1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Google links rediected

Discussion in 'Malware and Virus Removal Archive' started by 42question, 2008/08/24.

  1. 2008/08/24
    42question

    42question Inactive Thread Starter

    Joined:
    2008/08/24
    Messages:
    4
    Likes Received:
    0
    Every time I search using google or yahoo the links take me to the wrong sites. I use IE but, now it is even messing with firefox. McAfee says nothing wrong. I have no idea where to start to fix this problem. thanks for any help you can give.

    this is the hijack this log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:50:12 PM, on 8/23/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\SiteAdvisor\6261\SAService.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Program Files\Maxtor\OneTouch\Utils\MaxSync.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
    C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
    C:\WALTDCS\wallchanger.exe
    D:\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
    C:\Program Files\Safari\Safari.exe
    C:\Hijack this\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?

    TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?

    TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

    Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program

    Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {FB4940FA-4156-4952-B7F0-6721F9E5AC3B} - (no file)
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh

    Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe "
    O4 - HKLM\..\Run: [Wallchanger] C:\WALTDCS\wallchanger.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07

    \bin\ssv.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1

    \SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

    http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{34A14E28-941D-4C2A-A075-6B2A1A80A2CE}: NameServer = 192.168.2.1,205.171.2.65,205.171.3.65
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DFAAEC78-1242-4EFC-A92C-83B0B510E9C7}: NameServer = 192.168.2.1,205.171.2.65,205.171.3.65
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 192.168.2.1 205.171.2.65,205.171.3.65
    O17 - HKLM\System\CS1\Services\Tcpip\..\{34A14E28-941D-4C2A-A075-6B2A1A80A2CE}: NameServer = 192.168.2.1,205.171.2.65,205.171.3.65
    O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 192.168.2.1 205.171.2.65,205.171.3.65
    O17 - HKLM\System\CS4\Services\Tcpip\..\{34A14E28-941D-4C2A-A075-6B2A1A80A2CE}: NameServer = 192.168.2.1,205.171.2.65,205.171.3.65
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.2.1 205.171.2.65,205.171.3.65
    O20 - Winlogon Notify: cbxwust - cbxwust.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device

    Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

    Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program

    Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120

    \StarWind\StarWindServiceAE.exe

    --
    End of file - 11974 bytes
     
    42question,
    #1
  2. 2008/08/24
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS 42question :)

    Download ComboFix by sUBs from here, saving the file to your desktop.

    Important! ComboFix.exe must be on your desktop!


    Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

    • Close all open programs and windows
    • Click Start>Run and type or paste the following command.

      "%userprofile%\desktop\combofix.exe" /skipfix

    • ComboFix will run ..... follow the prompts.
    • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2008/08/24
    42question

    42question Inactive Thread Starter

    Joined:
    2008/08/24
    Messages:
    4
    Likes Received:
    0
    ComboFix 08-08-23.03 - Stephen Jeffers 2008-08-24 0:21:58.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.516 [GMT -7:00]
    Running from: C:\Documents and Settings\Stephen Jeffers.CABOOSE.000\desktop\combofix.exe
    Command switches used :: /skipfix

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    - REDUCED FUNCTIONALITY MODE -
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\SunPorn
    C:\Program Files\SunPorn\unins000.dat
    C:\Program Files\SunPorn\unins000.exe
    C:\WINDOWS\system32\drivers\msliksurserv.sys
    C:\WINDOWS\system32\msliksurcredo.dll
    C:\WINDOWS\system32\msliksurdns.dll
    D:\Autorun.inf
    E:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))
    .

