qazwsx

Members
  • Content Count

    10
  • Joined

  • Last visited

About qazwsx

  • Rank
    Member
  1. It's running pretty good. In one of the other profiles i can't set the background, and I'm not sure which services i should turn back on, but other than that, everythings fantastic.
  2. here you go, plus I already had fixwareout, so i just ran it again. Username "Robert" - 04/27/2008 9:43:20 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check Successfully flushed the DNS Resolver Cache. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto" "VSOCheckTask"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask" "VirusScan Online"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\"" "MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe" "McLogLch_exe"="C:\\Program Files\\McAfee\\MSC\\McLogLch.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ Here Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:49:42 AM, on 4/27/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [McLogLch_exe] C:\Program Files\McAfee\MSC\McLogLch.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.
  3. hey sorry it took me so long to get back, but my internet connection wasn't working. So I turned it off and unplug/plugged the modem. The only thing i can see wrong is that in another profile( i opened this one to get the computer working) it runs slower and I can't setup a background. But that's not really a big deal. other than that it seems cool, but I'm not sure about the internet thing you asked. Where would i check that?
  4. okay here it is. Username "Robert" - 04/19/2008 10:56:52 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters "nameserver"="85.255.113.90 85.255.112.5" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4DA768AF-423F-4F8E-A186-2D29BB0B4E2F} "nameserver"="85.255.113.90,85.255.112.5" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{ED22A177-047C-47D2-A5D0-1B0841471490} "nameserver"="85.255.113.90,85.255.112.5" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{781459A1-324F-47C3-9609-C454DA9F4DD8} "DhcpNameServer"="85.255.113.90,85.255.112.5" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{ED22A177-047C-47D2-A5D0-1B0841471490} "DhcpNameServer"="85.255.113.90,85.255.112.5" <Value cleared. Successfully flushed the DNS Resolver Cache. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto" "VSOCheckTask"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask" "VirusScan Online"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\"" "MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe" "McLogLch_exe"="C:\\Program Files\\McAfee\\MSC\\McLogLch.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ here's the other one Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:02:38 AM, on 4/19/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [McLogLch_exe] C:\Program Files\McAfee\MSC\McLogLch.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?') O4 - HKUS\S-1-5-21-796845957-1078081533-1801674531-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5 O17 - HKLM\System\CS1\Services\Tcpip\..\{4DA768AF-423F-4F8E-A186-2D29BB0B4E2F}: NameServer = 85.255.113.90,85.255.112.5 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe -- End of file - 4935 bytes
  5. My computer seems to be running fine, before it would disconnect from the internet, and i would have to unplug/pug, but now it's cool. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:23:04 PM, on 4/18/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: 0 - {32D86833-4023-4190-4FA9-B102718BFDBB} - C:\Program Files\MSN Gaming Zone\viliw.dll (file missing) O2 - BHO: (no name) - {3A6EAAD6-5237-4C52-85FC-D261E61F2408} - C:\Program Files\Online Services\ryzydyhip4444.dll (file missing) O2 - BHO: {a1c24e94-45c5-163b-1c84-2625e2bf8f04} - {40f8fb2e-5262-48c1-b361-5c5449e42c1a} - C:\WINDOWS\system32\hoqovbjn.dll (file missing) O2 - BHO: (no name) - {4FFBE87B-E96A-4EED-8D70-34383A8E5FD8} - C:\Program Files\Online Services\ryzydyhip83122.