Spyware Protect 2009

Status
Not open for further replies.
Whirlwind

Whirlwind

Fully Optimized
Messages
2,400
Having some trouble....spyware protect 2009 pops up.. XP SP3.....here is my highjack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:32 AM, on 4/11/2009
Platform: Windows XP SP3 (WinNT

5.01.2600)
MSIE: Internet Explorer v8.00

(8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F22

7FCA9A08}\PIFSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.

exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcpr

oxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program

Files\ASUS\AASP\1.00.12\aaCenter.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Microsoft

Shared\Works Shared\WkUFind.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program

Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F22

7FCA9A08}\PIFSvc.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program

Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program

Files\Razer\Copperhead\razerofa.exe
C:\WINDOWS\sysguard.exe
C:\Program Files\Common Files\Microsoft

Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program

Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Trend

Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://att.net
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://att.net
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

Amazon.com: Online Shopping for Electronics, Apparel, Computers, Books, DVDs & more

9157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

Search Microsoft.com

4896
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

Search Microsoft.com

4896
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

Amazon.com: Online Shopping for Electronics, Apparel, Computers, Books, DVDs & more

9157
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,First Home Page =

http://downloads.yahoo.com/p/att/ie/welc

ome
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Window Title = Windows

Internet Explorer provided by Yahoo!
R1 -

HKCU\Software\Microsoft\Windows\CurrentV

ersion\Internet Settings,ProxyOverride =

127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program

Files\Yahoo!\Common\Companion\Installs\c

pn0\yt.dll
F2 - REG:system.ini:

UserInit=userinit.exe,C:\WINDOWS\system3

2\sdra64.exe,
O2 - BHO: Yahoo! Toolbar Helper -

{02478D38-C3F9-4EFB-9B51-7695ECA05670} -

C:\Program

Files\Yahoo!\Common\Companion\Installs\c

pn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: scriptproxy -

{7DB2D5A0-7241-4E79-B68D-6309F01C5231} -

C:\Program

Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper

- {DBC80044-A445-435b-BC74-9C25C1C588A9}

- C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_pl

ugin.dll
O2 - BHO: SidebarAutoLaunch Class -

{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} -

C:\Program

Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program

Files\Yahoo!\Common\Companion\Installs\c

pn0\yt.dll
O3 - Toolbar: Easy-WebPrint -

{327C2873-E90D-4c37-AA9D-10AC9BABA46C} -

C:\Program

Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program

Files\Analog Devices\SoundMAX\Smax4.exe"

/tray
O4 - HKLM\..\Run: [AsusServiceProvider]

C:\Program

Files\ASUS\AASP\1.00.12\aaCenter.exe
O4 - HKLM\..\Run: [AsusStartupHelp]

C:\Program

Files\ASUS\AASP\1.00.12\AsRunHelp.exe
O4 - HKLM\..\Run: [Launch Ai Booster]

"C:\Program Files\ASUS\AI

Booster\OverClk.exe"
O4 - HKLM\..\Run: [YBrowser]

C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01]

"C:\Program Files\SBC Yahoo!\Connection

Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program

Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works

Portfolio] C:\Program Files\Microsoft

Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works

Update Detection] C:\Program

Files\Common Files\Microsoft

Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CTHelper]

CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp]

CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg]

C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [razer] C:\Program

Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [Symantec PIF

AlertEng] "C:\Program Files\Common

Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F22

7FCA9A08}\PIFSvc.exe" /a /m "C:\Program

Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F22

7FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [mcagent_exe]

C:\Program

Files\McAfee.com\Agent\mcagent.exe

/runkey
O4 - HKLM\..\Run: [NvCplDaemon]

RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe

/install
O4 - HKLM\..\Run: [NvMediaCenter]

RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskb

arInit
O4 - HKLM\..\Run: [SunJavaUpdateSched]

"C:\Program

Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Opelawajurijaf]

rundll32.exe "C:\WINDOWS\uboyerez.dll",e
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager]

"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EX

E" -quiet
O4 - HKCU\..\Run: [DDC]

C:\WINDOWS\system32\apmjwttv.exe
O4 - HKCU\..\Run: [updateMgr]

