1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WinAntiVirus Pro 2007 virus

Discussion in 'Windows - Virus and spyware problems' started by dcho787, Aug 15, 2007.

  1. dcho787

    dcho787 Member

    Joined:
    Aug 27, 2005
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    11
    Hey guys,

    Got this really annoying virus on my computer. Here's my HiJackThisLog... Thanks!

    Logfile of HijackThis v1.99.1
    Scan saved at 7:05:06 PM, on 8/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\mnurepvn.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\system32\PRISMSVC.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Dell Wireless\PRISMCFG.exe
    C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\program files\mcafee.com\shared\mghtml.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\David Cho\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
    O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
    O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\naeggwqv.dll",forkonce
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\mnurepvn.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
     
  2. hilu

    hilu Member

    Joined:
    Jun 7, 2006
    Messages:
    81
    Likes Received:
    0
    Trophy Points:
    16
    Hi dcho787 :)

    Before we begin, you'll need to put HijackThis.exe in a folder of its own for it to function properly. Right click on an empty space on the desktop and go New>Folder to create a new folder. Name it HijackThis. Drag and drop HijackThis.exe in that folder. Open this folder.

    Now right click HijackThis.exe and rename it to scanner.exe. Now right click it again and create a shortcut on your desktop. HjT makes backups of its work. It needs to be in its own folder.

    -----------------------------------------------------------------

    Please download VundoFix.exe to your desktop.
    * Double-click VundoFix.exe to run it.
    * Click the Scan for Vundo button.
    * Once it's done scanning, click the Remove Vundo button.
    * You will receive a prompt asking if you want to remove the files, click YES
    * Once you click yes, your desktop will go blank as it starts removing Vundo.
    * When completed, it will prompt that it will reboot your computer, click OK.
    * Please post the contents of C:\vundofix.txt and a new HiJackThis log.

    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

    Post:

    C:\vundofix.txt
    fresh HiJackThis log
     
    Last edited: Aug 18, 2007
  3. dcho787

    dcho787 Member

    Joined:
    Aug 27, 2005
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    11
    Ok, I followed your instructions this time. First, here is VundoFix.txt.


    Performing Repairs to the registry.
    Done!

    VundoFix V6.5.6

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 6:46:45 PM 8/8/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\nqstv.bak1
    C:\WINDOWS\system32\nqstv.bak2
    C:\WINDOWS\system32\nqstv.ini
    C:\WINDOWS\system32\vtsqn.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\nqstv.bak1
    C:\WINDOWS\system32\nqstv.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nqstv.bak2
    C:\WINDOWS\system32\nqstv.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nqstv.ini
    C:\WINDOWS\system32\nqstv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtsqn.dll
    C:\WINDOWS\system32\vtsqn.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.5.6

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 8:42:59 PM 8/12/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\ghhkj.bak1
    C:\WINDOWS\system32\ghhkj.bak2
    C:\WINDOWS\system32\ghhkj.ini
    C:\WINDOWS\system32\jkhhg.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\ghhkj.bak1
    C:\WINDOWS\system32\ghhkj.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ghhkj.bak2
    C:\WINDOWS\system32\ghhkj.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ghhkj.ini
    C:\WINDOWS\system32\ghhkj.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkhhg.dll
    C:\WINDOWS\system32\jkhhg.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.5.7

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 8:01:49 PM 8/19/2007

    Listing files found while scanning....

    C:\windows\system32\alfpkeww.ini
    C:\WINDOWS\system32\dslwnnfg.ini
    C:\WINDOWS\system32\gfnnwlsd.dll
    C:\WINDOWS\system32\iobkndin.dll
    C:\WINDOWS\system32\jkhfd.dll
    C:\WINDOWS\system32\ljjkihh.dll
    C:\WINDOWS\system32\vyqhbwsm.dll
    C:\windows\system32\wwekpfla.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\alfpkeww.ini
    C:\windows\system32\alfpkeww.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dslwnnfg.ini
    C:\WINDOWS\system32\dslwnnfg.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gfnnwlsd.dll
    C:\WINDOWS\system32\gfnnwlsd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\iobkndin.dll
    C:\WINDOWS\system32\iobkndin.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkhfd.dll
    C:\WINDOWS\system32\jkhfd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ljjkihh.dll
    C:\WINDOWS\system32\ljjkihh.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vyqhbwsm.dll
    C:\WINDOWS\system32\vyqhbwsm.dll Has been deleted!

