Buzz Please

vroom_skies

vroom_skies

VIP Member
Hey Buzz, I've got another one for ya. If you would be able to reply quickly, that would be great. I am here for less than one day and want to be able to help out my cousins.

Thanks
Bob

Logfile of HijackThis v1.99.1
Scan saved at 1:53:43 AM, on 11/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BECCF2CC-4935-4D24-8E55-9DE4CB71A54F} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [e88884f5] rundll32.exe "C:\WINDOWS\system32\dlbqrksw.dll",b
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkhhi - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: McAfee Application Installer Cleanup (0286551180190069) (0286551180190069mcinstcleanup) - - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
 
Hey Bob.

Disable msconfig and reboot, so we can see what's going on. Looks like a few vundo files here, run combofix and post the results, ceewi1 will help you out, I'm sure :)

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 
Hey Buzz,
Thanks for the help.

Here are the two updated logs:

HJTL:

Logfile of HijackThis v1.99.1
Scan saved at 10:44:48 AM, on 11/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1141505894\ee\AOLSoftware.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BECCF2CC-4935-4D24-8E55-9DE4CB71A54F} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [e88884f5] rundll32.exe "C:\WINDOWS\system32\dlbqrksw.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141505894\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkhhi - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: McAfee Application Installer Cleanup (0286551180190069) (0286551180190069mcinstcleanup) - - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

C.F. Log:

ComboFix 07-11-19.3 - Mike Jaeger 2007-11-24 10:35:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.579 [GMT -5:00]
Running from: C:\Documents and Settings\Mike Jaeger\Desktop\Security\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\fse
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\f02WtR

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 )))))))))))))))))))))))))))))))
.