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {57A03C5D-6084-4330-835A-6836E8C0A7D7} - C:\WINDOWS\system32\jkkli.dll (file missing) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll O2 - BHO: (no name) - {d0b26dee-11fe-4a27-b4b5-bd261f2ea3db} - C:\WINDOWS\system32\dnbydgq.dll (file missing) O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [McLogLch_exe] C:\Program Files\McAfee\MSC\McLogLch.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?') O4 - HKUS\S-1-5-21-796845957-1078081533-1801674531-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4DA768AF-423F-4F8E-A186-2D29BB0B4E2F}: NameServer = 85.255.113.90,85.255.112.5 O17 - HKLM\System\CCS\Services\Tcpip\..\{ED22A177-047C-47D2-A5D0-1B0841471490}: NameServer = 85.255.113.90,85.255.112.5 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5 O17 - HKLM\System\CS1\Services\Tcpip\..\{4DA768AF-423F-4F8E-A186-2D29BB0B4E2F}: NameServer = 85.255.113.90,85.255.112.5 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5 O17 - HKLM\System\CS2\Services\Tcpip\..\{4DA768AF-423F-4F8E-A186-2D29BB0B4E2F}: NameServer = 85.255.113.90,85.255.112.5 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5 O17 - HKLM\System\CS3\Services\Tcpip\..\{4DA768AF-423F-4F8E-A186-2D29BB0B4E2F}: NameServer = 85.255.113.90,85.255.112.5 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5 O20 - Winlogon Notify: byxyvvw - byxyvvw.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe -- End of file - 6422 bytes Friday, April 18, 2008 3:22:27 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 18/04/2008 Kaspersky Anti-Virus database records: 714084 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ F:\ Scan Statistics Total number of scanned objects 81120 Number of viruses found 8 Number of infected objects 13 Number of suspicious objects 0 Duration of the scan process 01:34:06 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b575aa76e8356c125a859778d693cdc2_9fcef0b3-f977-4f0e-998a-78eeb1280944 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped C:\Documents and Settings\Dazzz\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0e0e-1b2537dd.zip/vlocal.class Infected: Trojan-Downloader.Java.Agent.f skipped C:\Documents and Settings\Dazzz\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0e0e-1b2537dd.zip ZIP: infected - 1 skipped C:\Documents and Settings\Dazzz\.jpi_cache\jar\1.0\jvmsecman.jar-6b26dca8-5de77bf8.zip/vlocal.class Infected: Trojan-Downloader.Java.Agent.f skipped C:\Documents and Settings\Dazzz\.jpi_cache\jar\1.0\jvmsecman.jar-6b26dca8-5de77bf8.zip ZIP: infected - 1 skipped C:\Documents and Settings\Dazzz\Desktop\New Folder\deskk\SHSetup-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped C:\Documents and Settings\Dazzz\Desktop\New Folder\New Folder\ac\New Folder\BitLord_1.1.exe/file9 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped C:\Documents and Settings\Dazzz\Desktop\New Folder\New Folder\ac\New Folder\BitLord_1.1.exe Inno: infected - 1 skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Robert\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.98121/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped C:\Documents and Settings\Robert\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.98121 NSIS: infected - 1 skipped C:\Documents and Settings\Robert\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Robert\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Robert\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Robert\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Robert\ntuser.dat.LOG Object is locked skipped C:\Program Files\MSN Gaming Zone\zyrtol.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped C:\QooBox\Quarantine\C\Documents and Settings\Dazzz\My Documents\STEM~1\rυndll.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gj skipped C:\QooBox\Quarantine\C\Program Files\ISM\BndDrive5.dll.vir Infected: not-a-virus:AdWare.Win32.AdBand.a skipped C:\QooBox\Quarantine\C\Program Files\ISM2\ISMPack6.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.aix skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{9D354905-3E9A-4818-9DB5-26202F44C369}\RP2\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\Temp\sqlite_vRP7iK7Huk6p2UL Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.
