Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 9.3.2025 / 23:25
Search AfterDawn Forums:        In English   Suomeksi   Pĺ svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > slow computer, can't delete desktop items
Show topics
 
Forums
Forums
Slow computer, can't delete desktop items
  Jump to:
 
Posted Message
limeninja
Newbie
_ 		25. January 2008 @ 20:23 _ Link to this message    Send private message to this user   
Here's my hijack this log. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:55 PM, on 25/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\QuickTime\QTTask.exe
c:\PROGRA~1\mcafee\msk\msksrver.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\p2csvc.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Recycler\svchost.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.davidbordwell.net/blog/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.davidbordwell.net/blog/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [RHSI SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared...01/mcinsctl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1166217444166
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - c:\PROGRA~1\mcafee\msk\msksrver.exe
O23 - Service: p2csvc - Matsushita Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\p2csvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Windowhelp - Unknown owner - c:\Recycler\svchost.exe

--
End of file - 10105 bytes
[ + quote]
Advertisement
_ 		__
echoreply
Member
_ 		28. January 2008 @ 15:24 _ Link to this message    Send private message to this user   
hi,
first we will stop a service, use hjt, then boot into safe mode to delete a file.
go to start>run and type in--> services.msc,<--in the list of services that comes up look for>>Windowhelp



right click on it and select properties.

under the general tab:

the path to the .exe should be:c:\Recycler\svchost.exe

make sure that the service status is: Stopped, if not click the Stop button

and the Startup type is: disabled, if not change it to disable

click apply, then ok

next hjt:

start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe

O23 - Service: Windowhelp - Unknown owner - c:\Recycler\svchost.exe
----------------------------------
boot computer into safe mode. to reach safe mode you would tap the f8 key during a computer restart, chose the first option: safe mode.
might want to copy/paste this part into notepad and save it so you can find and read it in safe mode:

navigate here:
C:\WINDOWS
delete the Fonts folder which should have a svchost process in it.

do this:
Go to Start > Run and type:cleanmgr. Windows will scan. When done check these 3 and press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

run your mcafee antivirus. reboot normally, rescan and post a new hjt log
[ + quote]
http://www.virusvault.us/
limeninja
Newbie
_ 		30. January 2008 @ 20:11 _ Link to this message    Send private message to this user   
Hi,
I tried what you said. I ran McAfee at the end. It detected junk-nav quar and adware-isearch.dr but couldn't remove either of them. The C: drive still shows up as a big red X, but not when I'm in safe mode.

Thanks for your help!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:59 PM, on 30/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\AGRSMMSG.exe
c:\PROGRA~1\mcafee\msk\msksrver.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\p2csvc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.davidbordwell.net/blog/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.davidbordwell.net/blog/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [668af02d] rundll32.exe "C:\WINDOWS\system32\bfhnykvr.dll",b
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [RHSI SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared...01/mcinsctl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1166217444166
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - c:\PROGRA~1\mcafee\msk\msksrver.exe
O23 - Service: p2csvc - Matsushita Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\p2csvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 10299 bytes
[ + quote]
echoreply
Member
_ 		30. January 2008 @ 21:01 _ Link to this message    Send private message to this user   
hi,

ok, i see you have a new 04. lets see what combofix can dig up:

Download combofix from one of these links and save it to Desktop:

http://subs.geekstogo.com/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
[ + quote]
http://www.virusvault.us/
limeninja
Newbie
_ 		30. January 2008 @ 23:37 _ Link to this message    Send private message to this user   
I ran combofix and here is the results.

ComboFix 08-01-31.3 - HP_Administrator 2008-01-30 23:08:18.1 - NTFSx86
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awtrrpm.dll
C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\yjktrrme.dll
C:\Program Files\kernel
C:\WINDOWS\2.exe
C:\WINDOWS\hosts
C:\WINDOWS\system32\aetgiiye.dll
C:\WINDOWS\system32\aukvbrla.ini
C:\WINDOWS\system32\awtrrpm.dll
C:\WINDOWS\system32\bepengal.dll
C:\WINDOWS\system32\bfhnykvr.dll
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\lvmwtncl.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\phwvcrgx.dll
C:\WINDOWS\system32\pjdbvmxf.ini
C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\qrqss.ini2
C:\WINDOWS\system32\rvkynhfb.ini
C:\WINDOWS\system32\sobrutim.dll
C:\WINDOWS\system32\ssprs.dll
C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\tehhhxaq.ini
C:\WINDOWS\system32\yjktrrme.dll
C:\WINDOWS\system32\yjktrrme.dllbox
C:\WINDOWS\Fonts\-

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF


((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.