2007-11-24 01:18 775,832 ---hs---- C:\WINDOWS\system32\okhvjiwd.ini
2007-11-24 01:17 441,093 --a------ C:\WINDOWS\system32\ihhkj.tmp2
2007-11-24 01:17 441,093 ---hs---- C:\WINDOWS\system32\ihhkj.ini2
2007-11-24 00:19 775,832 ---hs---- C:\WINDOWS\system32\wbagjejm.ini
2007-11-24 00:06 775,832 ---hs---- C:\WINDOWS\system32\lsynotcl.ini
2007-11-23 23:56 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-23 23:56 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-23 23:56 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-23 23:56 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2007-11-23 23:25 776,132 ---hs---- C:\WINDOWS\system32\aynqigdw.ini
2007-11-23 16:55 776,072 ---hs---- C:\WINDOWS\system32\wskrqbld.ini
2007-11-22 16:52 775,952 ---hs---- C:\WINDOWS\system32\fbmtfjly.ini
2007-11-22 16:42 738,356 ---hs---- C:\WINDOWS\system32\fmstbxcx.ini
2007-11-22 08:05 737,148 ---hs---- C:\WINDOWS\system32\ojjpghfc.ini
2007-11-22 07:10 736,103 ---hs---- C:\WINDOWS\system32\lwpldqgk.ini
2007-11-21 16:56 714,281 ---hs---- C:\WINDOWS\system32\taigulii.ini
2007-11-21 06:32 694,460 ---hs---- C:\WINDOWS\system32\oagobmon.ini
2007-11-20 07:14 694,674 ---hs---- C:\WINDOWS\system32\tmygfblv.ini
2007-11-19 20:11 <DIR> d-------- C:\Program Files\AIM6
2007-11-19 14:15 685,703 ---hs---- C:\WINDOWS\system32\mipyyolq.ini
2007-11-19 06:13 680,060 ---hs---- C:\WINDOWS\system32\oaclcnxx.ini
2007-11-18 23:50 <DIR> d-------- C:\Documents and Settings\Mike Jaeger\Application Data\acccore
2007-11-18 13:26 677,938 ---hs---- C:\WINDOWS\system32\wpchxaju.ini
2007-11-18 07:06 677,920 ---hs---- C:\WINDOWS\system32\sqpauroa.ini
2007-11-17 07:17 678,100 ---hs---- C:\WINDOWS\system32\aestttey.ini
2007-11-16 13:58 678,345 ---hs---- C:\WINDOWS\system32\fvcdbidy.ini
2007-11-15 13:58 669,431 ---hs---- C:\WINDOWS\system32\aamvslmy.ini
2007-11-15 06:52 671,076 ---hs---- C:\WINDOWS\system32\lfpwmowo.ini
2007-11-14 20:40 671,127 ---hs---- C:\WINDOWS\system32\njlmxheq.ini
2007-11-14 06:28 668,993 ---hs---- C:\WINDOWS\system32\xmqhhtvx.ini
2007-11-13 05:54 658,621 ---hs---- C:\WINDOWS\system32\xcdhthpv.ini
2007-11-13 05:54 88,128 --a------ C:\WINDOWS\system32\vphthdcx.dll
2007-11-12 20:03 590,356 ---hs---- C:\WINDOWS\system32\xoykimbf.ini
2007-11-12 20:02 89,664 --a------ C:\WINDOWS\system32\fbmikyox.dll
2007-11-12 15:14 669,491 ---hs---- C:\WINDOWS\system32\pycwcbcy.ini
2007-11-12 15:13 89,664 --a------ C:\WINDOWS\system32\ycbcwcyp.dll
2007-11-12 06:20 583,166 ---hs---- C:\WINDOWS\system32\neqkypli.ini
2007-11-12 06:20 89,664 --a------ C:\WINDOWS\system32\ilpykqen.dll
2007-11-11 16:26 584,596 ---hs---- C:\WINDOWS\system32\percpxgy.ini
2007-11-10 16:23 584,416 ---hs---- C:\WINDOWS\system32\wsxabghb.ini
2007-11-10 07:01 584,416 ---hs---- C:\WINDOWS\system32\fsafmiem.ini
2007-11-10 07:01 85,056 --a------ C:\WINDOWS\system32\meimfasf.dll
2007-11-09 19:24 584,416 ---hs---- C:\WINDOWS\system32\encdiadt.ini
2007-11-09 19:24 88,128 --a------ C:\WINDOWS\system32\tdaidcne.dll
2007-11-09 07:07 583,112 ---hs---- C:\WINDOWS\system32\ikphvakb.ini
2007-11-08 09:29 569,448 ---hs---- C:\WINDOWS\system32\xqofajnn.ini
2007-11-07 15:10 569,861 ---hs---- C:\WINDOWS\system32\tnagumrr.ini
2007-11-07 07:21 569,842 ---hs---- C:\WINDOWS\system32\emkemxbi.ini
2007-11-06 18:52 566,384 ---hs---- C:\WINDOWS\system32\eirbhhrs.ini
2007-11-06 18:52 87,104 --a------ C:\WINDOWS\system32\srhhbrie.dll
2007-11-06 11:57 570,299 ---hs---- C:\WINDOWS\system32\htjnvvct.ini
2007-11-06 06:24 564,516 ---hs---- C:\WINDOWS\system32\bvowgmkn.ini
2007-11-05 18:31 85,568 --a------ C:\WINDOWS\system32\xenbpuyf.dll
2007-11-05 18:31 294 ---hs---- C:\WINDOWS\system32\fyupbnex.ini
2007-11-05 16:10 571,117 ---hs---- C:\WINDOWS\system32\iolggshb.ini
2007-11-05 06:05 570,330 ---hs---- C:\WINDOWS\system32\qukdcyfk.ini
2007-11-05 06:05 85,568 --a------ C:\WINDOWS\system32\kfycdkuq.dll
2007-11-04 20:55 577,145 ---hs---- C:\WINDOWS\system32\fkpahnnw.ini