  6. wow, dude. wow. here it is. Malwarebytes' Anti-Malware 1.11 Database version: 636 Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|) Objects scanned: 112583 Time elapsed: 44 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 10 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 4 Files Infected: 69 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{2a8c2c57-93a7-0675-5a40-098909c6f6cc} (Trojan.Obfuscated) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2a8c2c57-93a7-0675-5a40-098909c6f6cc} (Trojan.Obfuscated) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e0c8372c-a6e5-a347-e85b-fc8a45f77ce1} (Dialer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e0c8372c-a6e5-a347-e85b-fc8a45f77ce1} (Dialer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\runtime2 (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzci32 (Dialer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bug doctor_is1 (Rogue.BugDoctor) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Mz08r (Trojan.DownLoader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn (Rogue.Installers) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Updates\Downloads\4784\Download_Files\msc\mscmisc.cab (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Program Files\E404 Helper\e404.v1.dll.vir (AdWare.BHO) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Program Files\ISM\bndloader.exe.vir (Trojan.Adware) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Program Files\ISM\ism.exe.vir (Trojan.Adware) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Program Files\Web Buying\v1.8.5\wbuninst.exe.vir (Adware.WebBuying) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\TTC-4444.exe.vir (Adware.TTC) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\e2\caws83122.exe.vir (Adware.TTC) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\i8\taldrvr11.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\frexup2.exe (Adware.AdSponsor) -> Quarantined and deleted successfully. C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\atmtd.dll (Adware.TargetSaver) -> Quarantined and deleted successfully. C:\WINDOWS\system32\atmtd.dll._ (Adware.TargetSaver) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tyvm.dll (Dialer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\runtime2.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\fkmdvbtn1.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\fkmdvbtn2.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\fkmdvbtn3.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Program Files\MalwareAlarm\MalwareAlarm.exe (Rogue.Malware.Alarm) -> Quarantined and deleted successfully. C:\Program Files\MalwareAlarm\MalwareAlarm.lic (Rogue.Malware.Alarm) -> Quarantined and deleted successfully. C:\Program Files\MalwareAlarm\MalwareAlarm0.ma (Rogue.Malware.Alarm) -> Quarantined and deleted successfully. C:\Program Files\MalwareAlarm\MalwareAlarm1.ma (Rogue.Malware.Alarm) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\bg1.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\bgtop.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\bottom1.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\essentials.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\icon1.ico (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\install1.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\left1.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\li.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\logo.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\main.htm (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\mainframe.htm (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\reinstall1.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\right1.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\s1.htm (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\s2.htm (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\s3.htm (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\SMTop1.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\SMTop2.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\SMTop3.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\SMTop4.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\soft1_off.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\soft1_off_ext.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\soft1_on.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\soft1_on_ext.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\soft2_off.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\soft2_off_ext.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\soft2_on.