    Attempting to delete C:\windows\system32\wwekpfla.dll
    C:\windows\system32\wwekpfla.dll Has been deleted!

    Performing Repairs to the registry.
    Done!


    Next, here is my HijackThis Log.


    Logfile of HijackThis v1.99.1
    Scan saved at 8:09:34 PM, on 8/19/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\mnurepvn.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\system32\PRISMSVC.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\poolsv.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Dell Wireless\PRISMCFG.exe
    C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\David Cho\Desktop\HijackThis\scanner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {35A305BB-D8FC-48E7-9F1D-29D76EAA8E84} - C:\WINDOWS\system32\jkhfd.dll (file missing)
    O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: (no name) - {5DA7A373-E08B-43F4-B94C-157F56DE191A} - C:\WINDOWS\system32\jkhhg.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {9FA759E3-F9AF-4F47-A43B-2449C5E299D6} - C:\WINDOWS\system32\vtsqn.dll (file missing)
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: (no name) - {D518DB52-BCCA-41C8-8162-5A77D1D5A7DC} - C:\WINDOWS\system32\jkklm.dll (file missing)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
    O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: PRISMAPI.DLL - C:\WINDOWS\SYSTEM32\PRISMAPI.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\mnurepvn.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
     
  4. hilu

    hilu Member

    Joined:
    Jun 7, 2006
    Messages:
    81
    Likes Received:
    0
    Trophy Points:
    16
    Download ComboFix from
    Here
    or
    Here
    to your Desktop.

    *Double click combofix.exe and follow the prompts.
    *When finished, it shall produce a log for you.
    Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall


    post:
    C:\combofix.txt
    fresh HiJackThis log
     
  5. dcho787

    dcho787 Member

    Joined:
    Aug 27, 2005
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    11
    ComboFix 07-08-17.2 - "x" 2007-08-22 18:48:00.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.602 [GMT -7:00]
    * Created a new restore point


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Common Files\winantispyware 2007
    C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
    C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
    C:\Program Files\poolsv
    C:\Program Files\poolsv\k11u72.exe
    C:\Program Files\poolsv\svhost.exe
    C:\Program Files\poolsv\wr-1-0000077.exe
    C:\Program Files\poolsv\YazzleBundle-1549.exe
    C:\temp\brr
    C:\WINDOWS\poolsv.exe
    C:\WINDOWS\system32\b10FdUe
    C:\WINDOWS\system32\b10FdUe\b10FdUe1099.exe
    C:\WINDOWS\system32\bszip.dll
    C:\WINDOWS\system32\mnurepvn.exe
    C:\WINDOWS\system32\vamfwdjd.exe


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_DOMAINSERVICE
    -------\DomainService


    ((((((((((((((((((((((((( Files Created from 2007-07-23 to 2007-08-23 )))))))))))))))))))))))))))))))


    2007-08-22 18:47 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-08-15 18:44 1,614,993 ---hs---- C:\WINDOWS\system32\dfhkj.bak2
    2007-08-12 20:51 6,461 ---hs---- C:\WINDOWS\system32\dfhkj.bak1
    2007-08-05 21:13 <DIR> d-------- C:\VundoFix Backups
    2007-08-05 20:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-08-05 19:03 <DIR> d-------- C:\Program Files\Lavasoft
    2007-08-05 19:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-08-05 19:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-08-01 20:10 <DIR> d-------- C:\Temp