2008-01-30 21:30 . 2008-01-30 21:30 <DIR> d-------- C:\Program Files\CCleaner
2008-01-30 20:42 . 2008-01-30 20:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-30 20:42 . 2008-01-30 20:42 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2008-01-30 20:42 . 2008-01-30 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-28 21:32 . 2008-01-28 22:24 294 --ahs---- C:\WINDOWS\system32\nccjpoqj.ini
2008-01-28 21:29 . 2008-01-28 21:29 294 --ahs---- C:\WINDOWS\system32\cyybwrwb.ini
2008-01-27 19:49 . 2008-01-30 20:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-27 19:49 . 2008-01-27 19:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-27 19:47 . 2008-01-27 19:47 <DIR> d-------- C:\Program Files\iTunes
2008-01-27 11:46 . 2008-01-27 11:46 147,520 --a------ C:\WINDOWS\system32\jxcklvoj.dll
2008-01-27 11:46 . 2008-01-27 11:57 354 --ahs---- C:\WINDOWS\system32\jovlkcxj.ini
2008-01-27 11:40 . 2008-01-27 11:40 294 --ahs---- C:\WINDOWS\system32\qmtmgeaa.ini
2008-01-25 20:01 . 2008-01-25 20:13 <DIR> d-------- C:\Program Files\RegCure
2008-01-25 19:26 . 2008-01-30 20:41 <DIR> d-------- C:\Program Files\XoftSpySE
2008-01-25 19:15 . 2008-01-25 19:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-25 01:30 . 2008-01-25 01:30 147,520 --a------ C:\WINDOWS\system32\alrbvkua.dll
2008-01-25 01:20 . 2008-01-25 01:20 46,300 --a------ C:\WINDOWS\system32\DcadsSocial-uninstall.exe
2008-01-23 22:44 . 2008-01-23 22:44 <DIR> d-------- C:\EPData
2008-01-23 22:43 . 2008-01-23 22:44 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-01-23 22:43 . 2008-01-23 22:43 <DIR> d-------- C:\Program Files\EP
2008-01-23 22:34 . 2008-01-23 22:34 <DIR> d--h----- C:\Documents and Settings\HP_Administrator\InstallAnywhere
2008-01-23 21:52 . 2008-01-23 21:52 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2008-01-23 21:33 . 2008-01-23 21:33 120,832 --a------ C:\WINDOWS\lcmmfu.cpl
2008-01-23 21:33 . 2008-01-23 21:33 2,560 --a------ C:\WINDOWS\Runservice.exe
2008-01-23 21:33 . 2008-01-30 23:25 865 --ahs---- C:\WINDOWS\system32\mmf.sys
2008-01-23 20:49 . 2008-01-23 21:33 45,056 --a------ C:\WINDOWS\mmfs.dll
2008-01-20 12:04 . 2008-01-20 12:04 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-01-19 20:16 . 2008-01-19 20:16 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
2008-01-16 18:14 . 2008-01-16 18:15 12,800 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-01-13 16:31 . 2008-01-30 23:26 39,879 --a------ C:\WINDOWS\system32\Config.MPF
2008-01-13 16:30 . 2008-01-20 22:36 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-01-13 16:30 . 2008-01-20 12:03 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SiteAdvisor
2008-01-13 16:30 . 2008-01-30 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-13 16:28 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-01-13 16:26 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-01-13 16:26 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-01-13 16:26 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-01-13 16:26 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-01-13 16:26 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-01-13 16:26 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-01-13 16:24 . 2008-01-13 16:26 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-01-13 15:41 . 2008-01-26 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-11 17:53 . 2008-01-13 14:02 78 --a------ C:\WINDOWS\lsoon.ini
2008-01-10 22:45 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2008-01-10 22:42 . 2008-01-11 23:49 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Regrun
2008-01-10 22:42 . 2008-01-10 22:42 <DIR> d-------- C:\backreg
2008-01-10 22:40 . 2008-01-10 22:40 <DIR> d-------- C:\Program Files\Greatis
2008-01-10 22:40 . 2003-09-06 15:55 57,556 --a------ C:\WINDOWS\guard.bmp
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-09 18:57 . 2008-01-09 18:57 1,158 --a------ C:\WINDOWS\mozver.dat
2008-01-05 15:09 . 2008-01-05 15:09 40 --a------ C:\WINDOWS\system32\drmgs.sys
2008-01-05 15:01 . 2008-01-05 15:01 <DIR> d-------- C:\Program Files\MagicISO
2008-01-04 18:45 . 2008-01-04 18:45 <DIR> d-------- C:\Program Files\Panasonic P2
2008-01-03 19:40 . 2006-04-28 22:42 33 --a------ C:\WINDOWS\digifxf32.dat
2008-01-03 19:04 . 2008-01-03 19:04 <DIR> d-------- C:\Program Files\ViviClip Video Filters 3
2008-01-03 18:06 . 2006-04-28 22:40 31 --a------ C:\WINDOWS\digifxc22.dat
2008-01-02 18:26 . 2004-03-29 15:23 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-01-02 17:47 . 2008-01-02 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-02 17:39 . 2008-01-02 17:39 <DIR> d-------- C:\Program Files\Bonjour
2008-01-02 17:30 . 2008-01-02 17:30 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-01 13:47 . 2008-01-01 13:47 12 --a------ C:\WINDOWS\NetOps14.doc
2007-12-20 21:54 . 2001-08-08 15:59 34,293 --a------ C:\WINDOWS\system32\drivers\tpp200.sys
2007-12-20 21:54 . 2001-08-08 15:59 32,421 --a------ C:\WINDOWS\system32\drivers\tpp300.sys
2007-12-20 21:53 . 2007-12-20 21:53 <DIR> d-------- C:\WINDOWS\Drivers
2007-12-20 21:53 . 2001-08-08 15:59 212,992 --a------ C:\WINDOWS\tppnttry.exe
2007-12-20 21:53 . 2001-08-08 15:59 118,784 --a------ C:\WINDOWS\tppaldr.exe
2007-12-20 21:53 . 2001-08-08 15:59 88,545 --a------ C:\WINDOWS\system32\tppun.exe
2007-12-20 21:53 . 2001-08-08 15:59 43,029 --a------ C:\WINDOWS\system32\drivers\tpp725.sys
2007-12-20 21:53 . 2001-08-08 15:58 21,866 --a------ C:\Program Files\Common Files\tppupd2k.dll
2007-12-20 21:53 . 2001-08-08 15:59 17,077 --a------ C:\WINDOWS\system32\tppui32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 03:06 --------- d-----w C:\Program Files\Broderbund
2008-01-31 03:03 --------- d-----w C:\Program Files\Webshots
2008-01-31 01:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-31 00:55 --------- d-----w C:\Program Files\McAfee
2008-01-28 00:47 --------- d-----w C:\Program Files\iPod
2008-01-28 00:43 --------- d-----w C:\Program Files\QuickTime
2008-01-27 05:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-26 17:59 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\McAfee
2008-01-24 03:26 --------- d-----w C:\Program Files\LimeWire
2008-01-24 03:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-24 03:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-22 21:14 --------- d-----w C:\Program Files\Lexmark 1200 Series
2008-01-16 23:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-16 00:29 --------- d-----w C:\Program Files\BitComet
2008-01-13 21:35 --------- d-----w C:\Program Files\McAfee.com
2008-01-13 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-01-08 05:15 --------- d-----w C:\Program Files\Neuratron PhotoScore Lite Demo
2007-12-20 00:25 65,984 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\GDIPFONTCACHEV1.DAT
2007-12-13 20:33 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\U3
2005-09-27 01:11 1,358 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2003-05-30 14:22 344,064 ----a-r C:\Program Files\msvcr70.dll
2002-01-05 08:40 487,424 ----a-w C:\Program Files\msvcp70.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Update Manager"="C:\Program Files\Rogers\Update Manager\UpdateManager.exe" [2004-05-27 08:26 136992]
"RHSI SHS"="C:\Program Files\Rogers\SelfHealing\SHS.exe" [2004-09-10 10:47 1029928]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 23:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05 204288]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 19:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-04 00:10 344064]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"RegistryMechanic"="" []
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 02:07 57344]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-31 22:34 180269]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 16:57 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29 1160480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tivuyqgg]
tivuyqgg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2005-09-21 15:32 2807808 C:\WINDOWS\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-08-12 13:43 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 22:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-07-31 22:34 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
--a------ 2004-11-12 12:24 106557 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)

