Browser Problems(RESOLVED)

  1. 16-07-2008  #1
    Fishsticks
    Fishsticks is offline Newbie

    Browser Problems(RESOLVED)

    A couple of days ago I started to have problems when using the Internet. All of these problems are occurring in both Firefox and Internet Explorer. I cannot access certain sites such as Amazon.com and when i enter them into the url they just load indefinitely but most sites are fine. I am also unable to do searches on Google or Yahoo! and when i do a search in the toolbar, any results page just loads indefinitely as well. Also, sometimes at sites the boxes where images are supposed to be are replaced by suspicious advertisements saying "A system error was detected and I should scan my system now" but if i refresh the page they go away. Lastly, my McAfee Security Center keeps turning itself of and I have to press "Fix" and it will only remain fixed for an hour or so before becoming unfixed again. I have run AVG, Ad-Aware, Spybot S&D, and SuperAntiSpyware but they have not been able to fix the problems.

    Sorry if i was unclear about anything, I can try to explain more if needed.

    I use Windows XP and here is my HijackThis Log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:02 AM , on 2008-07-16
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\DRIVERS\dcfssvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\McAfee\VirusScan\McShield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\SiteAdvisor\6261\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\AOL\1129677708\ee\AOLSoftware.exe
    C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
    C:\Program Files\Razer\DeathAdder\razerhid.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Razer\DeathAdder\razertra.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Razer\DeathAdder\razerofa.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    c:\program files\common files\aol\1129677708\ee\services\antiSpywareApp\ve r2_0_32_1\AOLSP Scheduler.exe
    C:\Program Files\NETGEAR\WPN111\wpn111.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    c:\program files\common files\aol\1129677708\ee\aolsoftware.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDO WS\system32\userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O2 - BHO: (no name) - {14D6932C-193F-49B4-B7EF-F601643555D7} - (no file)
    O2 - BHO: (no name) - {319A0BD2-BC19-4039-A166-23D6DCA7C0A9} - (no file)
    O2 - BHO: (no name) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {50998E72-623A-4BB7-ABC1-11DD9F6B51D2} - C:\WINDOWS\system32\geBsspNF.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5503A81F-A6B4-4BCE-ACFD-1C0E8E1A9DC6} - (no file)
    O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file)
    O2 - BHO: {6f35909c-8138-59ab-a8f4-d05ee93da066} - {660ad39e-e50d-4f8a-ba95-8318c90953f6} - C:\WINDOWS\system32\rwyxqw.dll (file missing)
    O2 - BHO: (no name) - {75956E04-7334-4F2F-8D21-A1D8558D9AFF} - (no file)
    O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
    O2 - BHO: (no name) - {82336A8D-6CD0-4647-B791-75FCA8CF2B39} - (no file)
    O2 - BHO: (no name) - {9AAEAB65-8FF7-41C6-BEF2-97693D9D1EDA} - (no file)
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {C6242005-2E7E-48B7-85DD-4B9494E492A0} - C:\WINDOWS\system32\ljJYsSjI.dll (file missing)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129677708\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
    O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [24e23420] rundll32.exe "C:\WINDOWS\system32\mvclpyjv.dll",b
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [BM27d107bc] Rundll32.exe "C:\WINDOWS\system32\sulhysjc.dll",s
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\system32\SEMBLY~1\nopdb.exe" -vt yazb
    O4 - HKCU\..\Run: [Puplej] "C:\Documents and Settings\Evan The Great\My Documents\?dobe\m?dtc.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Search - ?p=ZZ
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Evan The Great\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
    O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/060...ie06071909.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: cbXPfEWO - cbXPfEWO.dll (file missing)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\system32\DRIVERS\dcfssvc.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

    --
    End of file - 16374 bytes


    Thanks alot for any help.
    Last edited by Fishsticks; 16-07-2008 at 09:31 PM. Reason: More info

  3. 18-07-2008  #2
    Neal
    Neal is offline Dedicated Member
    Welcome,

    Wow what a mess severly infected, going to take several tries to get this as clean as possible.



    Download SDFIX and save it to your Desktop.

    Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
    • Open the extracted folder and double click RunThis.bat to start the script.
    • Type Y to begin the script.
    • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • Your system will take longer that normal to restart as the fixtool will be running and removing files.
    • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
    • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log




    Visit this page below to familiarize yourself to the tool below:

    A guide and tutorial on using ComboFix




    If you have previously downloaded ComboFix,please delete that version now.

    Now download ComboFix and save to your desktop:

    Note:

    It is IMPORTANT that it is saved directly to your desktop

    Close any open browsers.

    Disconnect from the Internet.

    Please do not re-connect your machine back to the Internet until Combofix has completely finished.

    Disable your antivirus program and any realtime malware scanners and script blockers now


    How To Disable



    Double click on combofix.exe and follow the prompts.

    When it's finished it will produce a log.
    Post the entire contents of C:\ComboFix.txt into your next reply.

    Note:
    Do not mouseclick combofix's window while it's running.

    That may cause the program to freeze/hang.

    Do NOT post the ComboFix-quarantined-files.txt unless I ask.

    Re-enable your anti-virus and re-connect back to the internet and post the combofix log.



    *Note*
    In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
    Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

    ComboFix SHOULD NOT be used unless requested by a forum helper.


    You must follow instructions for combofix exactly as given
  4. 18-07-2008  #3
    Fishsticks
    Fishsticks is offline Newbie
    Thanks so much for your help. I did the scans and all of the problems seem to be fixed. I can use all the search engines and access all the sites I couldn't before and there are no more suspicious ads. Here are the logs. I had to run ComboFix twice because the first time the log was blank.

    HijackThis
    __________________________________________________ _________________________________
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:03:57 PM, on 7/18/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\DRIVERS\dcfssvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\McAfee\VirusScan\McShield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\SiteAdvisor\6261\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\AOL\1129677708\ee\AOLSoftware.exe
    C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
    C:\Program Files\Razer\DeathAdder\razerhid.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Razer\DeathAdder\razertra.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Razer\DeathAdder\razerofa.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    c:\program files\common files\aol\1129677708\ee\services\antiSpywareApp\ve r2_0_32_1\AOLSP Scheduler.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\NETGEAR\WPN111\wpn111.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    c:\program files\common files\aol\1129677708\ee\aolsoftware.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129677708\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
    O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Puplej] "C:\Documents and Settings\Evan The Great\My Documents\?dobe\m?dtc.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Search - ?p=ZZ
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Evan The Great\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
    O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/060...ie06071909.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: McAfee Application Installer Cleanup (0038701216396487) (0038701216396487mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\003870~1.EXE (file missing)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\system32\DRIVERS\dcfssvc.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

    --
    End of file - 15072 bytes


    SDFix
    __________________________________________________ _____________________________

    Rebooting


    Checking Files :

    No Trojan Files Found






    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-18 11:47:40
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
    "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
    "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Prog ram Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled: AOLTsMon"
    "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Prog ram Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled: AOLTopSpeed"
    "C:\\Program Files\\Common Files\\AOL\\1129677708\\EE\\AOLServiceHost.exe"="C :\\Program Files\\Common Files\\AOL\\1129677708\\EE\\AOLServiceHost.exe:*:E nabled:AOL"
    "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
    "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
    "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
    "C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\ \Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Ena bled:AOL"
    "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
    "C:\\Program Files\\Common Files\\AOL\\1129677708\\EE\\aolsoftware.exe"="C:\\ Program Files\\Common Files\\AOL\\1129677708\\EE\\aolsoftware.exe:*:Enab led:AOL Services"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"="C:\\P rogram Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe:*isabled:Adobe Photoshop Elements Media Server"
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
    "C:\\DOCUME~1\\EVANTH~1\\LOCALS~1\\Temp\\win30C.tm p.exe"="C:\\DOCUME~1\\EVANTH~1\\LOCALS~1\\Temp\\wi n30C.tmp.exe:*:Enabled:win30C.tmp"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
    "C:\\Program Files\\Steam\\SteamApps\\fishsticks\\garrysmod\\hl 2.exe"="C:\\Program Files\\Steam\\SteamApps\\fishsticks\\garrysmod\\hl 2.exe:*:Enabled:hl2"
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    Remaining Files :



    Files with Hidden Attributes :