    2008-08-23 21:48 . 2008-08-24 00:11 <DIR> d-------- C:\Hijack this
    2008-08-14 05:39 . 2008-05-01 07:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
    2008-08-14 05:36 . 2008-04-11 12:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2008-08-13 11:05 . 2008-08-13 11:05 <DIR> d-------- C:\Documents and Settings\Stephen Jeffers.CABOOSE.000\Application Data\InstallShield
    2008-08-12 00:13 . 2008-08-12 00:13 <DIR> d-------- C:\Documents and Settings\Stephen Jeffers.CABOOSE.000\Application Data\Windows Search
    2008-08-11 00:03 . 2008-08-11 00:03 <DIR> d-------- C:\Documents and Settings\Stephen Jeffers.CABOOSE.000\Application Data\Windows Desktop Search
    2008-08-11 00:02 . 2008-08-11 00:02 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
    2008-08-11 00:02 . 2008-08-11 00:02 <DIR> d-------- C:\Program Files\Windows Desktop Search
    2008-08-11 00:01 . 2008-03-07 10:02 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll
    2008-08-11 00:01 . 2008-03-07 10:02 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll
    2008-08-11 00:01 . 2008-03-07 10:02 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll
    2008-08-10 17:05 . 2008-08-10 17:05 <DIR> d-------- C:\WINDOWS\ServicePackFiles
    2008-08-10 00:46 . 2008-08-10 17:09 <DIR> d-------- C:\WINDOWS\system32\scripting
    2008-08-10 00:46 . 2008-08-10 17:09 <DIR> d-------- C:\WINDOWS\system32\en
    2008-08-10 00:46 . 2008-08-10 17:09 <DIR> d-------- C:\WINDOWS\system32\bits
    2008-08-10 00:46 . 2008-08-10 17:09 <DIR> d-------- C:\WINDOWS\l2schemas
    2008-08-10 00:33 . 2008-04-13 17:09 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
    2008-08-10 00:22 . 2008-04-13 17:12 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
    2008-08-10 00:21 . 2008-04-13 17:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
    2008-08-10 00:20 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
    2008-08-10 00:19 . 2008-04-13 17:11 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-24 07:31 --------- d-----w C:\Documents and Settings\Stephen Jeffers.CABOOSE.000\Application Data\uTorrent
    2008-08-24 04:18 --------- d-----w C:\Documents and Settings\Stephen Jeffers.CABOOSE.000\Application Data\Apple Computer
    2008-08-23 06:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-08-21 00:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
    2008-08-20 06:05 --------- d-----w C:\Program Files\Magic Music Editor
    2008-08-20 04:04 --------- d-----w C:\Program Files\McAfee
    2008-08-17 15:10 --------- d-----w C:\Documents and Settings\Stephen Jeffers.CABOOSE.000\Application Data\U3
    2008-08-13 18:05 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-08-13 18:02 --------- d-----w C:\Program Files\HP
    2008-08-13 06:42 --------- d-----w C:\Program Files\Bonjour
    2008-08-13 05:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-09 06:35 --------- d-----w C:\Program Files\Apple Software Update
    2008-08-04 07:09 --------- d-----w C:\Documents and Settings\Stephen Jeffers.CABOOSE.000\Application Data\SiteAdvisor
    2008-08-01 20:02 --------- d-----w C:\Program Files\iPod
    2008-07-23 07:03 --------- d-----w C:\Program Files\DivX
    2008-07-14 18:05 --------- d-----w C:\Program Files\Java
    2008-07-12 03:20 --------- d-----w C:\Program Files\QuickTime
    2008-07-12 03:06 --------- d-----w C:\Program Files\Safari
    2008-07-10 16:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
    2008-07-07 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-08 02:35 211 ----a-w C:\Program Files\Shortcut to CD Drive.lnk
    2007-07-06 16:25 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2003-01-13 18:20 278,528 ------w C:\Program Files\internet explorer\plugins\PanoViewer.dll
    1999-04-30 23:00 98,304 ------w C:\Program Files\internet explorer\plugins\UPjpeg.dll
    2008-02-15 14:59 297,965 --sha-w C:\WINDOWS\system32\ijkmp.ini2
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]
    "AlcoholAutomount "= "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 09:49 217544]
    "uTorrent "= "C:\Program Files\uTorrent\uTorrent.exe" [2008-08-18 20:48 267056]
    "SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray "= "C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:56 64512]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 21:05 344064]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
    "SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:27 1015808]
    "QPService "= "C:\Program Files\HP\QuickPlay\QPService.exe" [2005-12-12 11:39 94208]
    "eabconfg.cpl "= "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 08:57 405504]
    "Cpqset "= "C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 14:26 233534]
    "RecGuard "= "C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]
    "hpWirelessAssistant "= "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 16:45 507904]
    "MaxtorOneTouch "= "C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 15:04 712704]
    "mxomssmenu "= "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 16:24 81920]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-20 22:06 185896]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "SynTPStart "= "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
    "mcagent_exe "= "C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
    "SiteAdvisor "= "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 14:57 36640]
    "Wallchanger "= "C:\WALTDCS\wallchanger.exe" [2002-01-13 13:55 90112]
    "AppleSyncNotifier "= "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
    "iTunesHelper "= "D:\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
    HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 01:39:30 73728]
    Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 22:19:14 123904]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle "= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme "= C:\WINDOWS\Resources\Themes\Royale.theme