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-01 20:05 --------- d-------- C:\DOCUME~1\DAVIDC~1\APPLIC~1\McAfee.com Personal Firewall
    2007-06-26 08:13 851968 --------- C:\WINDOWS\system32\dllcache\vgx.dll
    2007-06-26 07:35 665600 --------- C:\WINDOWS\system32\dllcache\wininet.dll
    2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
    2007-06-25 23:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
    2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
    2007-06-19 06:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
    2007-06-15 01:12 96256 --------- C:\WINDOWS\system32\dllcache\inseng.dll
    2007-06-15 01:12 616960 --------- C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-06-15 01:12 55808 --------- C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-06-15 01:12 532480 --------- C:\WINDOWS\system32\dllcache\mstime.dll
    2007-06-15 01:12 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-06-15 01:12 449024 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-06-15 01:12 39424 --------- C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-06-15 01:12 357888 --------- C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-06-15 01:12 3064320 --------- C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-06-15 01:12 251904 --------- C:\WINDOWS\system32\dllcache\iepeers.dll
    2007-06-15 01:12 205824 --------- C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-06-15 01:12 16384 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-06-15 01:12 151040 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
    2007-06-15 01:12 1498112 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-06-15 01:12 146432 --------- C:\WINDOWS\system32\dllcache\msrating.dll
    2007-06-15 01:12 1054208 --------- C:\WINDOWS\system32\dllcache\danim.dll
    2007-06-15 01:12 1022976 --------- C:\WINDOWS\system32\dllcache\browseui.dll
    2007-06-14 03:32 18432 --------- C:\WINDOWS\system32\dllcache\iedw.exe
    2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
    2007-06-13 03:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
    2007-03-22 03:41:15 88 --sh--r C:\WINDOWS\system32\B687AFEF41.sys
    2007-03-22 03:41:17 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35A305BB-D8FC-48E7-9F1D-29D76EAA8E84}]
    C:\WINDOWS\system32\jkhfd.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5DA7A373-E08B-43F4-B94C-157F56DE191A}]
    C:\WINDOWS\system32\jkhhg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9FA759E3-F9AF-4F47-A43B-2449C5E299D6}]
    C:\WINDOWS\system32\vtsqn.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D518DB52-BCCA-41C8-8162-5A77D1D5A7DC}]
    C:\WINDOWS\system32\jkklm.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 09:17 C:\WINDOWS\stsystra.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 19:05]
    "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 01:12]
    "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-08-22 17:23]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
    "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 17:20]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44]
    "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 16:18]
    "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 20:02]
    "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-07-01 17:22]
    "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2005-08-26 12:26]
    "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 17:05]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 03:20]
    "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [2005-07-12 16:06]
    "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 10:49]
    "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-08-18 15:52]
    "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 15:34]
    "Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 04:52]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22]
    "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 14:25]
    "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 14:45]
    "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-11-11 18:30]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "svhost"="C:\WINDOWS\svhost.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
    QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 09:59:36]
    SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2006-09-11 11:00:12]
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-01-24 21:35:27]
    Wireless USB 2.0 WLAN Card Utility.lnk - C:\Program Files\Dell Wireless\PRISMCFG.exe [2006-08-22 17:17:17]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
    PRISMAPI.DLL 2005-12-22 18:08 450646 C:\WINDOWS\system32\PRISMAPI.dll

    R2 PRISMSVC;PRISMSVC;C:\WINDOWS\system32\PRISMSVC.EXE
    R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
    R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys
    R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys
    R3 DELL_A02;Dell TrueMobile 1300 USB2.0 WLAN Card Driver;C:\WINDOWS\system32\DRIVERS\PRISMA02.sys


    Contents of the 'Scheduled Tasks' folder
    2007-08-20 00:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    2006-08-31 22:41:50 C:\WINDOWS\Tasks\ISP signup reminder 1.job - C:\WINDOWS\system32\OOBE\oobebaln.exe
    2007-07-14 01:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (MDKIRK-Eric Cho).job - c:\program files\mcafee.com\vso\mcmnhdlr.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-22 18:52:08
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-22 18:53:49 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-08-22 18:53

    --- E O F ---










    Logfile of HijackThis v1.99.1
    Scan saved at 6:58:23 PM, on 8/22/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\system32\PRISMSVC.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Dell Wireless\PRISMCFG.exe
    C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\David Cho\Desktop\HijackThis\scanner.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {35A305BB-D8FC-48E7-9F1D-29D76EAA8E84} - C:\WINDOWS\system32\jkhfd.dll (file missing)
    O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: (no name) - {5DA7A373-E08B-43F4-B94C-157F56DE191A} - C:\WINDOWS\system32\jkhhg.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {9FA759E3-F9AF-4F47-A43B-2449C5E299D6} - C:\WINDOWS\system32\vtsqn.dll (file missing)
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: (no name) - {D518DB52-BCCA-41C8-8162-5A77D1D5A7DC} - C:\WINDOWS\system32\jkklm.dll (file missing)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: PRISMAPI.DLL - C:\WINDOWS\SYSTEM32\PRISMAPI.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE


     
  6. hilu

    hilu Member

    Joined:
    Jun 7, 2006
    Messages:
    81
    Likes Received:
    0
    Trophy Points:
    16
    Hi,


    Upload a File to Virustotal
    Please visit Virustotal

    * Click the Browse... button
    * Navigate to the file C:\WINDOWS\system32\B687AFEF41.sys
    * Click the Open button
    * Click the Send button
    * Copy and paste the results back here please.