    Fri 19 Nov 2004 54,872 A..H. --- "C:\Program Files\America Online 9.0\AOLphx.exe"
    Fri 19 Nov 2004 31,832 A..H. --- "C:\Program Files\America Online 9.0\rbm.exe"
    Fri 2 Nov 2007 6,465 A.SH. --- "C:\WINDOWS\system32\dfhkj.bak2"
    Tue 15 Jul 2008 1,879,979 ..SH. --- "C:\WINDOWS\system32\vjyplcvm.tmp"
    Tue 16 Aug 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Sun 22 Jun 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
    Sun 22 Jun 2008 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
    Wed 2 Jul 2008 214,016 A..H. --- "C:\Documents and Settings\Evan The Great\Local Settings\Temp\~1C7.tmp"
    Sat 12 Jul 2008 214,016 A..H. --- "C:\Documents and Settings\Evan The Great\Local Settings\Temp\~221.tmp"
    Tue 1 Jul 2008 214,016 A..H. --- "C:\Documents and Settings\Evan The Great\Local Settings\Temp\~23.tmp"
    Thu 17 Jul 2008 214,016 A..H. --- "C:\Documents and Settings\Evan The Great\Local Settings\Temp\~2D.tmp"
    Tue 1 Jul 2008 214,016 A..H. --- "C:\Documents and Settings\Evan The Great\Local Settings\Temp\~58.tmp"
    Mon 14 Jul 2008 214,016 A..H. --- "C:\Documents and Settings\Evan The Great\Local Settings\Temp\~CD.tmp"
    Thu 17 Jul 2008 214,016 A..H. --- "C:\Documents and Settings\Evan The Great\Local Settings\Temp\~D7.tmp"
    Tue 6 Nov 2007 879 A..H. --- "C:\Program Files\Common Files\AOL\IPHSend\IPH.BAK"
    Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c4 06b1d7e0f5c1e6f6d44a3f6e\BIT1B8.tmp"
    Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc 8132a10b438ce6e2b49d4652\BIT1B6.tmp"
    Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111 678c52099a3b3123b12f2325\BIT1BA.tmp"
    Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\927c9883 06a93278708f61afaae477cc\BIT1B5.tmp"
    Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5 109d0f8b0dee9fab84906813\BIT1B9.tmp"
    Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b 8fed23dd91f50d167cce60d3\BIT1BB.tmp"
    Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916b b150f8a929e7a4ffdfbc120f\BIT1B7.tmp"
    Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd026484 9c01086f3c6b505dc02dbd44\BIT54.tmp"
    Wed 7 Nov 2007 2,633 ...HR --- "C:\Documents and Settings\Evan The Great\Application Data\SecuROM\UserData\securom_v7_01.bak"
    Tue 16 Aug 2005 4,348 ...H. --- "C:\Documents and Settings\Evan The Great\My Documents\My Music\License Backup\drmv1key.bak"
    Mon 8 May 2006 20 A..H. --- "C:\Documents and Settings\Evan The Great\My Documents\My Music\License Backup\drmv1lic.bak"
    Sun 30 Oct 2005 400 A.SH. --- "C:\Documents and Settings\Evan The Great\My Documents\My Music\License Backup\drmv2key.bak"
    Wed 31 Oct 2007 10,380 ...H. --- "C:\Documents and Settings\Evan The Great\Desktop\School\10th Grade\Science\~WRL0315.tmp"
    Thu 20 Sep 2007 24,576 ...H. --- "C:\Documents and Settings\Evan The Great\Desktop\School\10th Grade\Science\~WRL2572.tmp"
    Mon 22 May 2006 25,088 ...H. --- "C:\Documents and Settings\Evan The Great\Desktop\School\8th Grade\English\~WRL0229.tmp"
    Mon 22 May 2006 32,768 ...H. --- "C:\Documents and Settings\Evan The Great\Desktop\School\8th Grade\English\~WRL0563.tmp"
    Mon 22 May 2006 25,600 ...H. --- "C:\Documents and Settings\Evan The Great\Desktop\School\8th Grade\English\~WRL1651.tmp"
    Mon 22 May 2006 25,088 ...H. --- "C:\Documents and Settings\Evan The Great\Desktop\School\8th Grade\English\~WRL1721.tmp"
    Fri 18 Aug 2006 24,576 A..H. --- "C:\Documents and Settings\Evan The Great\Desktop\School\9th Grade\AP World History\~WRL0001.tmp"
    Fri 18 Aug 2006 25,600 A..H. --- "C:\Documents and Settings\Evan The Great\Desktop\School\9th Grade\AP World History\~WRL0618.tmp"
    Fri 18 Aug 2006 25,600 A..H. --- "C:\Documents and Settings\Evan The Great\Desktop\School\9th Grade\AP World History\~WRL2499.tmp"
    Fri 18 Aug 2006 26,624 A..H. --- "C:\Documents and Settings\Evan The Great\Desktop\School\9th Grade\AP World History\~WRL2550.tmp"
    Fri 18 Aug 2006 26,112 A..H. --- "C:\Documents and Settings\Evan The Great\Desktop\School\9th Grade\AP World History\~WRL3971.tmp"
    Wed 19 Oct 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp"
    Thu 27 Oct 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch6\lock.tmp"
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Evan The Great\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Evan The Great\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Evan The Great\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Sat 21 Apr 2007 8 A..H. --- "C:\Documents and Settings\Evan The Great\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "

    Finished!



    ComboFix
    __________________________________________________ _____________________________
    ComboFix 08-07-17.4 - Evan The Great 2008-07-18 12:32:33.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1332 [GMT -4:00]
    Running from: C:\Documents and Settings\Evan The Great\Desktop\ComboFix.exe
    * Resident AV is active


    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2008-06-18 to 2008-07-18 )))))))))))))))))))))))))))))))
    .

    2008-07-18 12:32 . 2008-07-18 12:32 <DIR> d-------- C:\327882R2FWJFW
    2008-07-18 11:30 . 2008-07-18 11:30 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-07-14 17:08 . 2008-07-16 15:30 <DIR> d--h----- C:\$AVG8.VAULT$
    2008-07-14 17:05 . 2008-07-14 17:05 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-07-14 17:05 . 2008-07-14 17:05 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
    2008-07-14 17:04 . 2008-07-18 10:55 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
    2008-07-14 17:04 . 2008-07-14 17:04 <DIR> d-------- C:\Program Files\AVG
    2008-07-14 17:04 . 2008-07-15 18:00 <DIR> d-------- C:\Documents and Settings\Evan The Great\Application Data\AVGTOOLBAR
    2008-07-14 17:04 . 2008-07-14 17:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-07-14 16:50 . 2008-07-14 16:50 <DIR> d-------- C:\Program Files\Trend Micro
    2008-07-14 10:16 . 2008-07-14 10:20 <DIR> d-------- C:\Program Files\SpywareBlaster
    2008-07-14 09:42 . 2008-07-17 09:52 <DIR> d-------- C:\Documents and Settings\Evan The Great\Application Data\Move Networks
    2008-07-13 08:29 . 2008-07-18 12:12 110,428 --a------ C:\WINDOWS\BM27d107bc.xml
    2008-07-13 08:22 . 2008-07-13 08:26 <DIR> d-------- C:\WINDOWS\system32\olixds01
    2008-07-13 08:22 . 2008-07-13 08:22 <DIR> d-------- C:\Temp\stmpv4
    2008-07-03 01:13 . 2008-07-03 01:13 <DIR> d-------- C:\Program Files\Data Realms
    2008-06-29 16:33 . 2008-06-29 16:33 754 --a------ C:\WINDOWS\WORDPAD.INI
    2008-06-25 23:01 . 2008-06-25 23:01 0 --ah----- C:\WINDOWS\SwSys2.bmp
    2008-06-25 23:01 . 2008-06-25 23:01 0 --ah----- C:\WINDOWS\SwSys1.bmp
    2008-06-20 13:41 . 2008-06-20 13:41 245,248 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 06:44 . 2008-06-20 06:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-18 13:52 . 2008-06-18 13:52 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2008-07-18 15:54 --------- d-----w C:\Program Files\McAfee
    2008-07-18 00:42 --------- d-----w C:\Program Files\Steam
    2008-07-16 13:24 --------- d-----w C:\Program Files\Google
    2008-07-15 12:26 --------- d-----w C:\Program Files\SUPERAntiSpyware
    2008-07-14 22:10 --------- d-----w C:\Program Files\AIM6
    2008-07-14 14:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-07-14 14:26 --------- d-----w C:\Program Files\Lavasoft
    2008-07-14 14:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-07-14 12:44 --------- d-----w C:\Program Files\SystemRequirementsLab
    2008-07-14 12:44 --------- d-----w C:\Documents and Settings\Evan The Great\Application Data\SystemRequirementsLab
    2008-07-12 20:11 --------- d-----w C:\Program Files\DivX
    2008-06-27 19:00 --------- d-----w C:\Program Files\Norton Security Scan
    2008-06-26 02:33 --------- d-----w C:\Program Files\Midway Home Entertainment
    2008-06-26 02:05 --------- d-----w C:\Documents and Settings\Evan The Great\Application Data\IGN_DLM
    2008-06-23 21:48 --------- d-----w C:\Documents and Settings\Evan The Great\Application Data\SiteAdvisor
    2008-06-23 15:46 --------- d-----w C:\Program Files\CDisplay
    2008-06-23 12:59 --------- d-----w C:\Program Files\Common Files\McAfee
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-19 20:34 --------- d-----w C:\Documents and Settings\Evan The Great\Application Data\SPORE Creature Creator
    2008-06-17 20:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-17 20:02 --------- d-----w C:\Program Files\Electronic Arts
    2008-06-16 21:03 --------- d-----w C:\Program Files\QuickTime
    2008-06-15 15:31 --------- d-----w C:\Program Files\Irrational Games
    2008-06-14 14:14 --------- d-----w C:\Program Files\Activision
    2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-11 22:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
    2008-06-10 04:30 --------- d-----w C:\Program Files\Microsoft Works
    2008-06-07 16:50 --------- d-----w C:\Program Files\uTorrent
    2008-05-24 01:21 --------- d-----w C:\Program Files\Cedelia
    2008-05-22 19:02 --------- d-----w C:\Program Files\SiteAdvisor
    2007-11-01 03:41 123 ----a-w C:\Documents and Settings\Evan The Great\mit.bat
    2007-10-12 01:17 5,681 ----a-w C:\Program Files\install.log
    2006-08-18 00:18 1 -c--a-w C:\Documents and Settings\Evan The Great\SI.bin
    2005-12-27 02:28 22,834,141 ----a-w C:\Program Files\Christmas2005_L2_96.mp3
    2005-12-26 13:29 22,786,298 ----a-w C:\Program Files\Christmas2005_L1_96.mp3
    2005-12-09 15:27 11,817,800 ----a-w C:\Program Files\GoogleEarthSetup.exe
    2005-12-06 20:30 14,798,876 ----a-w C:\Program Files\SetupIMVU.exe
    2005-12-06 00:44 3,911,037 ----a-w C:\Program Files\sf2.exe
    2005-08-16 23:15 171,796 -c--a-w C:\Documents and Settings\Evan The Great\stub.exe
    2000-03-09 23:41 653 -c--a-w C:\Program Files\Blabla.txt