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420 "= i420vfw.dll
    "msacm.divxa32 "= msaud32_divx.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\pmkji.dll
    Notification Packages REG_MULTI_SZ scecli scecli

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
    "C:\\Program Files\\uTorrent\\uTorrent.exe "=
    "C:\\Program Files\\Messenger\\msmsgs.exe "=
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
    "C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe "=
    "D:\\iTunes\\iTunes.exe "=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe "=

    R3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 15:01]
    R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 15:06]
    R3 MAC607;MAC607 Filter;C:\WINDOWS\system32\DRIVERS\MAC607.sys [2007-06-24 23:35]
    S3 XBox;XBox Filter;C:\WINDOWS\system32\DRIVERS\XBox.sys [2007-06-24 23:36]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\W]
    \Shell\AutoRun\command - W:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa9bfc3c-b335-11dc-8c3c-0014a5a5097b}]
    \Shell\AutoRun\command - W:\LaunchU3.exe -a
    .
    Contents of the 'Scheduled Tasks' folder

    2008-08-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2008-08-15 C:\WINDOWS\Tasks\McDefragTask.job
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

    2008-08-01 C:\WINDOWS\Tasks\McQcTask.job
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

    2008-08-24 C:\WINDOWS\Tasks\User_Feed_Synchronization-{881A4233-E2A3-4B61-B385-4EE5736C15B3}.job
    - C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 11:58]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-ISUSPM Startup - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    HKLM-Run-ISUSScheduler - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    Notify-cbxwust - cbxwust.dll


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Stephen Jeffers.CABOOSE.000\Application Data\Mozilla\Firefox\Profiles\cygan971.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    .
    .
    ------- File Associations (Beta) -------
    .
    JSEFile=C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
    VBEFile=C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
    VBSFile=C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-24 00:28:55
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?6?4?4??????? ???B?????????????hLC? ??????

    scanning hidden files ...


    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\SiteAdvisor\6261\saHook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
    C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
    C:\Program Files\McAfee\MPF\MpfSrv.exe
    C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
    C:\Program Files\SiteAdvisor\6261\SAService.exe
    C:\Program Files\Maxtor\OneTouch\Utils\MaxSync.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\searchindexer.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\PROGRA~1\HPQ\shared\HPQTOA~1.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
    C:\WINDOWS\system32\searchprotocolhost.exe
    C:\WINDOWS\system32\searchfilterhost.exe
    .
    **************************************************************************
    .
    Completion time: 2008-08-24 0:40:54 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-08-24 07:39:48

