Hey guys, Got this really annoying virus on my computer. Here's my HiJackThisLog... Thanks! Logfile of HijackThis v1.99.1 Scan saved at 7:05:06 PM, on 8/15/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\mnurepvn.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\WINDOWS\system32\PRISMSVC.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PRISMSVR.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\program files\mcafee.com\vso\mcvsshld.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Dell Wireless\PRISMCFG.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe c:\program files\mcafee.com\shared\mghtml.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\David Cho\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe" O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe" O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\naeggwqv.dll",forkonce O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ? O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: DomainService - - C:\WINDOWS\system32\mnurepvn.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
Hi dcho787 Before we begin, you'll need to put HijackThis.exe in a folder of its own for it to function properly. Right click on an empty space on the desktop and go New>Folder to create a new folder. Name it HijackThis. Drag and drop HijackThis.exe in that folder. Open this folder. Now right click HijackThis.exe and rename it to scanner.exe. Now right click it again and create a shortcut on your desktop. HjT makes backups of its work. It needs to be in its own folder. ----------------------------------------------------------------- Please download VundoFix.exe to your desktop. * Double-click VundoFix.exe to run it. * Click the Scan for Vundo button. * Once it's done scanning, click the Remove Vundo button. * You will receive a prompt asking if you want to remove the files, click YES * Once you click yes, your desktop will go blank as it starts removing Vundo. * When completed, it will prompt that it will reboot your computer, click OK. * Please post the contents of C:\vundofix.txt and a new HiJackThis log. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot. Post: C:\vundofix.txt fresh HiJackThis log
Ok, I followed your instructions this time. First, here is VundoFix.txt. Performing Repairs to the registry. Done! VundoFix V6.5.6 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Scan started at 6:46:45 PM 8/8/2007 Listing files found while scanning.... C:\WINDOWS\system32\nqstv.bak1 C:\WINDOWS\system32\nqstv.bak2 C:\WINDOWS\system32\nqstv.ini C:\WINDOWS\system32\vtsqn.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\nqstv.bak1 C:\WINDOWS\system32\nqstv.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\nqstv.bak2 C:\WINDOWS\system32\nqstv.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\nqstv.ini C:\WINDOWS\system32\nqstv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\vtsqn.dll C:\WINDOWS\system32\vtsqn.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.6 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Scan started at 8:42:59 PM 8/12/2007 Listing files found while scanning.... C:\WINDOWS\system32\ghhkj.bak1 C:\WINDOWS\system32\ghhkj.bak2 C:\WINDOWS\system32\ghhkj.ini C:\WINDOWS\system32\jkhhg.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\ghhkj.bak1 C:\WINDOWS\system32\ghhkj.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\ghhkj.bak2 C:\WINDOWS\system32\ghhkj.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\ghhkj.ini C:\WINDOWS\system32\ghhkj.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\jkhhg.dll C:\WINDOWS\system32\jkhhg.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.7 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Scan started at 8:01:49 PM 8/19/2007 Listing files found while scanning.... C:\windows\system32\alfpkeww.ini C:\WINDOWS\system32\dslwnnfg.ini C:\WINDOWS\system32\gfnnwlsd.dll C:\WINDOWS\system32\iobkndin.dll C:\WINDOWS\system32\jkhfd.dll C:\WINDOWS\system32\ljjkihh.dll C:\WINDOWS\system32\vyqhbwsm.dll C:\windows\system32\wwekpfla.dll Beginning removal... Attempting to delete C:\windows\system32\alfpkeww.ini C:\windows\system32\alfpkeww.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\dslwnnfg.ini C:\WINDOWS\system32\dslwnnfg.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\gfnnwlsd.dll C:\WINDOWS\system32\gfnnwlsd.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\iobkndin.dll C:\WINDOWS\system32\iobkndin.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\jkhfd.dll C:\WINDOWS\system32\jkhfd.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ljjkihh.dll C:\WINDOWS\system32\ljjkihh.