    -------------------------------------------------------

    Open HijackThis, click do a system scan only and checkmark these:

    O2 - BHO: (no name) - {35A305BB-D8FC-48E7-9F1D-29D76EAA8E84} - C:\WINDOWS\system32\jkhfd.dll (file missing)
    O2 - BHO: (no name) - {5DA7A373-E08B-43F4-B94C-157F56DE191A} - C:\WINDOWS\system32\jkhhg.dll (file missing)
    O2 - BHO: (no name) - {9FA759E3-F9AF-4F47-A43B-2449C5E299D6} - C:\WINDOWS\system32\vtsqn.dll (file missing)
    O2 - BHO: (no name) - {D518DB52-BCCA-41C8-8162-5A77D1D5A7DC} - C:\WINDOWS\system32\jkklm.dll (file missing)
    O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"

    Close all windows including browser and press fix checked.


    --------------------------------------------------------------

    Please Open notepad and copy/paste the text in the quotebox below into it:

    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot (in case it asks to reboot),


    please download ATF Cleaner by Atribune.

    * Double-click ATF-Cleaner.exe to run the program.
    * Under Main choose: Select All
    * Click the Empty Selected button.

    If you use Firefox browser

    * Click Firefox at the top and choose: Select All
    * Click the Empty Selected button.
    * NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

    * Click Opera at the top and choose: Select All
    * Click the Empty Selected button.
    * NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first.

    -------------------------------------------------------------

    Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.

    * Install AVG Anti-Spyware by double clicking the installer.
    * Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
    * On the main screen under Your Computer's security.
    * Click on Change state next to Resident shield. It should now change to inactive.
    * Click on Change state next to Automatic updates. It should now change to inactive.
    * Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    * Wait until you see the Update succesfull message.
    * Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
    * Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

    If you are having problems with the updater, you can use this link to manually update ewido.
    AVG Anti-Spyware manual updates.

    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

    Reboot your computer in Safe Mode.
    * If the computer is running, shut down Windows, and then turn off the power.
    * Wait 30 seconds, and then turn the computer on.
    * Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    * Ensure that the Safe Mode option is selected.
    * Press Enter. The computer then begins to start in Safe mode.
    * Login on your usual account.

    Once in Safe Mode:

    Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

    * Click on Scanner on the toolbar.
    * Click on the Settings tab.
    * Under How to act?
    * Click on Recommended Action and choose Quarantine from the popup menu.
    * Under How to scan?
    * All checkboxes should be ticked.
    * Under Possibly unwanted software:
    * All checkboxes should be ticked.
    * Under Reports:
    * Select Automatically generate report after every scan and uncheck Only if threats were found.
    * Under What to scan?
    * Select Scan every file.
    * Click on the Scan tab.
    * Click on Complete System Scan to start the scan process.
    * Let the program scan the machine.
    * When the scan has finished, follow the instructions below.

    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.

    * Make sure that Set all elements to: shows Quarantine
    (1), if not click on the link and choose Quarantine from the popup menu. (2) *At the bottom of the window click on the Apply all Actions button. (3)
    [​IMG]
    * When done, click the Save Scan Report button.
    (4) *Click the Save Report as button.
    * Save the report to your Desktop.

    * Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

    Reboot back into Normal Mode

    post:

    virustotal results
    fresh HiJackThis log
    Combofix.txt
    AVG log
     
  7. dcho787

    dcho787 Member

    Joined:
    Aug 27, 2005
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    11
    hilu,

    I can't find the file C:\WINDOWS\system32\B687AFEF41.sys - I even tried revealing all hidden files but still nothing.

    Should I just follow the rest of the instructions?
     
  8. hilu

    hilu Member

    Joined:
    Jun 7, 2006
    Messages:
    81
    Likes Received:
    0
    Trophy Points:
    16
    Hi,

    ok, follow the rest of the instructions :)
     
  9. dcho787

    dcho787 Member

    Joined:
    Aug 27, 2005
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    11
    "If you use Firefox browser

    * Click Firefox at the top and choose: Select All
    * Click the Empty Selected button.
    * NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

    * Click Opera at the top and choose: Select All
    * Click the Empty Selected button.
    * NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first. "


    What if I am using Internet Explorer?
     
  10. hilu

    hilu Member

    Joined:
    Jun 7, 2006
    Messages:
    81
    Likes Received:
    0
    Trophy Points:
    16
    Hi,

    Then do only this one:

    * Double-click ATF-Cleaner.exe to run the program.
    * Under Main choose: Select All
    *Click the Empty Selected button.

    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first.
     

Share This Page