2007-11-04 05:29 577,025 ---hs---- C:\WINDOWS\system32\steslfle.ini
2007-11-03 10:15 577,025 ---hs---- C:\WINDOWS\system32\jbfyiuin.ini
2007-11-03 09:55 576,785 ---hs---- C:\WINDOWS\system32\pjtonlub.ini
2007-11-03 09:55 87,616 --a------ C:\WINDOWS\system32\bulnotjp.dll
2007-11-03 09:08 576,785 ---hs---- C:\WINDOWS\system32\bfwptiks.ini
2007-11-03 09:07 87,616 --a------ C:\WINDOWS\system32\skitpwfb.dll
2007-11-03 05:00 576,785 ---hs---- C:\WINDOWS\system32\rignbsje.ini
2007-11-03 04:59 87,616 --a------ C:\WINDOWS\system32\ejsbngir.dll
2007-11-01 14:50 579,498 ---hs---- C:\WINDOWS\system32\qdaymdjw.ini
2007-11-01 05:26 584,484 ---hs---- C:\WINDOWS\system32\gbuivnph.ini
2007-10-31 21:24 584,664 ---hs---- C:\WINDOWS\system32\akqcfolr.ini
2007-10-31 05:54 567,476 ---hs---- C:\WINDOWS\system32\yioadamr.ini
2007-10-30 19:13 577,618 ---hs---- C:\WINDOWS\system32\gptuwndb.ini
2007-10-30 14:15 584,544 ---hs---- C:\WINDOWS\system32\jveuowob.ini
2007-10-30 04:52 506,004 ---hs---- C:\WINDOWS\system32\reaffial.ini
2007-10-29 13:50 506,294 ---hs---- C:\WINDOWS\system32\vawijaqu.ini
2007-10-29 05:56 477,785 ---hs---- C:\WINDOWS\system32\rhlwndqc.ini
2007-10-29 04:49 478,567 ---hs---- C:\WINDOWS\system32\rqwktijt.ini
2007-10-28 12:49 478,705 ---hs---- C:\WINDOWS\system32\lsrdpqvk.ini
2007-10-28 11:51 478,507 ---hs---- C:\WINDOWS\system32\aewfsegq.ini
2007-10-28 05:44 483,882 ---hs---- C:\WINDOWS\system32\gyhxcmom.ini
2007-10-27 14:02 483,882 ---hs---- C:\WINDOWS\system32\fjdtvotr.ini
2007-10-27 09:29 479,114 ---hs---- C:\WINDOWS\system32\scswyetc.ini
2007-10-27 05:40 479,114 ---hs---- C:\WINDOWS\system32\bwlmffli.ini
2007-10-26 20:45 478,627 ---hs---- C:\WINDOWS\system32\uknhcigy.ini
2007-10-26 06:09 398,983 ---hs---- C:\WINDOWS\system32\mfepjmpu.ini
2007-10-25 18:24 693,652 ---hs---- C:\WINDOWS\system32\yswokfww.ini
2007-10-25 13:19 295 ---hs---- C:\WINDOWS\system32\scupbglx.ini
2007-10-25 04:48 693,421 ---hs---- C:\WINDOWS\system32\vyfyqfhs.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 15:41 --------- d-----w C:\Documents and Settings\Mike Jaeger\Application Data\Skype
2007-11-24 15:39 --------- d-----w C:\Program Files\McAfee
2007-11-24 07:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-24 05:28 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-11-24 05:27 --------- d-----w C:\Documents and Settings\Mike Jaeger\Application Data\SUPERAntiSpyware.com
2007-11-24 04:44 --------- d-----w C:\Documents and Settings\Mike Jaeger\Application Data\Viewpoint
2007-11-24 04:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-21 11:26 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-11-10 21:18 --------- d-----w C:\Documents and Settings\Mike Jaeger\Application Data\SiteAdvisor
2007-11-08 14:25 --------- d-----w C:\Documents and Settings\Mike Jaeger\Application Data\AdobeUM
2007-10-16 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89AD4D75-2429-462e-BD4E-443F233F6033}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BECCF2CC-4935-4D24-8E55-9DE4CB71A54F}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 00:04]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 06:51]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-23 09:12]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 17:32]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"e88884f5"="C:\WINDOWS\system32\dlbqrksw.dll" []
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-08 21:39]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-10-06 09:34]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-10-06 09:34]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 20:52]
"HostManager"="C:\Program Files\Common Files\AOL\1141505894\ee\AOLSoftware.exe" [2005-11-02 22:01]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 12:06]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Liana Jaeger^Start Menu^Programs^Startup^Anapod Manager.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"DSBrokerService"=3 (0x3)