    1996-07-29 23:17 94 ----a-w C:\Program Files\HIGHSCOR.SF2
    1996-07-29 23:17 47 -c--a-w C:\Program Files\CONFIG.SF2
    1995-05-31 16:13 182 -c--a-w C:\Program Files\EXTRAS.SF2
    1995-05-31 16:05 774,204 -c--a-w C:\Program Files\BACKDROP.SF2
    1995-05-31 16:05 643,620 -c--a-w C:\Program Files\GENERAL.SF2
    1995-05-31 16:05 63,861 -c--a-w C:\Program Files\INDEX.SF2
    1995-05-31 16:04 2,048 -c--a-w C:\Program Files\SBDRIVER.DRV
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "Puplej"="C:\Documents and Settings\Evan The Great\My Documents\?dobe\m?dtc.exe" [?]
    "igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57 1103480]
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 05:04 59392]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 09:50 139264]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-10-26 22:10 344064]
    "CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43 57344]
    "CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 18:15 81920]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-16 12:16 180269]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]
    "HostManager"="C:\Program Files\Common Files\AOL\1129677708\ee\AOLSoftware.exe" [2006-03-08 14:38 48280]
    "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2005-04-18 14:38 71256]
    "IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-03-27 11:57 126104]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-01-17 15:24 36904]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 07:55 61440]
    "DeathAdder"="C:\Program Files\Razer\DeathAdder\razerhid.exe" [2006-12-06 22:30 159744]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-14 17:04 1232152]
    "CTHelper"="CTHELPER.EXE" [2004-03-11 16:50 28672 C:\WINDOWS\system32\CTHELPER.EXE]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-02-06 23:52:12 113664]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
    HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]
    NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [2007-01-14 19:18:57 884838]
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-06-21 14:34:23 122880]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "C:\\Program Files\\America Online 9.0\\waol.exe"=
    "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
    "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
    "C:\\Program Files\\Common Files\\AOL\\1129677708\\EE\\AOLServiceHost.exe"=
    "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
    "C:\\Program Files\\AIM\\aim.exe"=
    "C:\\Program Files\\Common Files\\AOL\\1129677708\\EE\\aolsoftware.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"=
    "C:\\Program Files\\Midway Home Entertainment\\Stranglehold Demo\\Binaries\\Retail-Stranglehold.exe"=
    "C:\\Program Files\\Flagship Studios\\Hellgate London Demo\\Launcher.exe"=
    "C:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"=
    "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\fishsticks\\team fortress 2\\hl2.exe"=
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\fishsticks\\garrysmod\\hl 2.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-14 17:05]
    R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-14 17:04]
    R3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2006-11-14 15:29]
    S2 0038701216396487mcinstcleanup;McAfee Application Installer Cleanup (0038701216396487);C:\WINDOWS\TEMP\003870~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 13:10]
    S3 jnv4_mib;jnv4_mib;C:\DOCUME~1\EVANTH~1\LOCALS~1\Te mp\jnv4_mib.sys []
    S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-09-26 17:02]
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-06-29 03:53:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-06-15 06:18:29 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe'
    "2008-07-01 05:00:36 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe
    "2008-06-27 19:05:51 C:\WINDOWS\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    .
    ************************************************** ************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-18 12:46:44
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    ************************************************** ************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\SiteAdvisor\6261\saHook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\WINDOWS\system32\drivers\dcfssvc.exe
    C:\WINDOWS\ehome\ehRecvr.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
    C:\Program Files\McAfee\VirusScan\Mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MpfSrv.exe
    C:\Program Files\McAfee\MSK\msksrver.exe
    C:\Program Files\SiteAdvisor\6261\SAService.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Razer\DeathAdder\razertra.exe
    C:\Program Files\Razer\DeathAdder\razerofa.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\AOL\1129677708\EE\services\antiSpywareApp\ve r2_0_32_1\AOLSP Scheduler.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
    C:\WINDOWS\system32\verclsid.exe
    .
    ************************************************** ************************
    .
    Completion time: 2008-07-18 12:52:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-18 16:52:36
    ComboFix2.txt 2008-07-18 16:30:41

