| Hello,
My computer is messed up beyond my control. I did everything that was asked on the before posting a log and I am still getting the VIRUS ALERT! next to the clock on the bottem right side. Also sometimes i get a windows message saying in my browser. Please help. I am lost without my computer.
Insecure Internet activity. Threat of virus attack
Due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes.
Also insecure Internet activity can result in revealing your personal information.
To get full advanced real-time protection for PC and Internet activity, register KvmSecure.
We recommend you to protect your PC now and continue safe Internet browsing.
Here is my Hijack this File.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:10: VIRUS ALERT!, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.comR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: QXK Olive - {698930F0-B033-46DC-82F8-8B6DD6BF84C3} - C:\WINDOWS\boqnrwdmtpe.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: atfxqogp - {109C6D5D-2E6B-48CA-9584-4691AEEA8FBF} - C:\WINDOWS\atfxqogp.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CABO16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://my.uo.com/fonts/tdserver.cabO16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cabO16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cabO16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/service_components/control/activex/TmHcmsX.CABO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cabO16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.1.99.cabO16 - DPF: {4D390092-2A93-4E4D-BE7F-12E7C8C245EB} (BugreportX Control) - http://www.muonline.co.kr/Support/BugReport/ocx/Bugreport.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cabO16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cabO16 - DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} (MGAME manager Class) - http://download.mgame.com/download/cab/mgmanagerv1001.cabO16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.kr/cdndist/neffynew/NeffyLauncher.cabO16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cabO16 - DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} (SKCInst1 Class) - http://cyimg7.cyworld.com/cymusic/package/skcinst.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: vltdfabw - {5E7C7D62-7E73-4954-90BD-BB79384399C7} - C:\WINDOWS\vltdfabw.dll (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm--
End of file - 11349 bytes
_____________________________________________________________________________________
And here is the Combofix Log
ComboFix 08-05-26.2 - Robert Knisely 2008-05-27 5:54:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.438 [GMT -7:00]
Running from: C:\Documents and Settings\Robert Knisely\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Robert Knisely\Application Data\inst.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\npqss.bak1
C:\WINDOWS\system32\npqss.bak2
C:\WINDOWS\system32\npqss.ini
.
((((((((((((((((((((((((( Files Created from 2008-04-27 to 2008-05-27 )))))))))))))))))))))))))))))))
.
2008-05-27 05:51 . 2008-05-27 05:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-27 05:15 . 2008-05-27 05:15 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-27 05:15 . 2008-05-27 05:15 <DIR> d-------- C:\Documents and Settings\Robert Knisely\Application Data\SUPERAntiSpyware.com
2008-05-27 05:15 . 2008-05-27 05:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-27 05:00 . 2008-05-27 05:00 <DIR> d-------- C:\Program Files\CCleaner
2008-05-27 04:09 . 2008-05-27 04:09 3,512 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-27 02:52 . 2008-05-27 02:52 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-27 02:52 . 2008-05-27 03:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-27 02:35 . 2008-05-27 02:35 <DIR> d-------- C:\Documents and Settings\Robert Knisely\Application Data\TmpRecentIcons
2008-05-27 01:48 . 2008-05-27 05:51 8,581 --a------ C:\WINDOWS\system32\Config.MPF
2008-05-27 01:47 . 2008-05-27 01:47 <DIR> d-------- C:\Program Files\McAfee.com
2008-05-27 01:47 . 2008-05-27 04:49 <DIR> d-------- C:\Program Files\McAfee