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\vyqhbwsm.dll C:\WINDOWS\system32\vyqhbwsm.dll Has been deleted! Attempting to delete C:\windows\system32\wwekpfla.dll C:\windows\system32\wwekpfla.dll Has been deleted! Performing Repairs to the registry. Done! Next, here is my HijackThis Log. Logfile of HijackThis v1.99.1 Scan saved at 8:09:34 PM, on 8/19/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\mnurepvn.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\WINDOWS\system32\PRISMSVC.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PRISMSVR.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\poolsv.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Dell Wireless\PRISMCFG.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\David Cho\Desktop\HijackThis\scanner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {35A305BB-D8FC-48E7-9F1D-29D76EAA8E84} - C:\WINDOWS\system32\jkhfd.dll (file missing) O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {5DA7A373-E08B-43F4-B94C-157F56DE191A} - C:\WINDOWS\system32\jkhhg.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {9FA759E3-F9AF-4F47-A43B-2449C5E299D6} - C:\WINDOWS\system32\vtsqn.dll (file missing) O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: (no name) - {D518DB52-BCCA-41C8-8162-5A77D1D5A7DC} - C:\WINDOWS\system32\jkklm.dll (file missing) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe" O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ? O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: PRISMAPI.DLL - C:\WINDOWS\SYSTEM32\PRISMAPI.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: DomainService - - C:\WINDOWS\system32\mnurepvn.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
Download ComboFix from Here or Here to your Desktop. *Double click combofix.exe and follow the prompts. *When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall post: C:\combofix.txt fresh HiJackThis log
ComboFix 07-08-17.2 - "x" 2007-08-22 18:48:00.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.602 [GMT -7:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Common Files\winantispyware 2007 C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe C:\Program Files\poolsv C:\Program Files\poolsv\k11u72.exe C:\Program Files\poolsv\svhost.exe C:\Program Files\poolsv\wr-1-0000077.exe C:\Program Files\poolsv\YazzleBundle-1549.exe C:\temp\brr C:\WINDOWS\poolsv.exe C:\WINDOWS\system32\b10FdUe C:\WINDOWS\system32\b10FdUe\b10FdUe1099.exe C:\WINDOWS\system32\bszip.dll C:\WINDOWS\system32\mnurepvn.exe C:\WINDOWS\system32\vamfwdjd.exe ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-07-23 to 2007-08-23 ))))))))))))))))))))))))))))))) 2007-08-22 18:47 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-15 18:44 1,614,993 ---hs---- C:\WINDOWS\system32\dfhkj.bak2 2007-08-12 20:51 6,461 ---hs---- C:\WINDOWS\system32\dfhkj.bak1 2007-08-05 21:13 <DIR> d-------- C:\VundoFix Backups 2007-08-05 20:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-08-05 19:03 <DIR> d-------- C:\Program Files\Lavasoft 2007-08-05 19:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-08-05 19:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-01 20:10 <DIR> d-------- C:\Temp (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-01 20:05 --------- d-------- C:\DOCUME~1\DAVIDC~1\APPLIC~1\McAfee.com Personal Firewall 2007-06-26 08:13 851968 --------- C:\WINDOWS\system32\dllcache\vgx.dll 2007-06-26 07:35 665600 --------- C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-25 23:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 06:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-15 01:12 96256 --------- C:\WINDOWS\system32\dllcache\inseng.dll 2007-06-15 01:12 616960 --------- C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-15 01:12 55808 --------- C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-15 01:12 532480 --------- C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-15 01:12 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-06-15 01:12 449024 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-15 01:12 39424 --------- C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-06-15 01:12 357888 --------- C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-06-15 01:12 3064320 --------- C:\WINDOWS\system32\dllcache\mshtml.dll 2007-06-15 01:12 251904 --------- C:\WINDOWS\system32\dllcache\iepeers.dll 2007-06-15 01:12 205824 --------- C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-06-15 01:12 16384 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-15 01:12 151040 --------- C:\WINDOWS\system32\dllcache\cdfview.dll 2007-06-15 01:12 1498112 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-06-15 01:12 146432 --------- C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-15 01:12 1054208 --------- C:\WINDOWS\system32\dllcache\danim.dll 2007-06-15 01:12 1022976 --------- C:\WINDOWS\system32\dllcache\browseui.dll 2007-06-14 03:32 18432 --------- C:\WINDOWS\system32\dllcache\iedw.exe 2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe 2007-06-13 03:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe 2007-03-22 03:41:15 88 --sh--r C:\WINDOWS\system32\B687AFEF41.sys 2007-03-22 03:41:17 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35A305BB-D8FC-48E7-9F1D-29D76EAA8E84}] C:\WINDOWS\system32\jkhfd.