R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2008-01-23 21:33]
R2 p2csvc;p2csvc;C:\WINDOWS\system32\p2csvc.exe [2007-03-08 14:05]
S3 AVCSTRM;AVC Streaming Filter Driver;C:\WINDOWS\system32\DRIVERS\avcstrm.sys [2004-08-03 23:10]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device;C:\WINDOWS\system32\DRIVERS\mstape.sys [2004-08-03 23:10]
S3 p2usb;Panasonic P2 Series USB Device;C:\WINDOWS\system32\DRIVERS\p2usb.sys [2007-05-15 17:20]
S3 PhilCam8116;Logitech QuickCam Pro 3000 (08B0);C:\WINDOWS\system32\DRIVERS\CamDrO21.sys [2001-08-17 13:05]
S3 TPP300;USB Storage Adapter V3 (TPP);C:\WINDOWS\system32\DRIVERS\TPP300.SYS [2001-08-08 15:59]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-27 22:27:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-29 08:50:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped05.exe
"2008-01-13 21:26:03 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-13 21:26:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-01-31 04:26:52 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-26 01:02:07 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 23:26:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\runservice.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee\msk\msksrver.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\p2csvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-01-30 23:31:44 - machine was rebooted [HP_Administrator]
ComboFix-quarantined-files.txt 2008-01-31 04:31:40
.
2008-01-25 08:03:48 --- E O F ---
[ + quote]
echoreply
Member
_ 		31. January 2008 @ 06:11 _ Link to this message    Send private message to this user   
ok good. i will get back to you. in the mean time download and run vundofix also:

download and run vundofix.exe:

http://www.atribune.org/ccount/click.php?id=4

* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
[ + quote]
http://www.virusvault.us/
limeninja
Newbie
_ 		31. January 2008 @ 22:33 _ Link to this message    Send private message to this user   
Vundofix found nothing.
[ + quote]
echoreply
Member
_ 		31. January 2008 @ 22:53 _ Link to this message    Send private message to this user   
ok. before we use combofix look in add/remove programs panel and uninstall these if present, reboot computer after the uninstall

Browser Optimizer Dcads
Browser Optimizer Superiorads

also post a uninstall list like this:

start hjt, click on 'open misc tools section"
then "open uninstall manager"
then 'save list" button, save the list somewhere then post the list in next reply
[ + quote]
http://www.virusvault.us/
limeninja
Newbie
_ 		1. February 2008 @ 17:18 _ Link to this message    Send private message to this user   
I uninstalled browser optimizer Dcads and superiorads. Here is my uninstall list.