    Pre-Run: 9,662,177,280 bytes free
    Post-Run: 9,847,382,016 bytes free

    247 --- E O F --- 2008-08-15 03:20:28











    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:49:52 AM, on 8/24/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
    C:\Program Files\SiteAdvisor\6261\SAService.exe
    C:\Program Files\Maxtor\OneTouch\Utils\MaxSync.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
    C:\WALTDCS\wallchanger.exe
    D:\iTunes\iTunesHelper.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\explorer.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Hijack this\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe "
    O4 - HKLM\..\Run: [Wallchanger] C:\WALTDCS\wallchanger.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe "
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{34A14E28-941D-4C2A-A075-6B2A1A80A2CE}: NameServer = 192.168.2.1,205.171.2.65,205.171.3.65
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DFAAEC78-1242-4EFC-A92C-83B0B510E9C7}: NameServer = 192.168.2.1,205.171.2.65,205.171.3.65
    O17 - HKLM\System\CS1\Services\Tcpip\..\{34A14E28-941D-4C2A-A075-6B2A1A80A2CE}: NameServer = 192.168.2.1,205.171.2.65,205.171.3.65
    O17 - HKLM\System\CS4\Services\Tcpip\..\{34A14E28-941D-4C2A-A075-6B2A1A80A2CE}: NameServer = 192.168.2.1,205.171.2.65,205.171.3.65
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 11105 bytes
     
    42question,
    #3
  5. 2008/08/24
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Lets do a full run with ComboFix now. Once again, please disable any realtime protection applications.

    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
    noahdfear,
    #4
  6. 2008/08/24
    42question

    42question Inactive Thread Starter

    Joined:
    2008/08/24
    Messages:
    4
    Likes Received:
    0
    ComboFix 08-08-23.03 - Stephen Jeffers 2008-08-24 8:10:46.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.425 [GMT -7:00]
    Running from: C:\Documents and Settings\Stephen Jeffers.CABOOSE.000\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Stephen Jeffers.CABOOSE.000\Application Data\macromedia\Flash Player\#SharedObjects\RXZNDE5J\interclick.com
    C:\Documents and Settings\Stephen Jeffers.CABOOSE.000\Application Data\macromedia\Flash Player\#SharedObjects\RXZNDE5J\interclick.com\ud.sol
    C:\Documents and Settings\Stephen Jeffers.CABOOSE.000\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
    C:\Documents and Settings\Stephen Jeffers.CABOOSE.000\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
    C:\Documents and Settings\Stephen Jeffers.CABOOSE.000\Cookies\stephen_jeffers@my.clearchannelradio[1].txt
    C:\WINDOWS\system32\ijkmp.ini
    C:\WINDOWS\system32\ijkmp.ini2

    .
    ((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))
    .