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5DA7A373-E08B-43F4-B94C-157F56DE191A}] C:\WINDOWS\system32\jkhhg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9FA759E3-F9AF-4F47-A43B-2449C5E299D6}] C:\WINDOWS\system32\vtsqn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D518DB52-BCCA-41C8-8162-5A77D1D5A7DC}] C:\WINDOWS\system32\jkklm.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 09:17 C:\WINDOWS\stsystra.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 19:05] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 01:12] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-08-22 17:23] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58] "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 17:20] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44] "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 16:18] "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 20:02] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-07-01 17:22] "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2005-08-26 12:26] "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 17:05] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 03:20] "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [2005-07-12 16:06] "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 10:49] "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-08-18 15:52] "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 15:34] "Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 04:52] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 14:25] "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 14:45] "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-11-11 18:30] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "svhost"="C:\WINDOWS\svhost.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04] QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 09:59:36] SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2006-09-11 11:00:12] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-01-24 21:35:27] Wireless USB 2.0 WLAN Card Utility.lnk - C:\Program Files\Dell Wireless\PRISMCFG.exe [2006-08-22 17:17:17] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL] PRISMAPI.DLL 2005-12-22 18:08 450646 C:\WINDOWS\system32\PRISMAPI.dll R2 PRISMSVC;PRISMSVC;C:\WINDOWS\system32\PRISMSVC.EXE R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys R3 DELL_A02;Dell TrueMobile 1300 USB2.0 WLAN Card Driver;C:\WINDOWS\system32\DRIVERS\PRISMA02.sys Contents of the 'Scheduled Tasks' folder 2007-08-20 00:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe 2006-08-31 22:41:50 C:\WINDOWS\Tasks\ISP signup reminder 1.job - C:\WINDOWS\system32\OOBE\oobebaln.exe 2007-07-14 01:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (MDKIRK-Eric Cho).job - c:\program files\mcafee.com\vso\mcmnhdlr.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-22 18:52:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-22 18:53:49 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-22 18:53 --- E O F --- Logfile of HijackThis v1.99.1 Scan saved at 6:58:23 PM, on 8/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\WINDOWS\system32\PRISMSVC.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PRISMSVR.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\program files\mcafee.com\vso\mcvsshld.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Dell Wireless\PRISMCFG.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\David Cho\Desktop\HijackThis\scanner.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {35A305BB-D8FC-48E7-9F1D-29D76EAA8E84} - C:\WINDOWS\system32\jkhfd.dll (file missing) O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {5DA7A373-E08B-43F4-B94C-157F56DE191A} - C:\WINDOWS\system32\jkhhg.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {9FA759E3-F9AF-4F47-A43B-2449C5E299D6} - C:\WINDOWS\system32\vtsqn.dll (file missing) O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: (no name) - {D518DB52-BCCA-41C8-8162-5A77D1D5A7DC} - C:\WINDOWS\system32\jkklm.dll (file missing) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ? O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: PRISMAPI.DLL - C:\WINDOWS\SYSTEM32\PRISMAPI.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