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\soft2_on_ext.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\soft3_off.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\soft3_off_ext.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\soft3_on.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\soft3_on_ext.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\softbottom_off.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\softbottom_on.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\softleft_off.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\softleft_on.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\top1.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\top2.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\turnoff1.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkmdvbtn\turnon1.gif (Rogue.Installers) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winzci32.dll (Dialer) -> Quarantined and deleted successfully. C:\Install (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\9_exception.nls (Trojan.Tibs) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Quarantined and deleted successfully.
  7. here's the log WinXP_EN_HOM_BF.EXE [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
  8. Mcaffee asked me if i trusted the program and i clicked yes, at startup. Not sure if that affected anything. Here's the log for combo fix ComboFix 08-04-11.8 - Robert 2008-04-12 14:20:03.1 - NTFSx86 Running from: C:\Documents and Settings\Robert\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Dazzz\My Documents\STEM~1 C:\Documents and Settings\Dazzz\My Documents\STEM~1\r?ndll.exe C:\Documents and Settings\Dazzz\Start Menu\Programs\Internet Speed Monitor C:\Documents and Settings\Dazzz\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk C:\Documents and Settings\Dazzz\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk C:\Documents and Settings\Dazzz\Start Menu\Programs\Outerinfo C:\Documents and Settings\Dazzz\Start Menu\Programs\Outerinfo\Terms.lnk C:\Documents and Settings\Dazzz\Start Menu\Programs\Outerinfo\Uninstall.lnk C:\Program Files\E404 Helper C:\Program Files\E404 Helper\e404.v1.dll C:\Program Files\ISM C:\Program Files\ISM\BndDrive5.dll C:\Program Files\ISM\bndloader.exe C:\Program Files\ISM\ism.exe C:\Program Files\ISM\Uninstall.exe C:\Program Files\ISM2 C:\Program Files\ISM2\ISMPack6.exe C:\Program Files\network monitor C:\Program Files\outerinfo C:\Program Files\outerinfo\Terms.rtf C:\Program Files\SecCenter C:\Program Files\web buying C:\Program Files\web buying\v1.8.5\wbuninst.exe C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\temp\tn3 C:\WINDOWS\BM23d98290.xml C:\WINDOWS\Casino.ico C:\WINDOWS\Free Online Dating.ico C:\WINDOWS\pskt.ini C:\WINDOWS\RGFhenp6\ C:\WINDOWS\RGFhenp6\\l3I1yBDd.vbs C:\WINDOWS\Spyware Remover.ico C:\WINDOWS\system32\a13 C:\WINDOWS\system32\diucsmis.ini C:\WINDOWS\system32\e2 C:\WINDOWS\system32\e2\caws83122.exe C:\WINDOWS\system32\g1 C:\WINDOWS\system32\i8 C:\WINDOWS\system32\i8\taldrvr11.exe C:\WINDOWS\system32\ilkkj.bak1 C:\WINDOWS\system32\ilkkj.bak2 C:\WINDOWS\system32\ilkkj.ini C:\WINDOWS\system32\ilkkj.tmp C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\scurit~1 C:\WINDOWS\system32\scurit~1\s?curity\ C:\WINDOWS\system32\x22 C:\WINDOWS\TTC-4444.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CMDSERVICE -------\Legacy_CORE -------\Legacy_NETWORK_MONITOR -------\Legacy_RUNTIME -------\Legacy_RUNTIME2 -------\Service_cmdService -------\Service_Network Monitor -------\Service_runtime ((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 ))))))))))))))))))))))))))))))) . 2008-04-10 08:55 . 2008-04-10 08:55 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico 2008-04-10 08:42 . 2008-04-10 23:10 <DIR> d-------- C:\Documents and Settings\Dazzz\Application Data\AVG7 2008-04-09 23:20 . 2008-04-09 23:20 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\vlc 2008-04-09 02:00 . 2008-04-09 02:00 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-09 01:08 . 2008-04-09 01:08 <DIR> d-------- C:\Program Files\Panda Security 2008-04-07 07:42 . 2008-04-07 07:42 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Netscape 2008-04-06 23:06 . 2008-04-06 23:06 29 --a------ C:\WINDOWS\system32\20eaa382 2008-04-06 22:37 . 2008-04-09 08:59 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\AVG7 2008-04-06 22:36 . 2008-04-06 22:36 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7 2008-04-06 22:35 . 2008-04-06 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-06 22:35 . 2008-04-09 00:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-04-06 22:22 . 2008-04-06 22:22 0 --a------ C:\WINDOWS\system32\winzci32.dll 2008-04-06 22:20 . 