"C:\Program Files\Adobe\Acrobat

7.0\Reader\AdobeUpdateManager.exe"

AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [system tool]

C:\WINDOWS\sysguard.exe
O4 - Global Startup: Adobe Reader Speed

Launch.lnk = C:\Program

Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft

Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works

Calendar Reminders.lnk = ?
O9 - Extra button: AT&T Yahoo! Services

- {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}

- C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Lite -

{B863453A-26C3-4e1f-A54D-A2CD196348E9} -

F:\Program Files\ICQLite\ICQLite.exe

(file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite -

{B863453A-26C3-4e1f-A54D-A2CD196348E9} -

F:\Program Files\ICQLite\ICQLite.exe

(file missing)
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:

@xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 -

{E59EB121-F339-4851-A3BA-FE49C35617C2} -

F:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 -

{E59EB121-F339-4851-A3BA-FE49C35617C2} -

F:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows

Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF:

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

(Installation Support) - C:\Program

Files\Yahoo!\Common\Yinsthelper20073151.

dll
O16 - DPF:

{D18F962A-3722-4B59-B08D-28BB9EB2281E}

(PhotosCtrl Class) -

http://photos.yahoo.com/ocx/us/yexplorer

1_9us.cab
O16 - DPF:

{F6ACF75C-C32C-447B-9BEF-46B766368D29}

(Creative Software AutoUpdate Support

Package) -

http://www.creative.com/su2/CTL_V02002/o

cx/15033/CTPID.cab
O23 - Service: Automatic LiveUpdate

Scheduler - Unknown owner - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSv

c.exe (file missing)
O23 - Service: InstallDriver Table

Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: Java Quick Starter

(JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service

(LicCtrlService) - Unknown owner -

C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate - Unknown

owner -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.E

XE (file missing)
O23 - Service: LiveUpdate Notice Service

Ex (LiveUpdate Notice Ex) - Unknown

owner - C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe (file

missing)
O23 - Service: LiveUpdate Notice Service

- Symantec Corporation - C:\Program

Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F22

7FCA9A08}\PIFSvc.exe
O23 - Service: McAfee Services

(mcmscsvc) - McAfee, Inc. -

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent

(McNASvc) - McAfee, Inc. -

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.

exe
O23 - Service: McAfee Scanner (McODS) -

McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service

(McProxy) - McAfee, Inc. -

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcpr

oxy.exe
O23 - Service: McAfee Real-time Scanner

(McShield) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards

(McSysmon) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall

Service (MpfService) - McAfee, Inc. -

C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver

Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner

- C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10191 bytes
 
I need you to run malwarebytes and then combofix and post both of their logs and post a new hijackthis log.
The programs can be found in my guide below

The log you postes is heard to read
 
Malwarebytes' Anti-Malware 1.36
Database version: 1966
Windows 5.1.2600 Service Pack 3

4/11/2009 11:38:46 AM
mbam-log-2009-04-11 (11-38-46).txt

Scan type: Quick Scan
Objects scanned: 84132
Time elapsed: 11 minute(s), 43 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 6
Files Infected: 17

Memory Processes Infected:
C:\WINDOWS\sysguard.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7545d8c8-f53c-4e2f-8fa0-d248ef4a6e61} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e1b2879-88ff-11d3-8d96-d7acac95951a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2e9d4c81-9f27-4c14-b804-7b0f6bc88a4f} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f6581d5-aa53-4b73-a6f9-41420c6b61f1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CAC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\xipinit_dlls (Spyware.Agent.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\opelawajurijaf (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system tool (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: modiclgr.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Joe Hadrosky\Application Data\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joe Hadrosky\Application Data\SpywareBot\Log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joe Hadrosky\Application Data\SpywareBot\Quarantine (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joe Hadrosky\Application Data\SpywareBot\Registry Backups (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joe Hadrosky\Application Data\SpywareBot\Settings (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.Data) -> Delete on reboot.