Sansa Media Converter
#1 DVD Ripper 5.3
2d3 SteadyMove for Adobe Premiere Pro
ABBYY FineReader 5.0 Sprint
Ad-Aware SE Personal
Adobe After Effects CS3
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Encore DVD 1.5
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Illustrator CS2
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe MPEG Encoder
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Premiere Pro 1.5
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 7.0.9
Adobe Setup
Adobe Setup
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Ahead NeroVision Express
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
BitComet 0.87
CCleaner (remove only)
CDisplay 1.8
Compatibility Pack for the 2007 Office system
Creative DVD Audio Plugin for Audigy Series
DVR 2 WMV
EP Scheduling
Final Draft 7
GdiplusUpgrade
High Definition Audio Driver Package - KB835221
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
Hotfix for Windows XP (KB935448)
HP Deskjet Preloaded Printer Drivers
HP Image Zone 4.5.3
HP Image Zone for Media Center PC
HP Image Zone Plus 4.5.3
HP Photosmart Cameras 4.0
HP PSC & OfficeJet 4.0
HP Software Update
HP Tunes
HPIZplus450
InterVideo DiscLabel
InterVideo WinDVD 6
InterVideo WinDVD Creator
iPod for Windows 2005-01-11
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
Korean Language Support
Lexmark 1200 Series
Macromedia Shockwave Player
Magic Bullet Suite 2.0
Magic Bullet Suite 2.1
Magic ISO Maker v5.4 (build 0239)
McAfee SecurityCenter
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual J# .NET Redistributable Package 1.1
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Native Instruments Sibelius Player
Nero 6 Ultra Edition
Neuratron PhotoScore Lite
Neuratron PhotoScore Lite Demo
Panasonic P2 Drivers
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RegCure 1.5.0.0
Registry Mechanic 7.0
Rogers Self Healing (remove only)
Rogers Update Manager (remove only)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Sibelius 3
Sibelius Scorch
SMC Barricade Print Server Monitor
Socialnetworking Helper Dcads
Sonic Encoders
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
TMPGEnc Plus 2.5
TPP Storage Driver Installation
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP
USB Storage Adapter (TPP)
USB Storage Adapter V2 (TPP)
USB Storage Adapter V3 (TPP)
Viewpoint Manager (Remove Only)
ViviClip Video Filters 3
WalkerFX 2.2 Professional Edition
Win32
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See KB889858 for more information]
Windows Media Player 11
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885354
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB886716
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888240
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
Yahoo! Photos Easy Upload Tool
[ + quote]
echoreply
Member
_ 		1. February 2008 @ 20:50 _ Link to this message    Send private message to this user   
hi,

ok good. look back in add/remove programs panel and uninstall this one also:

Socialnetworking Helper Dcads

reboot computer. since its been afew days and the uninstalls may change what combofix finds lets delete your copy of combofix and get a new copy to run.

to uninstall current copy:
start>run and type in combofix /u click ok
Note: there is a space after the x and before the /
------------------------------
get a new copy of combofix and post the new log:
Download combofix from one of these links and save it to Desktop:

http://subs.geekstogo.com/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
[ + quote]
http://www.virusvault.us/
limeninja
Newbie
_ 		2. February 2008 @ 00:00 _ Link to this message    Send private message to this user   
I removed that program. There is my new combofix log.

ComboFix 08-02.01.6 - HP_Administrator 2008-02-01 23:12:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.332 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))
.