    2008-08-23 21:48 . 2008-08-24 00:49 <DIR> d-------- C:\Hijack this
    2008-08-14 05:39 . 2008-05-01 07:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
    2008-08-14 05:36 . 2008-04-11 12:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2008-08-13 11:05 . 2008-08-13 11:05 <DIR> d-------- C:\Documents and Settings\Stephen Jeffers.CABOOSE.000\Application Data\InstallShield
    2008-08-12 00:13 . 2008-08-12 00:13 <DIR> d-------- C:\Documents and Settings\Stephen Jeffers.CABOOSE.000\Application Data\Windows Search
    2008-08-11 00:03 . 2008-08-11 00:03 <DIR> d-------- C:\Documents and Settings\Stephen Jeffers.CABOOSE.000\Application Data\Windows Desktop Search
    2008-08-11 00:02 . 2008-08-11 00:02 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
    2008-08-11 00:02 . 2008-08-11 00:02 <DIR> d-------- C:\Program Files\Windows Desktop Search
    2008-08-11 00:01 . 2008-03-07 10:02 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll
    2008-08-11 00:01 . 2008-03-07 10:02 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll
    2008-08-11 00:01 . 2008-03-07 10:02 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll
    2008-08-10 17:05 . 2008-08-10 17:05 <DIR> d-------- C:\WINDOWS\ServicePackFiles
    2008-08-10 00:46 . 2008-08-10 17:09 <DIR> d-------- C:\WINDOWS\system32\scripting
    2008-08-10 00:46 . 2008-08-10 17:09 <DIR> d-------- C:\WINDOWS\system32\en
    2008-08-10 00:46 . 2008-08-10 17:09 <DIR> d-------- C:\WINDOWS\system32\bits
    2008-08-10 00:46 . 2008-08-10 17:09 <DIR> d-------- C:\WINDOWS\l2schemas
    2008-08-10 00:33 . 2008-04-13 17:09 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
    2008-08-10 00:22 . 2008-04-13 17:12 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
    2008-08-10 00:21 . 2008-04-13 17:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
    2008-08-10 00:20 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
    2008-08-10 00:19 . 2008-04-13 17:11 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-24 15:07 --------- d-----w C:\Documents and Settings\Stephen Jeffers.CABOOSE.000\Application Data\uTorrent
    2008-08-24 04:18 --------- d-----w C:\Documents and Settings\Stephen Jeffers.CABOOSE.000\Application Data\Apple Computer
    2008-08-23 06:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-08-21 00:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
    2008-08-20 06:05 --------- d-----w C:\Program Files\Magic Music Editor
    2008-08-20 04:04 --------- d-----w C:\Program Files\McAfee
    2008-08-17 15:10 --------- d-----w C:\Documents and Settings\Stephen Jeffers.CABOOSE.000\Application Data\U3
    2008-08-13 18:05 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-08-13 18:02 --------- d-----w C:\Program Files\HP
    2008-08-13 06:42 --------- d-----w C:\Program Files\Bonjour
    2008-08-13 05:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-09 06:35 --------- d-----w C:\Program Files\Apple Software Update
    2008-08-04 07:09 --------- d-----w C:\Documents and Settings\Stephen Jeffers.CABOOSE.000\Application Data\SiteAdvisor
    2008-08-01 20:02 --------- d-----w C:\Program Files\iPod
    2008-07-23 07:03 --------- d-----w C:\Program Files\DivX
    2008-07-14 18:05 --------- d-----w C:\Program Files\Java
    2008-07-12 03:20 --------- d-----w C:\Program Files\QuickTime
    2008-07-12 03:06 --------- d-----w C:\Program Files\Safari
    2008-07-10 16:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
    2008-07-07 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-08 02:35 211 ----a-w C:\Program Files\Shortcut to CD Drive.lnk
    2007-07-06 16:25 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2003-01-13 18:20 278,528 ------w C:\Program Files\internet explorer\plugins\PanoViewer.dll
    1999-04-30 23:00 98,304 ------w C:\Program Files\internet explorer\plugins\UPjpeg.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-24_ 0.39.23.62 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    - 2008-08-24 04:09:54 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-08-24 15:06:43 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2008-08-24 04:09:54 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-08-24 15:06:43 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2008-08-24 04:09:54 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-24 15:06:43 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]
    "AlcoholAutomount "= "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 09:49 217544]
    "SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray "= "C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:56 64512]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 21:05 344064]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
    "SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:27 1015808]
    "QPService "= "C:\Program Files\HP\QuickPlay\QPService.exe" [2005-12-12 11:39 94208]
    "eabconfg.cpl "= "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 08:57 405504]
    "Cpqset "= "C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 14:26 233534]
    "RecGuard "= "C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]
    "hpWirelessAssistant "= "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 16:45 507904]
    "MaxtorOneTouch "= "C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 15:04 712704]
    "mxomssmenu "= "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 16:24 81920]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-20 22:06 185896]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "SynTPStart "= "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
    "mcagent_exe "= "C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
    "SiteAdvisor "= "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 14:57 36640]
    "Wallchanger "= "C:\WALTDCS\wallchanger.exe" [2002-01-13 13:55 90112]
    "AppleSyncNotifier "= "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
    "iTunesHelper "= "D:\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
    HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 01:39:30 73728]
    Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 22:19:14 123904]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle "= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme "= C:\WINDOWS\Resources\Themes\Royale.theme

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420 "= i420vfw.dll
    "msacm.divxa32 "= msaud32_divx.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli scecli

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
    "C:\\Program Files\\uTorrent\\uTorrent.exe "=
    "C:\\Program Files\\Messenger\\msmsgs.exe "=
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
    "C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe "=
    "D:\\iTunes\\iTunes.exe "=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe "=