2008-05-27 01:47 . 2008-05-27 01:47 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-05-27 01:47 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-05-27 01:47 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-05-27 01:47 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-05-27 01:47 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-05-27 01:47 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-05-27 01:47 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-05-27 01:31 . 2008-05-26 16:19 262,144 --a------ C:\WINDOWS\boqnrwdmtpe.dll
2008-05-27 01:31 . 2008-05-26 16:20 139,264 --a------ C:\WINDOWS\ekel.exe
2008-05-27 01:31 . 2008-05-26 16:20 81,920 --a------ C:\WINDOWS\xmpstean.exe
2008-05-27 01:30 . 2008-05-27 01:30 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-05-27 01:30 . 2008-05-27 01:30 96,256 --------- C:\WINDOWS\system32\ctfmona.exe_old
2008-05-27 01:27 . 2008-05-27 01:27 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-05-27 00:41 . 2008-05-27 01:28 <DIR> d-------- C:\Program Files\Macro Express3
2008-05-26 19:57 . 2008-05-26 19:57 244 --ah----- C:\sqmnoopt11.sqm
2008-05-26 19:57 . 2008-05-26 19:57 232 --ah----- C:\sqmdata11.sqm
2008-05-26 19:55 . 2008-05-26 19:55 244 --ah----- C:\sqmnoopt10.sqm
2008-05-26 19:55 . 2008-05-26 19:55 232 --ah----- C:\sqmdata10.sqm
2008-05-26 17:12 . 2008-05-26 17:12 244 --ah----- C:\sqmnoopt09.sqm
2008-05-26 17:12 . 2008-05-26 17:12 244 --ah----- C:\sqmnoopt08.sqm
2008-05-26 17:12 . 2008-05-26 17:12 232 --ah----- C:\sqmdata09.sqm
2008-05-26 17:12 . 2008-05-26 17:12 232 --ah----- C:\sqmdata08.sqm
2008-05-26 17:11 . 2008-05-26 17:11 244 --ah----- C:\sqmnoopt07.sqm
2008-05-26 17:11 . 2008-05-26 17:11 244 --ah----- C:\sqmnoopt06.sqm
2008-05-26 17:11 . 2008-05-26 17:11 232 --ah----- C:\sqmdata07.sqm
2008-05-26 17:11 . 2008-05-26 17:11 232 --ah----- C:\sqmdata06.sqm
2008-05-26 17:07 . 2008-05-26 17:07 244 --ah----- C:\sqmnoopt05.sqm
2008-05-26 17:07 . 2008-05-26 17:07 244 --ah----- C:\sqmnoopt04.sqm
2008-05-26 17:07 . 2008-05-26 17:07 244 --ah----- C:\sqmnoopt03.sqm
2008-05-26 17:07 . 2008-05-26 17:07 244 --ah----- C:\sqmnoopt02.sqm
2008-05-26 17:07 . 2008-05-26 17:07 244 --ah----- C:\sqmnoopt01.sqm
2008-05-26 17:07 . 2008-05-26 17:07 232 --ah----- C:\sqmdata05.sqm
2008-05-26 17:07 . 2008-05-26 17:07 232 --ah----- C:\sqmdata04.sqm
2008-05-26 17:07 . 2008-05-26 17:07 232 --ah----- C:\sqmdata03.sqm
2008-05-26 17:07 . 2008-05-26 17:07 232 --ah----- C:\sqmdata02.sqm
2008-05-26 17:07 . 2008-05-26 17:07 232 --ah----- C:\sqmdata01.sqm
2008-05-06 19:56 . 2008-05-06 19:56 <DIR> d-------- C:\WINDOWS\system32\Dell
2008-05-05 06:26 . 2008-05-05 05:36 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-05 06:02 . 2008-05-05 06:02 <DIR> d-------- C:\Program Files\Apex
2008-05-05 06:02 . 2001-08-23 17:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-05-05 05:49 . 2008-05-05 05:49 <DIR> d-------- C:\boilsoft_tmp
2008-05-05 05:48 . 2008-05-05 05:48 67 --a------ C:\WINDOWS\AVIConverter.INI
2008-05-05 05:45 . 2008-05-05 05:46 <DIR> d-------- C:\my dvd
2008-05-05 05:43 . 2008-05-05 05:56 <DIR> d-------- C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD
2008-05-05 05:43 . 2008-05-05 05:43 67 --a------ C:\WINDOWS\Easy Video to DVD.INI
2008-05-05 05:36 . 2008-05-27 04:31 <DIR> d-------- C:\Documents and Settings\Robert Knisely\Application Data\Vso
2008-05-05 05:36 . 2008-05-27 04:31 47,360 --a------ C:\Documents and Settings\Robert Knisely\Application Data\pcouffin.sys
2008-05-01 07:32 . 2008-05-01 07:32 575,088 --a------ C:\WINDOWS\system32\SKCDecd.ax
2008-05-01 07:32 . 2008-05-01 07:32 517,744 --a------ C:\WINDOWS\system32\skcppl.dll
2008-05-01 07:32 . 2008-05-01 07:32 468,592 --a------ C:\WINDOWS\system32\skcbgm.dll
2008-05-01 07:32 . 2008-05-01 07:32 198,256 --a------ C:\WINDOWS\system32\skcwmf.dll
2008-05-01 07:32 . 2008-05-01 07:32 169,584 --a------ C:\WINDOWS\system32\skcbgm.exe
2008-05-01 07:32 . 2008-05-01 07:32 145,008 --a------ C:\WINDOWS\system32\skcbgmf1.dll
2008-05-01 07:32 . 2008-05-01 07:32 136,816 --a------ C:\WINDOWS\system32\SKCMpg.ax
2008-05-01 07:32 . 2008-05-01 07:32 67,184 --a------ C:\WINDOWS\system32\CMListControl.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 12:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-27 12:00 --------- d-----w C:\Program Files\Yahoo!