2008-02-01 17:18 . 2008-02-01 17:18 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-30 21:30 . 2008-01-30 21:30 <DIR> d-------- C:\Program Files\CCleaner
2008-01-30 20:42 . 2008-01-30 20:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-30 20:42 . 2008-01-30 20:42 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2008-01-30 20:42 . 2008-01-30 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-28 21:32 . 2008-01-28 22:24 294 --ahs---- C:\WINDOWS\system32\nccjpoqj.ini
2008-01-28 21:29 . 2008-01-28 21:29 294 --ahs---- C:\WINDOWS\system32\cyybwrwb.ini
2008-01-27 19:49 . 2008-01-31 19:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-27 19:49 . 2008-01-27 19:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-27 19:47 . 2008-01-27 19:47 <DIR> d-------- C:\Program Files\iTunes
2008-01-27 11:46 . 2008-01-27 11:46 147,520 --a------ C:\WINDOWS\system32\jxcklvoj.dll
2008-01-27 11:46 . 2008-01-27 11:57 354 --ahs---- C:\WINDOWS\system32\jovlkcxj.ini
2008-01-27 11:40 . 2008-01-27 11:40 294 --ahs---- C:\WINDOWS\system32\qmtmgeaa.ini
2008-01-25 20:01 . 2008-01-25 20:13 <DIR> d-------- C:\Program Files\RegCure
2008-01-25 19:26 . 2008-01-30 20:41 <DIR> d-------- C:\Program Files\XoftSpySE
2008-01-25 19:15 . 2008-01-25 19:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-25 01:30 . 2008-01-25 01:30 147,520 --a------ C:\WINDOWS\system32\alrbvkua.dll
2008-01-23 22:44 . 2008-01-23 22:44 <DIR> d-------- C:\EPData
2008-01-23 22:43 . 2008-01-23 22:44 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-01-23 22:43 . 2008-01-23 22:43 <DIR> d-------- C:\Program Files\EP
2008-01-23 22:34 . 2008-01-23 22:34 <DIR> d--h----- C:\Documents and Settings\HP_Administrator\InstallAnywhere
2008-01-23 21:33 . 2008-01-23 21:33 120,832 --a------ C:\WINDOWS\lcmmfu.cpl
2008-01-23 21:33 . 2008-01-23 21:33 2,560 --a------ C:\WINDOWS\Runservice.exe
2008-01-23 21:33 . 2008-02-01 17:11 865 --ahs---- C:\WINDOWS\system32\mmf.sys
2008-01-23 20:49 . 2008-01-23 21:33 45,056 --a------ C:\WINDOWS\mmfs.dll
2008-01-20 12:04 . 2008-01-20 12:04 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-01-19 20:16 . 2008-01-19 20:16 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
2008-01-16 18:14 . 2008-01-16 18:15 12,800 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-01-13 16:31 . 2008-02-01 17:13 40,109 --a------ C:\WINDOWS\system32\Config.MPF
2008-01-13 16:30 . 2008-01-20 22:36 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-01-13 16:30 . 2008-01-20 12:03 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SiteAdvisor
2008-01-13 16:30 . 2008-02-01 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-13 16:28 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-01-13 16:26 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-01-13 16:26 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-01-13 16:26 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-01-13 16:26 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-01-13 16:26 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-01-13 16:26 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-01-13 16:24 . 2008-01-13 16:26 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-01-13 15:41 . 2008-01-26 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-11 17:53 . 2008-01-13 14:02 78 --a------ C:\WINDOWS\lsoon.ini
2008-01-10 22:45 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2008-01-10 22:42 . 2008-01-11 23:49 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Regrun
2008-01-10 22:42 . 2008-01-10 22:42 <DIR> d-------- C:\backreg
2008-01-10 22:40 . 2008-01-10 22:40 <DIR> d-------- C:\Program Files\Greatis
2008-01-10 22:40 . 2003-09-06 15:55 57,556 --a------ C:\WINDOWS\guard.bmp
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-09 18:57 . 2008-01-09 18:57 1,158 --a------ C:\WINDOWS\mozver.dat
2008-01-05 15:09 . 2008-01-05 15:09 40 --a------ C:\WINDOWS\system32\drmgs.sys
2008-01-05 15:01 . 2008-01-05 15:01 <DIR> d-------- C:\Program Files\MagicISO
2008-01-04 18:45 . 2008-01-04 18:45 <DIR> d-------- C:\Program Files\Panasonic P2
2008-01-03 19:40 . 2006-04-28 22:42 33 --a------ C:\WINDOWS\digifxf32.dat
2008-01-03 19:04 . 2008-01-03 19:04 <DIR> d-------- C:\Program Files\ViviClip Video Filters 3
2008-01-03 18:06 . 2006-04-28 22:40 31 --a------ C:\WINDOWS\digifxc22.dat
2008-01-02 18:26 . 2004-03-29 15:23 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-01-02 17:47 . 2008-01-02 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-02 17:39 . 2008-01-02 17:39 <DIR> d-------- C:\Program Files\Bonjour
2008-01-02 17:30 . 2008-01-02 17:30 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 22:18 --------- d-----w C:\Program Files\McAfee
2008-01-31 03:06 --------- d-----w C:\Program Files\Broderbund
2008-01-31 03:03 --------- d-----w C:\Program Files\Webshots
2008-01-31 01:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-28 00:47 --------- d-----w C:\Program Files\iPod
2008-01-28 00:43 --------- d-----w C:\Program Files\QuickTime
2008-01-27 05:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-26 18:00 118,306 ----a-w C:\WINDOWS\Fonts\x.zip
2008-01-26 17:59 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\McAfee
2008-01-24 03:26 --------- d-----w C:\Program Files\LimeWire
2008-01-24 03:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-24 03:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-22 21:14 --------- d-----w C:\Program Files\Lexmark 1200 Series
2008-01-16 23:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-16 00:29 --------- d-----w C:\Program Files\BitComet
2008-01-13 21:35 --------- d-----w C:\Program Files\McAfee.com
2008-01-13 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-01-08 05:15 --------- d-----w C:\Program Files\Neuratron PhotoScore Lite Demo
2007-12-20 00:25 65,984 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\GDIPFONTCACHEV1.DAT
2007-12-13 20:33 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\U3
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-01 17:15 290,830 ----a-w C:\WINDOWS\Fonts\Setup.exe
2005-09-27 01:11 1,358 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2003-05-30 14:22 344,064 ----a-r C:\Program Files\msvcr70.dll
2002-01-05 08:40 487,424 ----a-w C:\Program Files\msvcp70.dll
2001-08-08 20:58 21,866 ----a-w C:\Program Files\Common Files\tppupd2k.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Update Manager"="C:\Program Files\Rogers\Update Manager\UpdateManager.exe" [2004-05-27 08:26 136992]
"RHSI SHS"="C:\Program Files\Rogers\SelfHealing\SHS.exe" [2004-09-10 10:47 1029928]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 23:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05 204288]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 19:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-04 00:10 344064]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"RegistryMechanic"="" []
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 02:07 57344]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-31 22:34 180269]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 16:57 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29 1160480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tivuyqgg]
tivuyqgg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2005-09-21 15:32 2807808 C:\WINDOWS\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-08-12 13:43 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 22:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-07-31 22:34 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
--a------ 2004-11-12 12:24 106557 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)