Hi, Upload a File to Virustotal Please visit Virustotal * Click the Browse... button * Navigate to the file C:\WINDOWS\system32\B687AFEF41.sys * Click the Open button * Click the Send button * Copy and paste the results back here please. ------------------------------------------------------- Open HijackThis, click do a system scan only and checkmark these: O2 - BHO: (no name) - {35A305BB-D8FC-48E7-9F1D-29D76EAA8E84} - C:\WINDOWS\system32\jkhfd.dll (file missing) O2 - BHO: (no name) - {5DA7A373-E08B-43F4-B94C-157F56DE191A} - C:\WINDOWS\system32\jkhhg.dll (file missing) O2 - BHO: (no name) - {9FA759E3-F9AF-4F47-A43B-2449C5E299D6} - C:\WINDOWS\system32\vtsqn.dll (file missing) O2 - BHO: (no name) - {D518DB52-BCCA-41C8-8162-5A77D1D5A7DC} - C:\WINDOWS\system32\jkklm.dll (file missing) O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe" Close all windows including browser and press fix checked. -------------------------------------------------------------- Please Open notepad and copy/paste the text in the quotebox below into it: Save this as CFScript.txt Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below. This will start ComboFix again. After reboot (in case it asks to reboot), please download ATF Cleaner by Atribune. * Double-click ATF-Cleaner.exe to run the program. * Under Main choose: Select All * Click the Empty Selected button. If you use Firefox browser * Click Firefox at the top and choose: Select All * Click the Empty Selected button. * NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser * Click Opera at the top and choose: Select All * Click the Empty Selected button. * NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first. ------------------------------------------------------------- Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder. * Install AVG Anti-Spyware by double clicking the installer. * Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked. * On the main screen under Your Computer's security. * Click on Change state next to Resident shield. It should now change to inactive. * Click on Change state next to Automatic updates. It should now change to inactive. * Next to Last Update, click on Update now. (You will need an active internet connection to perform this) * Wait until you see the Update succesfull message. * Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows. * Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes. If you are having problems with the updater, you can use this link to manually update ewido. AVG Anti-Spyware manual updates. Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update. Reboot your computer in Safe Mode. * If the computer is running, shut down Windows, and then turn off the power. * Wait 30 seconds, and then turn the computer on. * Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again. * Ensure that the Safe Mode option is selected. * Press Enter. The computer then begins to start in Safe mode. * Login on your usual account. Once in Safe Mode: Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan. * Click on Scanner on the toolbar. * Click on the Settings tab. * Under How to act? * Click on Recommended Action and choose Quarantine from the popup menu. * Under How to scan? * All checkboxes should be ticked. * Under Possibly unwanted software: * All checkboxes should be ticked. * Under Reports: * Select Automatically generate report after every scan and uncheck Only if threats were found. * Under What to scan? * Select Scan every file. * Click on the Scan tab. * Click on Complete System Scan to start the scan process. * Let the program scan the machine. * When the scan has finished, follow the instructions below. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button. * Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2) *At the bottom of the window click on the Apply all Actions button. (3) * When done, click the Save Scan Report button. (4) *Click the Save Report as button. * Save the report to your Desktop. * Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes. Reboot back into Normal Mode post: virustotal results fresh HiJackThis log Combofix.txt AVG log
hilu, I can't find the file C:\WINDOWS\system32\B687AFEF41.sys - I even tried revealing all hidden files but still nothing. Should I just follow the rest of the instructions?
"If you use Firefox browser * Click Firefox at the top and choose: Select All * Click the Empty Selected button. * NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser * Click Opera at the top and choose: Select All * Click the Empty Selected button. * NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first. " What if I am using Internet Explorer?
Hi, Then do only this one: * Double-click ATF-Cleaner.exe to run the program. * Under Main choose: Select All *Click the Empty Selected button. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first.