Files Infected:
C:\WINDOWS\modiclgr.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joe Hadrosky\Application Data\SpywareBot\Log\2007 Jun 27 - 10_23_45 PM_812.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joe Hadrosky\Application Data\SpywareBot\Log\2007 Jun 27 - 10_23_45 PM_937.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joe Hadrosky\Application Data\SpywareBot\Log\2007 Jun 27 - 10_23_50 PM_171.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joe Hadrosky\Application Data\SpywareBot\Log\2007 Jun 27 - 10_23_50 PM_218.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joe Hadrosky\Application Data\SpywareBot\Settings\CustomScan.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joe Hadrosky\Application Data\SpywareBot\Settings\IgnoreList.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joe Hadrosky\Application Data\SpywareBot\Settings\ScanInfo.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joe Hadrosky\Application Data\SpywareBot\Settings\SelectedFolders.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joe Hadrosky\Application Data\SpywareBot\Settings\Settings.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.Data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.Data) -> Delete on reboot.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\uboyerez.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\sysguard.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.
 
ComboFix 09-04-04.01 - Joe Hadrosky 2009-04-11 12:00:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2870 [GMT -4:00]
Running from: c:\documents and settings\Joe Hadrosky\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\cs_cache.ini
c:\windows\patch.exe
c:\windows\system32\ahbdnekb.ini
c:\windows\system32\axneiisy.ini
c:\windows\system32\dumphive.exe
c:\windows\system32\fafcajgf.ini
c:\windows\system32\gfikqkma.ini
c:\windows\system32\H1
c:\windows\system32\H2
c:\windows\system32\H3
c:\windows\system32\H4
c:\windows\system32\H5
c:\windows\system32\hlotmrfq.ini
c:\windows\system32\hptcmwjy.ini
c:\windows\system32\npcnwlit.ini
c:\windows\system32\o02PrEz
c:\windows\system32\ofbeoutx.ini
c:\windows\system32\Plugins
c:\windows\system32\Plugins\FastShareMem.pas
c:\windows\system32\Plugins\readme for developers.txt
c:\windows\system32\Plugins\TestPlugin.dpr
c:\windows\system32\raewhpeg.ini
c:\windows\system32\rbqpinhh.ini
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\tmp55.tmp
c:\windows\system32\trppjqrw.ini
c:\windows\system32\tyvgpxns.ini
c:\windows\system32\ugmskxop.ini
c:\windows\system32\uvnnbdal.ini
c:\windows\system32\vctlager.ini
c:\windows\system32\viygwnsa.ini
c:\windows\system32\wapisvcc32.exe
c:\windows\system32\win
c:\windows\system32\xcjxghke.ini
c:\windows\system32\xrptiswe.ini

.
((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.