2008-04-06 22:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Netscape . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-07 09:13 --------- d-----w C:\Program Files\The Queen Of Fighters 2008-04-07 09:13 --------- d-----w C:\Program Files\Omqkkbba 2008-04-07 09:13 --------- d-----w C:\Program Files\MalwareAlarm 2008-04-07 09:13 --------- d-----w C:\Program Files\janwtafw 2007-10-30 05:51 40,183 --sh--w C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe 2007-10-30 05:48 41,723 --sh--w C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe 2007-10-21 22:44 87,608 ----a-w C:\Documents and Settings\Dazzz\Application Data\inst.exe 2007-10-21 22:44 47,360 ----a-w C:\Documents and Settings\Dazzz\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A8C2C57-93A7-0675-5A40-098909C6F6CC}] C:\Program Files\Omqkkbba\mhncilog.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32D86833-4023-4190-4FA9-B102718BFDBB}] C:\Program Files\MSN Gaming Zone\viliw.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A6EAAD6-5237-4C52-85FC-D261E61F2408}] C:\Program Files\Online Services\ryzydyhip4444.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40f8fb2e-5262-48c1-b361-5c5449e42c1a}] C:\WINDOWS\system32\hoqovbjn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4FFBE87B-E96A-4EED-8D70-34383A8E5FD8}] C:\Program Files\Online Services\ryzydyhip83122.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57A03C5D-6084-4330-835A-6836E8C0A7D7}] C:\WINDOWS\system32\jkkli.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d0b26dee-11fe-4a27-b4b5-bd261f2ea3db}] C:\WINDOWS\system32\dnbydgq.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0C8372C-A6E5-A347-E85B-FC8A45F77CE1}] 2007-10-18 10:22 60928 --a------ C:\WINDOWS\system32\tyvm.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 21:07 158208] "VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [ ] "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [ ] "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [ ] "McLogLch_exe"="C:\Program Files\McAfee\MSC\McLogLch.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-06 22:35 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxyvvw] byxyvvw.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzci32] winzci32.dll 2008-04-06 22:22 0 C:\WINDOWS\system32\winzci32.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Dazzz^Start Menu^Programs^Startup^BitTorrent.lnk] path=C:\Documents and Settings\Dazzz\Start Menu\Programs\Startup\BitTorrent.lnk backup=C:\WINDOWS\pss\BitTorrent.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0096601157928040mcinstcleanup] C:\DOCUME~1\Dazzz\LOCALS~1\Temp\009660~1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\180ClientStubInstall] C:\DOCUME~1\Dazzz\LOCALS~1\Temp\nss23.tmp [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\20eab10c] C:\WINDOWS\system32\simscuid.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a--c--- 2005-08-05 21:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] --a------ 2008-04-06 22:35 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp] C:\WINDOWS\avp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG] --a--c--- 2003-08-29 05:59 122880 C:\WINDOWS\BCMSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM23d98290] C:\WINDOWS\system32\vlectpib.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive] C:\WINDOWS\system32\drvtih.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a--c--- 2004-08-03 21:07 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISMPack6] C:\Program Files\ISM2\ISMPack6.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a--c--- 2004-06-14 17:18 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a--c--- 2004-06-14 17:18 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGA6P_0001_N122M2210] C:\DOCUME~1\Dazzz\LOCALS~1\Temp\install_en.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Oesn] C:\WINDOWS\system32\SCURIT~1\svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ofafshcp] C:\Program Files\janwtafw\zkpyrwzm.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\plite731] C:\WINDOWS\plite731.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rkxgpabu] regsvr32 /u C:\Documents and Settings\All Users\Application Data\rkxgpabu.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2005-01-08 18:43 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vlik] C:\Documents and Settings\Dazzz\My Documents\??stem\r?ndll.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying] C:\Program Files\Web Buying\v1.8.5\webbuying.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave] C:\Program Files\Save\Save.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winshow] C:\WINDOWS\winshow.