo.exe
- mcafee 'something'
- Server program- Messenger is trying to act as a server ... msmsgs.exe

I have not DL Windows SP2 yet or Java

My Keyboard still has a long delay before showing up on monitor .... It seems to be at the same time the light for the CD drive (i think E drive) stays lite like its doing something. There is no CD in the drive. The light stays on for a few hours then just goes off. My computer wont shut down while the light is on. I didnt have that problen til i started deleting......

I am on DSL but it takes a long time to open a website.

It takes a long time to turn on & off as well as log on & log off.

Please guide me..... ill be up late.

Thank You,
Jay Escalader

**Mr_JAk3** · 2006-10-29, 15:34

Hi again

Maybe the McAfee uninstall process was not succesfull, please post a fresh HijackThis log and we'll have a look

The cd-drive problem sounds quite odd...

**j-escalader72** · 2006-10-29, 16:18

Hi,
Thank you for your prompt attention.
HJT Per your request ........
Jay Escalader

_______________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 9:09:49 AM, on 10/29/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\LTMSG.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\BellSouth\Application Center\BsnAppCenter.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\2006102816592_mcinfo.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
C:\Program Files\America Online 7.0\aoltray.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Labtec Wireless Desktop\OSD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us6.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (disabled by BHODemon)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (disabled by BHODemon)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Propel Accelerator] C:\PROGRA~1\BELLSO~1\PropelAC.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [BellSouthSyn] C:\Program Files\BellSouth\Application Center\BsnAppCenter.exe /Synchronize
O4 - HKLM\..\Run: [BellSouthScheduler] C:\Program Files\BellSouth\Application Center\BsnAppCenter.exe /Scheduler
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Owner\LOCALS~1\Temp\2006102816592_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Alarm Clock Icon.lnk.disabled
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O4 - Global Startup: Google Updater.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: ymetray.lnk.disabled
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll__BHODemonDisabled (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {DECDBEEF-D3AD-B3EF-DE4D-B3EFDEADB3EF} - C:\Program Files\BellSouth\Communications Suite\BstMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://usmilitary.about.com
O15 - Trusted Zone: http://www.la.ngb.army.mil
O15 - Trusted Zone: http://www.armyonesource.com
O15 - Trusted Zone: http://home.bellsouth.net
O15 - Trusted Zone: http://www.juno.com
O15 - Trusted Zone: www.militaryonesource.com
O15 - Trusted Zone: http://www.hotmail.msn.com
O15 - Trusted Zone: groups.msn.com
O15 - Trusted Zone: www.msnusers.com
O15 - Trusted Zone: http://vil.nai.com
O15 - Trusted Zone: *.nextel.com
O15 - Trusted Zone: http://loginnet.passport.com
O15 - Trusted Zone: http://*.subratam.org
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccom...ad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.3.1.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...29/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter hijack: text/xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

**Mr_JAk3** · 2006-10-29, 17:03

Ok, we'll continue

There seems to be one McAfee leftover...

You should print these instructions or save these to a text file. Follow these instructions carefully.

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Owner\LOCALS~1\Temp\2006102816592_mcinfo.exe /insfin

Run ATF Cleaner

Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Restart your computer normally.

Then, please do the following...

To generate a HijackThis Startup list:

1. Open HijackThis by double-clicking the desktop shortcut or HijackThis.exe
2. Click on "Open the Misc Tools Section"
3. Make sure that both boxes to the right of "Generate StartupList Log" are checked:

* List also minor sections (Full)
* List empty sections (Complete)

4. Click "Generate StartupListLog"
5. Click "Yes" at the prompt.
6. A Notepad window will open with the contents of the HijackThis Startup list displayed
7. Copy & Paste that log to here

Thread: IE Closes & Products keep being cked to ignore in scan and slow

Thread Tools

Display

Posting Permissions