R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2008-01-23 21:33]
R2 p2csvc;p2csvc;C:\WINDOWS\system32\p2csvc.exe [2007-03-08 14:05]
S2 0282061201904288mcinstcleanup;McAfee Application Installer Cleanup (0282061201904288);C:\WINDOWS\TEMP\028206~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []
S3 AVCSTRM;AVC Streaming Filter Driver;C:\WINDOWS\system32\DRIVERS\avcstrm.sys [2004-08-03 23:10]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device;C:\WINDOWS\system32\DRIVERS\mstape.sys [2004-08-03 23:10]
S3 p2usb;Panasonic P2 Series USB Device;C:\WINDOWS\system32\DRIVERS\p2usb.sys [2007-05-15 17:20]
S3 PhilCam8116;Logitech QuickCam Pro 3000 (08B0);C:\WINDOWS\system32\DRIVERS\CamDrO21.sys [2001-08-17 13:05]
S3 TPP300;USB Storage Adapter V3 (TPP);C:\WINDOWS\system32\DRIVERS\TPP300.SYS [2001-08-08 15:59]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-27 22:27:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-02 00:50:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped05.exe
"2008-01-13 21:26:03 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-13 21:26:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-02-01 22:13:16 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-26 01:02:07 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 23:18:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-01 23:19:00
ComboFix-quarantined-files.txt 2008-02-02 04:18:57
ComboFix2.txt 2008-01-31 04:31:44
.
2008-01-25 08:03:48 --- E O F ---
[ + quote]
echoreply
Member
_ 		2. February 2008 @ 10:01 _ Link to this message    Send private message to this user   
ok thanks for the info.

Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad

Save this as CFScript to your desktop. 


File::

C:\WINDOWS\system32\jxcklvoj.dll 

C:\WINDOWS\system32\jovlkcxj.ini 

C:\WINDOWS\system32\nccjpoqj.ini 

C:\WINDOWS\system32\cyybwrwb.ini 

C:\WINDOWS\system32\qmtmgeaa.ini 

C:\WINDOWS\system32\alrbvkua.dll 



Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tivuyqgg]

now locate the script you just saved to your desktop and the combofix icon on your desktop. using your mouse, drag the script file right on top of the combofix icon and release. combofix will run, post the new log it generates in next reply.
[ + quote]
http://www.virusvault.us/
limeninja
Newbie
_ 		2. February 2008 @ 14:47 _ Link to this message    Send private message to this user   
Here is the new log.

ComboFix 08-02.01.6 - HP_Administrator 2008-02-02 14:40:05.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.468 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\alrbvkua.dll
C:\WINDOWS\system32\cyybwrwb.ini
C:\WINDOWS\system32\jovlkcxj.ini
C:\WINDOWS\system32\jxcklvoj.dll
C:\WINDOWS\system32\nccjpoqj.ini
C:\WINDOWS\system32\qmtmgeaa.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\alrbvkua.dll
C:\WINDOWS\system32\cyybwrwb.ini
C:\WINDOWS\system32\jovlkcxj.ini
C:\WINDOWS\system32\jxcklvoj.dll
C:\WINDOWS\system32\nccjpoqj.ini
C:\WINDOWS\system32\qmtmgeaa.ini

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))
.