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "xmlprov"=3 (0x3) "WZCSVC"=2 (0x2) "WudfSvc"=3 (0x3) "wuauserv"=2 (0x2) "wscsvc"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "WmiApSrv"=3 (0x3) "Wmi"=3 (0x3) "WmdmPmSN"=3 (0x3) "winmgmt"=2 (0x2) "WebClient"=2 (0x2) "W32Time"=2 (0x2) "VSS"=3 (0x3) "UPS"=3 (0x3) "upnphost"=3 (0x3) "TrkWks"=2 (0x2) "Themes"=2 (0x2) "TermService"=3 (0x3) "TapiSrv"=3 (0x3) "SysmonLog"=3 (0x3) "SwPrv"=3 (0x3) "stisvc"=3 (0x3) "SSDPSRV"=3 (0x3) "srservice"=2 (0x2) "Spooler"=2 (0x2) "ShellHWDetection"=2 (0x2) "SharedAccess"=2 (0x2) "SENS"=2 (0x2) "seclogon"=2 (0x2) "Schedule"=2 (0x2) "SCardSvr"=3 (0x3) "SamSs"=2 (0x2) "RSVP"=3 (0x3) "RemoteRegistry"=2 (0x2) "RDSessMgr"=3 (0x3) "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "ProtectedStorage"=2 (0x2) "PolicyAgent"=2 (0x2) "PlugPlay"=2 (0x2) "ose"=3 (0x3) "NtmsSvc"=3 (0x3) "NtLmSsp"=3 (0x3) "Nla"=3 (0x3) "Network Monitor"=2 (0x2) "Netman"=2 (0x2) "Netlogon"=3 (0x3) "MSIServer"=2 (0x2) "MSDTC"=3 (0x3) "MpfService"=2 (0x2) "mnmsrvc"=3 (0x3) "MDM"=2 (0x2) "McSysmon"=3 (0x3) "McShield"=2 (0x2) "McRedirector"=2 (0x2) "mcpromgr"=2 (0x2) "McODS"=2 (0x2) "McNASvc"=2 (0x2) "mcmscsvc"=2 (0x2) "mcmispupdmgr"=3 (0x3) "McAfee HackerWatch Service"=2 (0x2) "LmHosts"=2 (0x2) "lanmanworkstation"=2 (0x2) "lanmanserver"=2 (0x2) "ImapiService"=3 (0x3) "HTTPFilter"=2 (0x2) "helpsvc"=2 (0x2) "FastUserSwitchingCompatibility"=3 (0x3) "EventSystem"=3 (0x3) "Eventlog"=2 (0x2) "ERSvc"=2 (0x2) "Emproxy"=2 (0x2) "Dnscache"=2 (0x2) "dmserver"=2 (0x2) "dmadmin"=3 (0x3) "Dhcp"=2 (0x2) "CryptSvc"=3 (0x3) "COMSysApp"=3 (0x3) "cmdService"=2 (0x2) "clr_optimization_v2.0.50727_32"=3 (0x3) "CiSvc"=3 (0x3) "Browser"=2 (0x2) "BITS"=2 (0x2) "AudioSrv"=2 (0x2) "ATI Smart"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "aspnet_state"=3 (0x3) "AppMgmt"=3 (0x3) "ALG"=3 (0x3) "AVGEMS"=2 (0x2) "Avg7Alrt"=2 (0x2) "Avg7UpdSvc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Valve\\Steam\\Steam.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\Netscape\\Netscape\\Netscp.exe"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "C:\\Program Files\\LucasArts\\Jedi Knight\\JK.EXE"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\qazwsx90\\half-life 2\\hl2.exe"= "C:\\Program Files\\Java\\j2re1.4.1_02\\bin\\javaw.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\qazwsx90\\lostcoast\\hl2.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= . Contents of the 'Scheduled Tasks' folder "2007-10-26 21:45:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-10-15 05:06:59 C:\WINDOWS\Tasks\McDefragTask.job" - C:\WINDOWS\system32\defrag.exe "2006-09-10 22:41:44 C:\WINDOWS\Tasks\McQcTask.job" - c:\program files\mcafee\mqc\QcConsol.exe . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-12 14:29:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\tsd32.dll . ------------------------ Other Running Processes ------------------------ . C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe C:\PROGRA~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\PROGRA~1\McAfee\MSC\mcuimgr.exe . ************************************************************************** . Completion time: 2008-04-12 14:34:08 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-12 18:34:00 Pre-Run: 14,043,951,104 bytes free Post-Run: 14,221,381,632 bytes free . 2007-10-11 11:52:12 --- E O F --- here's the log for hijack this Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:49:11 PM, on 4/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2A8C2C57-93A7-0675-5A40-098909C6F6CC} - C:\Program Files\Omqkkbba\mhncilog.dll (file missing) O2 - BHO: 0 - {32D86833-4023-4190-4FA9-B102718BFDBB} - C:\Program Files\MSN Gaming Zone\viliw.dll (file missing) O2 - BHO: (no name) - {3A6EAAD6-5237-4C52-85FC-D261E61F2408} - C:\Program Files\Online Services\ryzydyhip4444.dll (file missing) O2 - BHO: {a1c24e94-45c5-163b-1c84-2625e2bf8f04} - {40f8fb2e-5262-48c1-b361-5c5449e42c1a} - C:\WINDOWS\system32\hoqovbjn.dll (file missing) O2 - BHO: (no name) - {4FFBE87B-E96A-4EED-8D70-34383A8E5FD8} - C:\Program Files\Online Services\ryzydyhip83122.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {57A03C5D-6084-4330-835A-6836E8C0A7D7} - C:\WINDOWS\system32\jkkli.dll (file missing) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll O2 - BHO: (no name) - {d0b26dee-11fe-4a27-b4b5-bd261f2ea3db} - C:\WINDOWS\system32\dnbydgq.dll (file missing) O2 - BHO: (no name) - {E0C8372C-A6E5-A347-E85B-FC8A45F77CE1} - C:\WINDOWS\system32\tyvm.