R3 atinewp2;ATI eHomeWonder, WDM Video CODEC;C:\WINDOWS\system32\DRIVERS\atinewp2.sys
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM;C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -i MICROSOFTBCM

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-21 21:30:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2007-09-15 05:00:01 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-07-01 05:00:13 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-11-24 14:08:13 C:\WINDOWS\Tasks\WebReg .job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
"2007-11-24 14:08:09 C:\WINDOWS\Tasks\WebReg Photosmart C4200 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.ex
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 10:40:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\0136051195899269mcinstcleanup]
"ImagePath"="C:\WINDOWS\TEMP\013605~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service"
.
Completion time: 2007-11-24 10:43:03 - machine was rebooted
.
--- E O F ---


Thanks
Bob
 
Hi Bob

Hope this is in time for you :)

  • Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    File::
C:\WINDOWS\system32\okhvjiwd.ini
C:\WINDOWS\system32\ihhkj.tmp2
C:\WINDOWS\system32\ihhkj.ini2
C:\WINDOWS\system32\wbagjejm.ini
C:\WINDOWS\system32\lsynotcl.ini
C:\WINDOWS\system32\aynqigdw.ini
C:\WINDOWS\system32\wskrqbld.ini
C:\WINDOWS\system32\fbmtfjly.ini
C:\WINDOWS\system32\fmstbxcx.ini
C:\WINDOWS\system32\ojjpghfc.ini
C:\WINDOWS\system32\lwpldqgk.ini
C:\WINDOWS\system32\taigulii.ini
C:\WINDOWS\system32\oagobmon.ini
C:\WINDOWS\system32\tmygfblv.ini
C:\WINDOWS\system32\mipyyolq.ini
C:\WINDOWS\system32\oaclcnxx.ini
C:\WINDOWS\system32\wpchxaju.ini
C:\WINDOWS\system32\sqpauroa.ini
C:\WINDOWS\system32\aestttey.ini
C:\WINDOWS\system32\fvcdbidy.ini
C:\WINDOWS\system32\aamvslmy.ini
C:\WINDOWS\system32\lfpwmowo.ini
C:\WINDOWS\system32\njlmxheq.ini
C:\WINDOWS\system32\xmqhhtvx.ini
C:\WINDOWS\system32\xcdhthpv.ini
C:\WINDOWS\system32\vphthdcx.dll
C:\WINDOWS\system32\xoykimbf.ini
C:\WINDOWS\system32\fbmikyox.dll
C:\WINDOWS\system32\pycwcbcy.ini
C:\WINDOWS\system32\ycbcwcyp.dll
C:\WINDOWS\system32\neqkypli.ini
C:\WINDOWS\system32\ilpykqen.dll
C:\WINDOWS\system32\percpxgy.ini
C:\WINDOWS\system32\wsxabghb.ini
C:\WINDOWS\system32\fsafmiem.ini
C:\WINDOWS\system32\meimfasf.dll
C:\WINDOWS\system32\encdiadt.ini
C:\WINDOWS\system32\tdaidcne.dll
C:\WINDOWS\system32\ikphvakb.ini
C:\WINDOWS\system32\xqofajnn.ini
C:\WINDOWS\system32\tnagumrr.ini
C:\WINDOWS\system32\emkemxbi.ini
C:\WINDOWS\system32\eirbhhrs.ini
C:\WINDOWS\system32\srhhbrie.dll
C:\WINDOWS\system32\htjnvvct.ini
C:\WINDOWS\system32\bvowgmkn.ini
C:\WINDOWS\system32\xenbpuyf.dll
C:\WINDOWS\system32\fyupbnex.ini
C:\WINDOWS\system32\iolggshb.ini
C:\WINDOWS\system32\qukdcyfk.ini
C:\WINDOWS\system32\kfycdkuq.dll
C:\WINDOWS\system32\fkpahnnw.ini
C:\WINDOWS\system32\steslfle.ini
C:\WINDOWS\system32\jbfyiuin.ini
C:\WINDOWS\system32\pjtonlub.ini
C:\WINDOWS\system32\bulnotjp.dll
C:\WINDOWS\system32\bfwptiks.ini
C:\WINDOWS\system32\skitpwfb.dll
C:\WINDOWS\system32\rignbsje.ini
C:\WINDOWS\system32\ejsbngir.dll
C:\WINDOWS\system32\qdaymdjw.ini
C:\WINDOWS\system32\gbuivnph.ini
C:\WINDOWS\system32\akqcfolr.ini
C:\WINDOWS\system32\yioadamr.ini
C:\WINDOWS\system32\gptuwndb.ini
C:\WINDOWS\system32\jveuowob.ini
C:\WINDOWS\system32\reaffial.ini
C:\WINDOWS\system32\vawijaqu.ini
C:\WINDOWS\system32\rhlwndqc.ini
C:\WINDOWS\system32\rqwktijt.ini
C:\WINDOWS\system32\lsrdpqvk.ini
C:\WINDOWS\system32\aewfsegq.ini
C:\WINDOWS\system32\gyhxcmom.ini
C:\WINDOWS\system32\fjdtvotr.ini
C:\WINDOWS\system32\scswyetc.ini
C:\WINDOWS\system32\bwlmffli.ini
C:\WINDOWS\system32\uknhcigy.ini
C:\WINDOWS\system32\mfepjmpu.ini
C:\WINDOWS\system32\yswokfww.ini
C:\WINDOWS\system32\scupbglx.ini
C:\WINDOWS\system32\vyfyqfhs.ini
C:\WINDOWS\system32\dlbqrksw.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BECCF2CC-4935-4D24-8E55-9DE4CB71A54F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"e88884f5"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhi]
  • Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.


    CFScript.gif



  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log.
CAUTION:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.
 
Hey man.
I didn't have time to finish that before I left.
I'll try to get my cousin to do it over the phone.
I'll send the updated logs when I can.

Thanks for the help
Bob
 
You must log in or register to reply here.
Back
Top