2008-01-30 21:30 . 2008-01-30 21:30 <DIR> d-------- C:\Program Files\CCleaner
2008-01-30 20:42 . 2008-01-30 20:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-30 20:42 . 2008-01-30 20:42 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2008-01-30 20:42 . 2008-01-30 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-27 19:49 . 2008-01-31 19:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-27 19:49 . 2008-01-27 19:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-27 19:47 . 2008-01-27 19:47 <DIR> d-------- C:\Program Files\iTunes
2008-01-25 20:01 . 2008-01-25 20:13 <DIR> d-------- C:\Program Files\RegCure
2008-01-25 19:26 . 2008-01-30 20:41 <DIR> d-------- C:\Program Files\XoftSpySE
2008-01-25 19:15 . 2008-01-25 19:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-23 22:44 . 2008-01-23 22:44 <DIR> d-------- C:\EPData
2008-01-23 22:43 . 2008-01-23 22:44 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-01-23 22:43 . 2008-01-23 22:43 <DIR> d-------- C:\Program Files\EP
2008-01-23 22:34 . 2008-01-23 22:34 <DIR> d--h----- C:\Documents and Settings\HP_Administrator\InstallAnywhere
2008-01-23 21:33 . 2008-01-23 21:33 120,832 --a------ C:\WINDOWS\lcmmfu.cpl
2008-01-23 21:33 . 2008-01-23 21:33 2,560 --a------ C:\WINDOWS\Runservice.exe
2008-01-23 21:33 . 2008-02-02 14:31 865 --ahs---- C:\WINDOWS\system32\mmf.sys
2008-01-23 20:49 . 2008-01-23 21:33 45,056 --a------ C:\WINDOWS\mmfs.dll
2008-01-20 12:04 . 2008-01-20 12:04 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-01-19 20:16 . 2008-01-19 20:16 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
2008-01-16 18:14 . 2008-01-16 18:15 12,800 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-01-13 16:31 . 2008-02-02 14:32 40,109 --a------ C:\WINDOWS\system32\Config.MPF
2008-01-13 16:30 . 2008-01-20 22:36 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-01-13 16:30 . 2008-01-20 12:03 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SiteAdvisor
2008-01-13 16:30 . 2008-02-01 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-13 16:28 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-01-13 16:26 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-01-13 16:26 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-01-13 16:26 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-01-13 16:26 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-01-13 16:26 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-01-13 16:26 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-01-13 16:24 . 2008-01-13 16:26 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-01-13 15:41 . 2008-01-26 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-11 17:53 . 2008-01-13 14:02 78 --a------ C:\WINDOWS\lsoon.ini
2008-01-10 22:45 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2008-01-10 22:42 . 2008-01-11 23:49 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Regrun
2008-01-10 22:42 . 2008-01-10 22:42 <DIR> d-------- C:\backreg
2008-01-10 22:40 . 2008-01-10 22:40 <DIR> d-------- C:\Program Files\Greatis
2008-01-10 22:40 . 2003-09-06 15:55 57,556 --a------ C:\WINDOWS\guard.bmp
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-09 18:57 . 2008-01-09 18:57 1,158 --a------ C:\WINDOWS\mozver.dat
2008-01-05 15:09 . 2008-01-05 15:09 40 --a------ C:\WINDOWS\system32\drmgs.sys
2008-01-05 15:01 . 2008-01-05 15:01 <DIR> d-------- C:\Program Files\MagicISO
2008-01-04 18:45 . 2008-01-04 18:45 <DIR> d-------- C:\Program Files\Panasonic P2
2008-01-03 19:40 . 2006-04-28 22:42 33 --a------ C:\WINDOWS\digifxf32.dat
2008-01-03 19:04 . 2008-01-03 19:04 <DIR> d-------- C:\Program Files\ViviClip Video Filters 3
2008-01-03 18:06 . 2006-04-28 22:40 31 --a------ C:\WINDOWS\digifxc22.dat
2008-01-02 18:26 . 2004-03-29 15:23 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-01-02 17:47 . 2008-01-02 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-02 17:39 . 2008-01-02 17:39 <DIR> d-------- C:\Program Files\Bonjour
2008-01-02 17:30 . 2008-01-02 17:30 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-02 19:31 --------- d-----w C:\Program Files\McAfee
2008-02-02 05:21 --------- d-----w C:\Program Files\InterVideo
2008-02-02 05:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 05:20 --------- d-----w C:\Program Files\Creative
2008-01-31 03:06 --------- d-----w C:\Program Files\Broderbund
2008-01-31 03:03 --------- d-----w C:\Program Files\Webshots
2008-01-31 01:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-28 00:47 --------- d-----w C:\Program Files\iPod
2008-01-28 00:43 --------- d-----w C:\Program Files\QuickTime
2008-01-27 05:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-26 18:00 118,306 ----a-w C:\WINDOWS\Fonts\x.zip
2008-01-26 17:59 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\McAfee
2008-01-24 03:26 --------- d-----w C:\Program Files\LimeWire
2008-01-24 03:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-22 21:14 --------- d-----w C:\Program Files\Lexmark 1200 Series
2008-01-16 23:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-16 00:29 --------- d-----w C:\Program Files\BitComet
2008-01-13 21:35 --------- d-----w C:\Program Files\McAfee.com
2008-01-13 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-01-08 05:15 --------- d-----w C:\Program Files\Neuratron PhotoScore Lite Demo
2007-12-20 00:25 65,984 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\GDIPFONTCACHEV1.DAT
2007-12-13 20:33 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\U3
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-01 17:15 290,830 ----a-w C:\WINDOWS\Fonts\Setup.exe
2005-09-27 01:11 1,358 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2003-05-30 14:22 344,064 ----a-r C:\Program Files\msvcr70.dll
2002-01-05 08:40 487,424 ----a-w C:\Program Files\msvcp70.dll
2001-08-08 20:58 21,866 ----a-w C:\Program Files\Common Files\tppupd2k.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Update Manager"="C:\Program Files\Rogers\Update Manager\UpdateManager.exe" [2004-05-27 08:26 136992]
"RHSI SHS"="C:\Program Files\Rogers\SelfHealing\SHS.exe" [2004-09-10 10:47 1029928]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 23:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05 204288]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 19:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-04 00:10 344064]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"RegistryMechanic"="" []
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 02:07 57344]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-31 22:34 180269]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 16:57 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29 1160480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tivuyqgg]
tivuyqgg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2005-09-21 15:32 2807808 C:\WINDOWS\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-08-12 13:43 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 22:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-07-31 22:34 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
--a------ 2004-11-12 12:24 106557 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)