2009-04-11 11:23 . 2009-04-11 11:23 <DIR> d-------- c:\documents and settings\Joe Hadrosky\Application Data\Malwarebytes
2009-04-11 11:23 . 2009-04-11 11:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-11 11:23 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-11 11:23 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-11 09:45 . 2009-04-11 09:45 <DIR> d-------- c:\program files\Trend Micro
2009-04-11 09:40 . 2009-04-11 09:40 408 --a------ c:\windows\Xcazapevafiyup.dat
2009-04-11 09:40 . 2009-04-11 09:40 0 --a------ c:\windows\Rrabamecusuram.bin
2009-04-03 18:50 . 2009-04-03 18:50 0 --a------ c:\windows\PowerReg.dat
2009-04-03 12:30 . 2009-04-03 12:30 <DIR> d--hs---- c:\windows\system32\config\systemprofile\IETldCache
2009-04-03 08:47 . 2009-04-03 08:47 <DIR> d--hs---- c:\documents and settings\Joe Hadrosky\IETldCache
2009-04-03 08:43 . 2009-04-03 08:43 <DIR> d--hs---- c:\documents and settings\NetworkService\IETldCache
2009-04-03 08:28 . 2009-04-03 08:28 <DIR> d-------- c:\windows\ie8updates
2009-04-03 08:26 . 2009-04-03 08:26 <DIR> d--h-c--- c:\windows\ie8
2009-04-03 08:25 . 2009-04-03 08:28 <DIR> d--h----- c:\windows\msdownld.tmp
2009-04-03 08:24 . 2009-02-28 00:55 105,984 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-04-02 19:15 . 2009-04-02 20:19 <DIR> d-------- c:\documents and settings\Joe Hadrosky\Application Data\SEGA
2009-04-01 19:47 . 2009-04-01 19:47 <DIR> d--h----- c:\windows\PIF
2009-03-31 17:03 . 2009-03-31 17:03 271,360 --a------ c:\windows\system32\drivers\atksgt.sys
2009-03-31 17:03 . 2009-03-31 17:03 18,048 --a------ c:\windows\system32\drivers\lirsgt.sys
2009-03-21 09:02 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-21 09:02 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-03-21 09:02 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-20 13:47 . 2009-03-20 13:47 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-03-17 13:28 . 2009-03-17 13:28 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Xfire
2009-03-17 13:25 . 2009-03-20 17:28 <DIR> d-------- c:\documents and settings\Joe Hadrosky\Application Data\Xfire
2009-03-11 17:15 . 2009-03-11 17:15 <DIR> d-------- c:\windows\system32\IOSUBSYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 15:40 2,169 --sha-w c:\windows\system32\mmf.sys
2009-04-04 00:12 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-03 23:52 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-03 22:48 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-01 12:35 --------- d-----w c:\program files\Java
2009-03-14 02:04 --------- d-----w c:\documents and settings\Joe Hadrosky\Application Data\Amazon
2009-03-09 09:19 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 08:34 914,944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:33 18,944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:32 72,704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 45,568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:31 34,816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:22 156,160 ----a-w c:\windows\system32\msls31.dll
2009-02-26 18:47 42,320 ----a-w c:\windows\system32\xfcodec.dll
2009-02-24 14:07 --------- d-----w c:\program files\AGEIA Technologies
2009-02-22 15:22 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-22 00:41 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2009-02-21 14:14 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-21 01:40 201,440 ----a-w c:\windows\system32\PnkBstrB.exe
2009-02-21 01:40 138,512 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-15 00:14 54,512 ----a-w c:\documents and settings\Joe Hadrosky\Application Data\GDIPFONTCACHEV1.DAT
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-01-16 23:24 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
2009-01-15 13:19 453,152 ----a-w c:\windows\system32\nvudisp.exe
2008-10-25 16:07 22,328 ----a-w c:\documents and settings\Joe Hadrosky\Application Data\PnkBstrK.sys
2007-10-30 20:44 1 ----a-w c:\documents and settings\Joe Hadrosky\SI.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusServiceProvider"="c:\program files\ASUS\AASP\1.00.12\aaCenter.exe" [2006-10-23 593920]
"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.12\AsRunHelp.exe" [2006-10-30 362496]
"Launch Ai Booster"="c:\program files\ASUS\AI Booster\OverClk.exe" [2006-07-24 3712512]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"IPInSightMonitor 01"="c:\program files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 98304]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2001-10-05 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-10-08 155648]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"CTHelper"="CTHELPER.EXE" [2006-08-17 c:\windows\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 c:\windows\system32\CTXFIHLP.EXE]
"nwiz"="nwiz.exe" [2009-02-09 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"SFCDisable"=dword:00000004

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.msrt24"= msrt24.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"f:\\UT2004\\System\\UT2004.exe"=
"f:\\Program Files\\Microsoft Games\\Links 2003\\LinksMMIII.exe"=
"f:\\Papyrus\\NASCAR Racing 2003 Season\\server.exe"=
"f:\\Program Files\\Sierra\\SWAT 4\\Content\\System\\Swat4.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"f:\\Program Files\\Steam\\steamapps\\gridironwhirlwind\\counter-strike source\\hl2.exe"=
"f:\\Program Files\\ICQ6\\ICQ.exe"=
"f:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"f:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"f:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"f:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"f:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"f:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Bethesda Softworks\\Fallout 3\\Fallout3.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\nba 2k9\\nba2k9.exe"=
"f:\\Program Files\\Xfire\\Xfire.exe"=