    R3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 15:01]
    R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 15:06]
    R3 MAC607;MAC607 Filter;C:\WINDOWS\system32\DRIVERS\MAC607.sys [2007-06-24 23:35]
    S3 XBox;XBox Filter;C:\WINDOWS\system32\DRIVERS\XBox.sys [2007-06-24 23:36]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\W]
    \Shell\AutoRun\command - W:\LaunchU3.exe -a
    .
    Contents of the 'Scheduled Tasks' folder

    2008-08-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2008-08-15 C:\WINDOWS\Tasks\McDefragTask.job
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

    2008-08-01 C:\WINDOWS\Tasks\McQcTask.job
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

    2008-08-24 C:\WINDOWS\Tasks\User_Feed_Synchronization-{881A4233-E2A3-4B61-B385-4EE5736C15B3}.job
    - C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 11:58]
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Stephen Jeffers.CABOOSE.000\Application Data\Mozilla\Firefox\Profiles\cygan971.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    .
    .
    ------- File Associations (Beta) -------
    .
    JSEFile=C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
    VBEFile=C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
    VBSFile=C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-24 08:18:04
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????????P??|?????? ???B?????????????hLC? ??????

    scanning hidden files ...


    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\SiteAdvisor\6261\saHook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
    C:\Program Files\McAfee\MPF\MpfSrv.exe
    C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
    C:\Program Files\SiteAdvisor\6261\SAService.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\searchindexer.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\PROGRA~1\HPQ\shared\HPQTOA~1.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
    C:\WINDOWS\system32\searchprotocolhost.exe
    C:\WINDOWS\system32\searchfilterhost.exe
    .
    **************************************************************************
    .
    Completion time: 2008-08-24 8:28:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-08-24 15:27:21
    ComboFix2.txt 2008-08-24 07:40:55

    Pre-Run: 9,826,009,088 bytes free
    Post-Run: 9,740,562,432 bytes free

    244 --- E O F --- 2008-08-15 03:20:28







    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:36:57 AM, on 8/24/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
    C:\Program Files\SiteAdvisor\6261\SAService.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
    C:\WALTDCS\wallchanger.exe
    D:\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\explorer.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Hijack this\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe "
    O4 - HKLM\..\Run: [Wallchanger] C:\WALTDCS\wallchanger.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{34A14E28-941D-4C2A-A075-6B2A1A80A2CE}: NameServer = 192.168.2.1,205.171.2.65,205.171.3.65
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DFAAEC78-1242-4EFC-A92C-83B0B510E9C7}: NameServer = 192.168.2.1,205.171.2.65,205.171.3.65
    O17 - HKLM\System\CS1\Services\Tcpip\..\{34A14E28-941D-4C2A-A075-6B2A1A80A2CE}: NameServer = 192.168.2.1,205.171.2.65,205.171.3.65
    O17 - HKLM\System\CS4\Services\Tcpip\..\{34A14E28-941D-4C2A-A075-6B2A1A80A2CE}: NameServer = 192.168.2.1,205.171.2.65,205.171.3.65
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 10965 bytes
     
    42question,
    #5
  7. 2008/08/24
    42question

    42question Inactive Thread Starter

    Joined:
    2008/08/24
    Messages:
    4
    Likes Received:
    0
    thanks the problem has been fixed
     
    42question,
    #6
  8. 2008/08/24
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Looks good. Lets check for remnants. Download ATF Cleaner by Atribune and save it to your Desktop.
    • Double click ATF-Cleaner.exe to run the program.
    • Check the boxes to the left of:

      • Windows Temp
      • Current User Temp
      • All Users Temp
      • Temporary Internet Files
      • Prefetch
      • Java Cache
      • Recycle bin

    • The rest are optional - if you want it to remove everything check "Select All ".
    • Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.
    Reboot


    Please do an online scan with Kaspersky Online Scanner

    Click Accept, when prompted to download and install the program files and database of malware definitions.
    • Click Run at the Security prompt.
    • The program will then begin downloading and installing and will also update the database.
    • Please be patient as this can take several minutes.
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Click View scan report at the bottom.
    • Click the Save Report As... button.
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs.
    • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
    Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


    Post the Kaspersky log and one more fresh HijackThis log.
     
    noahdfear,
    #7

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...