2008-05-27 11:41 --------- d-----w C:\Program Files\Trend Micro
2008-05-27 11:31 --------- d-----w C:\Program Files\vso
2008-05-27 08:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-13 17:59 --------- d-----w C:\Program Files\World of Warcraft
2008-05-13 11:59 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-13 11:59 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-07 02:56 --------- d-----w C:\Program Files\Dell
2008-04-02 14:19 --------- d-----w C:\Program Files\Java
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-02 01:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-11 12:18 22,328 ----a-w C:\Documents and Settings\Robert Knisely\Application Data\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{698930F0-B033-46DC-82F8-8B6DD6BF84C3}]
2008-05-26 16:19 262144 --a------ C:\WINDOWS\boqnrwdmtpe.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{109C6D5D-2E6B-48CA-9584-4691AEEA8FBF}"= "C:\WINDOWS\atfxqogp.dll" [ ]
[HKEY_CLASSES_ROOT\clsid\{109c6d5d-2e6b-48ca-9584-4691aeea8fbf}]
[HKEY_CLASSES_ROOT\atfxqogp.1]
[HKEY_CLASSES_ROOT\TypeLib\{D2F84F86-E8F3-46DC-8D18-4601915C7F56}]
[HKEY_CLASSES_ROOT\atfxqogp]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 20:49 4662776]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-17 16:27 9117696]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 06:50 139264]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 08:43 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-17 23:00 45056]
"CTHelper"="CTHELPER.EXE" [2004-03-11 13:50 28672 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-10 23:00 90112]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 14:19 53248]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-26 23:02 86016]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-29 02:01 155648]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-17 16:27 9117696]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-09-29 14:32:32 118784]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"NoDispCPL"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"vltdfabw"= {5E7C7D62-7E73-4954-90BD-BB79384399C7} - C:\WINDOWS\vltdfabw.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ASLC"= aslcodec.dll
"vidc.3IV2"= 3ivxVfWCodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Robert Knisely^Start Menu^Programs^Startup^BitTorrent.lnk]
path=C:\Documents and Settings\Robert Knisely\Start Menu\Programs\Startup\BitTorrent.lnk
backup=C:\WINDOWS\pss\BitTorrent.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2006-05-09 17:24 50760 C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2005-05-15 00:04 332800 C:\Program Files\Dell Support\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EA Link\Core.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 17:24 50760 C:\Program Files\Common Files\AOL\1160118932\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-03-05 14:57 1103480 C:\Program Files\IGN\Download Manager\DLM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
--a------ 2006-02-17 09:59 124520 C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2008-04-17 16:27 9117696 C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-01-29 02:01 155648 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-06-07 23:23 1259000 C:\Program Files\Valve\Steam\\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster]
C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 20:49 4662776 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1160118932\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1160118932\\ee\\aim6.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\skcbgm.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"49152:TCP"= 49152:TCP:azureus
"12777:TCP"= 12777:TCP:lime1
"12777:UDP"= 12777:UDP:lime2
S0 FVDSCSI;FVDSCSI;C:\WINDOWS\system32\DRIVERS\fvdscsi.sys []
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;C:\WINDOWS\system32\Drivers\usbscan.sys [2004-08-03 21:58]
S3 XDva005;XDva005;C:\WINDOWS\system32\XDva005.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\AutorunPlayer.exe RightAutorunPro.dat
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-27 08:47:36 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-05-27 08:47:35 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-05-27 13:00:15 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-05-27 05:58:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2008-05-27 6:02:30
ComboFix-quarantined-files.txt 2008-05-27 13:01:26
Pre-Run: 36,076,802,048 bytes free
Post-Run: 36,057,079,808 bytes free
257 --- E O F --- 2008-05-17 10:02:18
____________________________________________________________________________________
Here is the Superantispyware log.
Generated 05/27/2008 at 05:47 AM
Application Version : 4.1.1046
Core Rules Database Version : 3468
Trace Rules Database Version: 1459
Scan type : Complete Scan
Total Scan Time : 00:29:16
Memory items scanned : 446
Memory threats detected : 0
Registry items scanned : 5415
Registry threats detected : 1
File items scanned : 16559
File threats detected : 7
Desktop Hijacker.AboutYourPrivacy
C:\Documents and Settings\Robert Knisely\Desktop\Privacy Protector.url
Adware.Vundo-Variant/J
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000417.DLL
Trojan.Unclassified/GTS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000419.DLL
Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\YCCDD.BAK1
C:\WINDOWS\SYSTEM32\YCCDD.BAK2
C:\WINDOWS\SYSTEM32\YCCDD.INI
C:\WINDOWS\SYSTEM32\YCCDD.INI2
Thanks Much
Robert K.
| 
|
Forum Help Manual