    Pre-Run: 321,120,976,896 bytes free
    Post-Run: 321,101,676,544 bytes free

    245 --- E O F --- 2008-07-15 00:06:22

    ________________________________________
    Thanks again so much for helping me out.
  5. 18-07-2008  #4
    Neal
    Neal is offline Dedicated Member
    Great news,


    I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
    1. Run Spybot-S&D
    2. Go to the Mode menu, and make sure "Advanced Mode" is selected
    3. On the left hand side, choose Tools -> Resident
    4. Uncheck "Resident TeaTimer" and OK any prompts
    You can reenable TeaTimer once your system is clean.


    Run hijackthis and click on "scan system only" button and put checks next to these:


    O4 - HKCU\..\Run: [Puplej] "C:\Documents and Settings\Evan The Great\My Documents\?dobe\m?dtc.exe"


    Please close ALL browser windows (including this one).

    Everything closed out but hijackthis and click on "fix checked"



    Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.


    Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):


    DELETE FOLDERS

    C:\Documents and Settings\Evan The Great\My Documents\?dobe


    Reboot and...



    Update Java: Security Issue

    * Go to Start > Control Panel double-click on the Software icon > add/remove programs.
    * Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    It should have next icon next to it:
    Select it and click Remove.
    * The current version can be downloaded from Sun here: Java SE Downloads Scroll down the page to 'Java Runtime Environment (JRE) 6u7 and press the 'Download' button. On the new web page, click the 'Accept License Agreement' button. Then select 'Windows Offline Installation, Multi-language' in the Windows Platform area just below the Accept button.