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [McLogLch_exe] C:\Program Files\McAfee\MSC\McLogLch.exe O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4DA768AF-423F-4F8E-A186-2D29BB0B4E2F}: NameServer = 85.255.113.90,85.255.112.5 O17 - HKLM\System\CCS\Services\Tcpip\..\{ED22A177-047C-47D2-A5D0-1B0841471490}: NameServer = 85.255.113.90,85.255.112.5 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5 O17 - HKLM\System\CS1\Services\Tcpip\..\{4DA768AF-423F-4F8E-A186-2D29BB0B4E2F}: NameServer = 85.255.113.90,85.255.112.5 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5 O17 - HKLM\System\CS2\Services\Tcpip\..\{4DA768AF-423F-4F8E-A186-2D29BB0B4E2F}: NameServer = 85.255.113.90,85.255.112.5 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5 O17 - HKLM\System\CS3\Services\Tcpip\..\{4DA768AF-423F-4F8E-A186-2D29BB0B4E2F}: NameServer = 85.255.113.90,85.255.112.5 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5 O20 - Winlogon Notify: byxyvvw - byxyvvw.dll (file missing) O20 - Winlogon Notify: winzci32 - C:\WINDOWS\SYSTEM32\winzci32.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe -- End of file - 7210 bytes
  9. i've got this thing named startdrv, in my windows temp folder, which starts on startup, even though i tried to turn it off, and i can't manually delete it, and it at some point all my services were disabled, had to go into the services manager to manually turn some on to even connect to the internet, except rpc, which i can't modify. I ran avg viruscan, it found startdrv, and after it said it was removed, it's still there. Please help me, here's the log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:01:21 AM, on 4/9/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe C:\PROGRA~1\McAfee.com\Agent\McAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\mmc.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\Program Files\McAfee\MPF\MPFSrv.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\PROGRA~1\mcafee\msc\mcuimgr.exe c:\program files\mcafee\msc\mcshell.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Grisoft\AVG7\avgwb.dat C:\Program Files\Netscape\Navigator 9\navigator.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2A8C2C57-93A7-0675-5A40-098909C6F6CC} - C:\Program Files\Omqkkbba\mhncilog.dll (file missing) O2 - BHO: 0 - {32D86833-4023-4190-4FA9-B102718BFDBB} - C:\Program Files\MSN Gaming Zone\viliw.dll (file missing) O2 - BHO: (no name) - {3A6EAAD6-5237-4C52-85FC-D261E61F2408} - C:\Program Files\Online Services\ryzydyhip4444.dll (file missing) O2 - BHO: {a1c24e94-45c5-163b-1c84-2625e2bf8f04} - {40f8fb2e-5262-48c1-b361-5c5449e42c1a} - C:\WINDOWS\system32\hoqovbjn.dll (file missing) O2 - BHO: (no name) - {4FFBE87B-E96A-4EED-8D70-34383A8E5FD8} - C:\Program Files\Online Services\ryzydyhip83122.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {57A03C5D-6084-4330-835A-6836E8C0A7D7} - C:\WINDOWS\system32\jkkli.dll (file missing) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll O2 - BHO: (no name) - {86882CA4-BE70-4BCE-AEA5-CF40EB8E0BC3} - C:\WINDOWS\system32\byxyvvw.dll (file missing) O2 - BHO: BndDrive2 BHO Class - {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} - C:\Program Files\ISM\BndDrive5.dll O2 - BHO: (no name) - {d0b26dee-11fe-4a27-b4b5-bd261f2ea3db} - C:\WINDOWS\system32\dnbydgq.dll (file missing) O2 - BHO: (no name) - {E0C8372C-A6E5-A347-E85B-FC8A45F77CE1} - C:\WINDOWS\system32\tyvm.dll O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v1.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [McLogLch_exe] C:\Program Files\McAfee\MSC\McLogLch.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?') O4 - HKUS\S-1-5-21-796845957-1078081533-1801674531-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4DA768AF-423F-4F8E-A186-2D29BB0B4E2F}: NameServer = 85.255.113.90,85.255.112.5 O17 - HKLM\System\CCS\Services\Tcpip\..\{ED22A177-047C-47D2-A5D0-1B0841471490}: NameServer = 85.255.113.90,85.255.112.5 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5 O17 - HKLM\System\CS1\Services\Tcpip\..\{4DA768AF-423F-4F8E-A186-2D29BB0B4E2F}: NameServer = 85.255.113.90,85.255.112.5 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5 O17 - HKLM\System\CS2\Services\Tcpip\..\{4DA768AF-423F-4F8E-A186-2D29BB0B4E2F}: NameServer = 85.255.113.90,85.255.112.5 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5 O17 - HKLM\System\CS3\Services\Tcpip\..\{4DA768AF-423F-4F8E-A186-2D29BB0B4E2F}: NameServer = 85.255.113.90,85.255.112.5 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5 O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll O20 - Winlogon Notify: byxyvvw - byxyvvw.dll (file missing) O20 - Winlogon Notify: winzci32 - C:\WINDOWS\SYSTEM32\winzci32.dll O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe -- End of file - 7437 bytes