R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2007-08-18 2560]
S3 cdrmkaun;cdrmkaun;\??\c:\docume~1\JOEHAD~1\LOCALS~1\Temp\cdrmkaun.sys --> c:\docume~1\JOEHAD~1\LOCALS~1\Temp\cdrmkaun.sys [?]
S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [2007-04-25 19020]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50d69b68-1bde-11de-8476-000ea6f1aed6}]
\Shell\AutoRun\command - JDSecure\Windows\JDSecure31.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2008-12-16 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 14:32]

2008-12-16 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 14:32]

2008-07-29 c:\windows\Tasks\SpywareBot Scheduled Scan.job
- c:\program files\SpywareBot\SpywareBot.exe []

2008-07-29 c:\windows\Tasks\SpywareBot Scheduled Scan.job
- c:\program files\SpywareBot []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.net
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = 127.0.0.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 12:01:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-606747145-436374069-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:60,65,df,4b,68,00,75,58,bd,f5,ca,48,65,57,59,e5,92,99,d9,5d,6a,31,60,
d1,16,ce,7c,b5,f5,38,31,35,64,9f,b7,e3,4c,72,a0,b2,d8,0f,d1,cd,d5,0a,df,b8,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_USERS\S-1-5-21-606747145-436374069-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:ef,8b,54,6d,56,84,b9,53,b8,55,6b,19,97,a8,f2,68,24,50,6e,d7,b7,
da,bc,0d,3c,5f,a3,c2,76,eb,82,e4,ef,1a,52,d9,40,fe,2c,0a,67,ba,b2,20,dc,5c,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,42,54,3b,7e,24,3e,19,f8
"2"=hex:f1,df,16,de,80,08,0e,2a,d1,38,b5,6f,94,ca,dc,d2,b3,e8,d2,40,6c,6f,61,
5e,d2,5e,7f,21,14,b5,b2,29
"3"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,f2,55,76,c8,bc,53,92,25,3f,d1,b6,bc,00,35,73,43,96,90,79,f6,5b,97,35,47,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\3A71B9BC7A708556C64E1FFE8777C71C]
"1"=hex:c0,52,20,b1,47,91,30,5f,58,6a,ea,d4,ff,71,4b,c6,a8,87,6f,5a,78,c6,5d,
5b,22,26,64,2f,88,eb,a4,7b
"2"=hex:fe,b7,95,5f,e9,3b,46,76
"3"=hex:fd,c1,9a,d3,15,80,ad,e0,a0,78,1d,e9,40,48,f4,be,20,08,85,90,a3,d3,db,
e3,0c,d3,56,57,08,ff,c3,f3,c3,0c,90,bb,61,ba,dc,de,22,2d,37,52,38,b5,fd,12,\
"4"=hex:5f,ae,01,a6,9f,b8,2c,f3
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:9c,0f,26,c5,43,55,e2,9e,79,40,de,a7,ca,bc,f3,99,99,4d,91,38,55,4f,0b,
a5,8f,9b,e5,fc,d6,5f,45,dd,f6,df,ab,53,85,3c,a2,16,6d,58,d5,44,e1,b2,db,fb,\
"8"=hex:a8,38,0a,c8,17,00,07,c2,aa,6c,72,5a,76,14,00,db,10,1d,48,9f,3d,05,05,
64,85,ef,c5,60,88,ac,c8,72,8a,05,fa,da,38,72,24,c4,82,8c,97,25,ca,94,e7,ae,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:3d,7b,8c,93,7f,aa,3a,8c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
Completion time: 2009-04-11 12:03:19
ComboFix-quarantined-files.txt 2009-04-11 16:03:17

Pre-Run: 26,162,819,072 bytes free
Post-Run: 27,727,929,344 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

271 --- E O F --- 2009-04-01 03:03:09
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:06 PM, on 4/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9233 bytes
 
Much better


Remove

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe (file missing)

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe (file missing)


Hows your system running now?
 
thanks a million man.....so far I have not had the scan window pop up and the security alert in the task bar is not there...so so far...so good
 
where do i remove these from

Remove

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe (file missing)

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe (file mis
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
R
Please Help
Replies
3
Views
3K
carnageX
carnageX
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
Back
Top Bottom