    Still ok?
  6. 19-07-2008  #5
    Fishsticks
    Fishsticks is offline Newbie
    Thanks, everything is still working fine.

    I deleted the object from HijackThis.

    Then I booted in Safe Mode but that folder was not present.

    Then I rebooted but in Add/Remove Programs there is no remove button when I select Java 2 Runtime Environment.
  7. 20-07-2008  #6
    Neal
    Neal is offline Dedicated Member
    If you are no longer having any more trouble here is some preventative measures for you.

    Be sure to re-hide hidden files/folders if you were asked to unhide them

    Here are some preventive measures you can take to keep your computer from getting infected again. Also keep SpybotS&D updated.

    Read This First - IMPORTANT Instructions

    Flush your restore points in ME and XP, by turning System Restore off and then back on.
    This will create a fresh restore point.

    Explained Here:
    Windows XP: McAfee Threat Center

    Explained Here
    Microsoft ME:
    Disabling or enabling Windows Me System Restore



    Please download ATF Cleaner by Atribune to desktop.
    http://www.atribune.org/public-beta/ATF-Cleaner.exe

    Double-click ATF-Cleaner.exe to run the program, to clean junk files off your PC.

    If you would like to keep your cookies don't check that item

    * Under Main "Select Files to Delete" choose: Select All.
    * Click the Empty Selected button.
    * If you use Firefox browser click Firefox at the top and choose: Select All
    * Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    * If you use Opera browser click Opera at the top and choose: Select All
    * Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main menu to close the program.



    To reduce the re-infection potential for malware and protect yourself against spyware, here are a few helpful suggestions:

    1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft. This will patch many of the security holes through which attackers can gain access to your computer. You CANNOT complete this update using an alternate browser.
    http://v5.windowsupdate.microsoft.co....aspx?ln=en-us

    http://www.microsoft.com/windows/ie/default.asp


    2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching, there are a some good free Antivirus programs that are decent, including Avira and Avast and PCTools.
    AVIRA: http://www.free-av.com/]Avira

    AVAST: FREE avast! antivirus 4.x Home Edition, anti-spyware & anti-rootkit for Windows

    PCTOOLS: PC Tools AntiVirus - Free Anti-Virus Download


    3. In addtion to using SpyBot S&D consider using another free malware scanning/removal program:
    Windows Defender: Windows Defender: Home Page



    4. Consider using a free firewall if you are not already using one. Some good free ones are:
    Kerio: Free Firewall Download - Sunbelt Kerio Personal Firewall


    Comodo:Comodo Free Firewall Software Download



    5. Consider using an alternate free browser for general web surfing but you must use IE for windows update.
    Mozilla Firefox: www.mozilla.org/products/firefox/


    6. Consider increasing your browser security by using Spyware Blaster:
    SpywareBlaster will increase browser protection by blocking Thousands of known malware sites by adding them to IE's restricted sites zone. Download it here:

    SpywareBlaster


    If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: CJB.NET


    IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
    https://netfiles.uiuc.edu/ehowes/www/resource.htm


    Block access to Untrustworthy Sites

    You can prevent your computer from visiting a myriad of untrustworthy sites and ad-servers by installing a customised hosts file. One of the best available is the: MVPS Hosts File. Simply follow the instructions to install the file in the correct location. This will not only make surfing safer but will improve website load times and block popups from many of the large ad-servers.



    *Remember just like your primary anti-virus software, it is important to keep all of these programs up-to-date and use them on a regular basis. It's Free
  8. 21-07-2008  #7
    Fishsticks
    Fishsticks is offline Newbie
    Sorry, I had to go out of town for a few days but I am back and everything is still working great.

    I will take the steps to help prevent infection in the future and thanks again so much for helping me out.
  9. 21-07-2008  #8
    Neal
    Neal is offline Dedicated Member
    Save 20% on AVG Internet Security 2012 Suite!
    Very welcome and surf safe.
+ Reply to Thread
« [RESOLVED] Trojan problem | computer running slower, hijack this log »