R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2008-01-23 21:33]
R2 p2csvc;p2csvc;C:\WINDOWS\system32\p2csvc.exe [2007-03-08 14:05]
S3 AVCSTRM;AVC Streaming Filter Driver;C:\WINDOWS\system32\DRIVERS\avcstrm.sys [2004-08-03 23:10]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device;C:\WINDOWS\system32\DRIVERS\mstape.sys [2004-08-03 23:10]
S3 p2usb;Panasonic P2 Series USB Device;C:\WINDOWS\system32\DRIVERS\p2usb.sys [2007-05-15 17:20]
S3 PhilCam8116;Logitech QuickCam Pro 3000 (08B0);C:\WINDOWS\system32\DRIVERS\CamDrO21.sys [2001-08-17 13:05]
S3 TPP300;USB Storage Adapter V3 (TPP);C:\WINDOWS\system32\DRIVERS\TPP300.SYS [2001-08-08 15:59]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-27 22:27:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-02 04:50:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped05.exe
"2008-01-13 21:26:03 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-13 21:26:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-02-02 19:32:33 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-26 01:02:07 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 14:45:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-02 14:46:01
ComboFix-quarantined-files.txt 2008-02-02 19:45:58
ComboFix2.txt 2008-02-02 04:19:01
ComboFix3.txt 2008-01-31 04:31:44
.
2008-01-25 08:03:48 --- E O F ---
[ + quote]
echoreply
Member
_ 		2. February 2008 @ 19:31 _ Link to this message    Send private message to this user   
ok good. you should know that file sharing networks are a large part of distributing malware. i have some p2p info on my web site. hows it looking on your end now??
[ + quote]
http://www.virusvault.us/
limeninja
Newbie
_ 		3. February 2008 @ 22:55 _ Link to this message    Send private message to this user   
Its looking pretty good thanks. Startups a lot quicker. When I run virus scan, it still comes up with Junk Nav Quar that it can't remove, and the C: drive still shows up as an 'X', but everything seems to be running okay.
[ + quote]
echoreply
Member
_ 		4. February 2008 @ 21:35 _ Link to this message    Send private message to this user   
ok good. you can remove combofix like this:

go to start>run and type in combofix /u
there is a space after the "x" and before the /

do a online scan here:
ESET online scanner:

http://www.eset.com/onlinescan/

uses Internet Explorer only
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan unwanted applications"
click scan
when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
please copy/paste that log in next reply.

echoreply
[ + quote]
http://www.virusvault.us/
limeninja
Newbie
_ 		5. February 2008 @ 06:38 _ Link to this message    Send private message to this user   
I ran the ESET online scanner. I think it found something it couldn't delete either.

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2847 (20080204)
# vers_arch_module=1.063 (20080117)
# vers_adv_heur_module=1.060 (20070601)
# EOSSerial=bba62771a7f38549980f9432604a7527
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-02-05 05:37:19
# local_time=2008-02-05 12:37:19 (-0500, Eastern Standard Time)
# country="Canada"
# osver=5.1.2600 NT Service Pack 2
# scanned=645614
# found=3
# scan_time=9617
C:\WINDOWS\Fonts\Setup.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\Fonts\x.zip probably unknown NewHeur_PE virus (deleted) 00000000000000000000000000000000
C:\WINDOWS\Fonts\x.zip »ZIP »Setup.exe probably unknown NewHeur_PE virus (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
[ + quote]
echoreply
Member
_ 		5. February 2008 @ 20:45 _ Link to this message    Send private message to this user   
hi,

looks like it deleted a part of it?

Quote:
was a part of the deleted object
navigate here:
C:\WINDOWS\Fonts\

look in the Fonts dir for a zip file, dont delete it yet, just see if you can find a zip file in there.

to show all files:
FOr XP: on the desktop double click my computer,go to tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok
[ + quote]
http://www.virusvault.us/
limeninja
Newbie
_ 		5. February 2008 @ 21:16 _ Link to this message    Send private message to this user   
Can't find any zip file in the fonts folder, but virus scan keeps coming up with this Junk Nav Quar virus and the C: drive is still an 'x'.
[ + quote]
Advertisement
_ 		__
 
_
echoreply
Member
_ 		6. February 2008 @ 05:31 _ Link to this message    Send private message to this user   
Quote:
virus scan keeps coming up with this Junk Nav Quar virus

your mcafee AV? does it provide a path to the file? that online scan looks ok. its possible it could be a false positive.

you can try this for the icon:
first back up your registry, if you dont know how dont do this yet until i post back, iam not in windows now so cant check. i can post back with directions on backing it up.

open notepad and copy paste in whats below; 


REGEDIT4



[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Drive Icons]
save this to your desktop

Filename: fixit.reg
Save as type: All Files (*.*)

Double click the fixit.reg on your desktop, select yes when asked if you want to merge it in the registry. reboot computer, check drive icon.
[ + quote]
http://www.virusvault.us/
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > slow computer, can't delete desktop items
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork