Jump to content

help me remove Worm.Win32.NetSky


junior40
 Share

Recommended Posts

somebody please help me remove this horrible virus my computer is running so slow i did a hijackthis file log but after that i have no idea what to do, please someone help me! I posted here before for help and it was great, the person helped me and fixed all of my problems so i'll post here again to see if they can help me with this virus!! thanks guys :angry:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:22:41 PM, on 11/22/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe

C:\WINDOWS\system32\tbctray.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

c:\program files\mcafee.com\agent\mcdetect.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe

C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\JR\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O3 - Toolbar: The jokwmp - {459C681F-AA94-49B7-A55B-110D924E5FCE} - C:\WINDOWS\jokwmp.dll (file missing)

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup

O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL

O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://sln.lasalle.edu/iNotes6W.cab

O21 - SSODL: rmvgor - {8B16C638-553E-4067-962A-2268EDDE0A33} - C:\WINDOWS\rmvgor.dll

O21 - SSODL: sapnet - {F9EF8D5B-4072-44BF-B287-E9F205D2AD28} - C:\WINDOWS\sapnet.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--

End of file - 9950 bytes

Link to post
Share on other sites

Sorry to see you back Junior40. :angry: Sorry to have you back under these circumstances is what I mean. You are indeed infected again.

I need you to do a few things for me. First move HJT from your desktop to your program files. Second, uninstall your current Java and delete the program files. Then go here http://www.java.com/en/download/manual.jsp and install the correct version for your system. Choose the offline installation.

I would also recommend getting rid of Ares. P2P file sharing is extremely dangerous and often illegal.

Now please do the following.

Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix.

Download:

Use this URL to download the latest version (the file contains both English and French versions):

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

* Double-click SmitfraudFix.exe

* Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

Clean:

* Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)

* Double-click SmitfraudFix.exe

* Select 2 and hit Enter to delete infect files.

* You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.

* The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.

* A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

* Optional:

o To restore Trusted and Restricted site zone, select 3 and hit Enter.

o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.

Note:

process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

http://www.beyondlogic.org/consulting/proc...processutil.htm

Please post this log and a new HJT log in your next post.

Link to post
Share on other sites

hello, thanks for your help...i did what you said and i hope that i did it right...let me know what to do next, thanks

SmitFraudFix v2.240

Scan done at 22:06:27.70, Fri 11/23/2007

Run from C:\Documents and Settings\JR\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

Link to post
Share on other sites

Move HJT from your desktop to program files.

1. Download this file :

http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:

Do not mouseclick combofix's window while its running. That may cause it to stall

Post the log from Combofix and a new HJT log please.

Link to post
Share on other sites

i did what you said, hopefully i did it right

ComboFix 07-11-19.3 - JR 2007-11-24 16:59:48.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.178 [GMT -5:00]

Running from: C:\Documents and Settings\JR\Desktop\ComboFix(2).exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\JR\Desktop\Error Cleaner.url

C:\Documents and Settings\JR\Desktop\Privacy Protector.url

C:\Documents and Settings\JR\Desktop\Spyware&Malware Protection.url

C:\Documents and Settings\JR\Favorites\Error Cleaner.url

C:\Documents and Settings\JR\Favorites\Privacy Protector.url

C:\Documents and Settings\JR\Favorites\Spyware&Malware Protection.url

C:\Program Files\autorun.inf

C:\WINDOWS\dat.txt

C:\WINDOWS\privacy_danger

C:\WINDOWS\privacy_danger\images\capt.gif

C:\WINDOWS\privacy_danger\images\danger.jpg

C:\WINDOWS\privacy_danger\images\down.gif

C:\WINDOWS\privacy_danger\images\spacer.gif

C:\WINDOWS\privacy_danger\index.htm

C:\WINDOWS\rs.txt

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_MSDIRECTX

((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 )))))))))))))))))))))))))))))))

.

2007-11-23 21:19 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2007-11-23 21:00 5,387 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log

2007-11-23 20:54 <DIR> d-------- C:\Program Files\Java

2007-11-20 17:48 335,872 --a------ C:\WINDOWS\sapnet.dll

2007-11-20 17:48 294,912 --a------ C:\WINDOWS\rmvgor.dll

2007-11-20 17:48 151,552 --a------ C:\WINDOWS\nethop.exe

2007-11-20 17:44 <DIR> d-------- C:\Program Files\RichVideoCodec

2007-11-11 13:09 <DIR> d-------- C:\Program Files\Guitar Pro 5

2007-11-06 16:47 <DIR> d-------- C:\Program Files\iPod

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2070-01-01 00:00 --------- d-----w C:\Program Files\MacroStudioMX2004withFlashPro

2007-11-24 00:45 536 ----a-w C:\Program Files\Shortcut to HiJackThis.exe.lnk

2007-11-21 04:40 --------- d-----w C:\Documents and Settings\JR\Application Data\Azureus

2007-11-20 22:30 --------- d-----w C:\Program Files\AIMTunes

2007-11-13 20:45 --------- d-----w C:\Program Files\Common Files\Adobe

2007-11-04 23:33 --------- d-----w C:\Program Files\Full Tilt Poker

2007-10-21 21:01 --------- d-----w C:\Documents and Settings\JR\Application Data\QQ Games Plugin

2007-10-21 21:00 --------- d-----w C:\Program Files\AIM6

2007-10-21 20:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads

2007-10-21 20:57 --------- d-----w C:\Program Files\Tencent

2007-10-21 20:54 --------- d-----w C:\Program Files\Viewpoint

2007-10-21 20:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint

2007-10-21 20:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL

2007-10-14 20:42 --------- d-----w C:\Program Files\BitComet

2007-10-13 18:13 --------- d-----w C:\Program Files\Ares

2007-10-13 14:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2007-10-10 20:01 --------- d-----w C:\Program Files\Apple Software Update

2007-10-09 02:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus

2007-10-09 02:56 --------- d-----w C:\Program Files\Azureus

2007-10-06 13:30 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2006-04-07 15:19 25,512 -c--a-w C:\Documents and Settings\JR\Application Data\GDIPFONTCACHEV1.DAT

2005-04-22 10:07 184 -c--a-w C:\Program Files\Free-Codecs.txt

2003-10-01 09:52 73,332 -c--a-w C:\Program Files\eula.pdf

2003-10-01 09:52 5,110 -c--a-w C:\Program Files\contents.txt

2003-10-01 09:52 36,864 -c--a-w C:\Program Files\setup.exe

2003-10-01 09:52 17,252 -c--a-w C:\Program Files\readme.txt

2002-04-08 03:03 673 -c--a-w C:\Program Files\Read_Me.txt

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{459C681F-AA94-49B7-A55B-110D924E5FCE}"= C:\WINDOWS\jokwmp.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{459c681f-aa94-49b7-a55b-110d924e5fce}]

[HKEY_CLASSES_ROOT\jokwmp.ToolBar.1]

[HKEY_CLASSES_ROOT\TypeLib\{87B972E2-6D3B-40C9-82B0-2321637341DE}]

[HKEY_CLASSES_ROOT\jokwmp.ToolBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{23ED2206-856D-461A-BBCF-1C2466AC5AE3}"= C:\Program Files\Video Add-on\ictmdl.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{23ed2206-856d-461a-bbcf-1c2466ac5ae3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]

"areslite"="C:\Program Files\Ares Lite Edition\AresLite.exe" []

"Aim6"="" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]

"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 10:01]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 00:50]

"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 00:51]

"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]

"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 13:05]

"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 09:19]

"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 08:21]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2005-12-10 03:06 C:\WINDOWS\system32\nwiz.exe]

"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]

"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]

"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00]

"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]

"SNM"="C:\Program Files\SpyNoMore\SNM.exe" []

"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2007-10-19 20:16]

"iTunesHelper"="D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe" [2007-11-02 18:36]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"TraySantaCruz"="C:\WINDOWS\system32\tbctray.exe" [2002-04-03 14:47]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-01-26 13:32:43]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"rmvgor"= {8B16C638-553E-4067-962A-2268EDDE0A33} - C:\WINDOWS\rmvgor.dll [2007-11-20 13:41 294912]

"sapnet"= {F9EF8D5B-4072-44BF-B287-E9F205D2AD28} - C:\WINDOWS\sapnet.dll [2007-11-20 13:41 335872]

R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys

R3 tbcspud;Santa Cruz Driver;C:\WINDOWS\system32\drivers\tbcspud.sys

R3 tbcwdm;Santa Cruz WDM Driver;C:\WINDOWS\system32\drivers\tbcwdm.sys

S2 RVIEG01;VSC Engine;\??\C:\Program Files\Cakewalk\Shared Dxi\Roland\RVIEg01.sys

S3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys

S3 PNDIS5;PNDIS5 NDIS Protocol Driver;\??\F:\PNDIS5.SYS

S3 vtdg46xx;vtdg46xx;\??\C:\PROGRA~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys

.

Contents of the 'Scheduled Tasks' folder

"2007-10-25 14:57:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-24 17:17:42

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-24 17:20:15 - machine was rebooted

.

--- E O F ---

and a highjackthis log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:23:50 PM, on 11/24/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

c:\program files\mcafee.com\agent\mcdetect.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe

C:\WINDOWS\system32\tbctray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HighJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O3 - Toolbar: The jokwmp - {459C681F-AA94-49B7-A55B-110D924E5FCE} - C:\WINDOWS\jokwmp.dll (file missing)

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup

O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL

O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://sln.lasalle.edu/iNotes6W.cab

O21 - SSODL: rmvgor - {8B16C638-553E-4067-962A-2268EDDE0A33} - C:\WINDOWS\rmvgor.dll

O21 - SSODL: sapnet - {F9EF8D5B-4072-44BF-B287-E9F205D2AD28} - C:\WINDOWS\sapnet.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 8788 bytes

Link to post
Share on other sites

OK still evidence of infection. Run HJT again and put a check next to these items

O3 - Toolbar: The jokwmp - {459C681F-AA94-49B7-A55B-110D924E5FCE} - C:\WINDOWS\jokwmp.dll (file missing)

O21 - SSODL: rmvgor - {8B16C638-553E-4067-962A-2268EDDE0A33} - C:\WINDOWS\rmvgor.dll

O21 - SSODL: sapnet - {F9EF8D5B-4072-44BF-B287-E9F205D2AD28} - C:\WINDOWS\sapnet.dll

Reboot and post a new log please.

Link to post
Share on other sites

hopefully i did this right, i have a feeling i didn't but maybe i did B)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:34:42 PM, on 11/26/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

c:\program files\mcafee.com\agent\mcdetect.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe

C:\WINDOWS\system32\tbctray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HighJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup

O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL

O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://sln.lasalle.edu/iNotes6W.cab

O21 - SSODL: sapnet - {B8EA3E82-23FD-41D5-A3F1-76DD766690B4} - C:\WINDOWS\sapnet.dll

O21 - SSODL: rmvgor - {3F194DDB-D59E-49E4-A746-766DA4A2D991} - C:\WINDOWS\rmvgor.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 8649 bytes

Link to post
Share on other sites

Yes you are still infected. Uninstall the Ares Lite. Run HJT and put a check next to the items below then click fix.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h

O21 - SSODL: sapnet - {B8EA3E82-23FD-41D5-A3F1-76DD766690B4} - C:\WINDOWS\sapnet.dll

O21 - SSODL: rmvgor - {3F194DDB-D59E-49E4-A746-766DA4A2D991} - C:\WINDOWS\rmvgor.dll

Now follow the instructions for Smitfraud again. Don't use any program you might still have delete it and download a new version. Post the log from it and a new HJT please.

Link to post
Share on other sites

I left my computer on overnight and woke up with pop-ups everywhere and my desktop backround is still red with that biohazard sign...ahhh. My Mcafee security keeps blocking this trojan some kind of puper or something, but anyways its still infected. I will wait for further instructions, hopefully I did the above post correctly. B) Thank you Jean for your help so far!!!

Link to post
Share on other sites

You posted a log from Smitfraud run in October

Scan done at 16:51:57.48, Sun 10/14/2007

Delete those old logs...delete any old programs you have from the first time you were here except HJT and run the Smitfraud scan again please. Do not leave the PC connected to the net unattended.

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:13:49 PM, on 11/28/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe

C:\WINDOWS\system32\tbctray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\PROGRA~1\McAfee\MSC\mclogsrv.exe

C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\PROGRA~1\McAfee\MSC\mctskshd.exe

C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe

c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Azureus\Azureus.exe

C:\Program Files\HighJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [0251961196304193mcinstcleanup] C:\DOCUME~1\JR\LOCALS~1\Temp\025196~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog

O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup

O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL

O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://sln.lasalle.edu/iNotes6W.cab

O21 - SSODL: sapnet - {BA9D3F44-D0EB-441E-ADCE-478EF7EA7D57} - C:\WINDOWS\sapnet.dll

O21 - SSODL: rmvgor - {067AB3C3-869D-4ABF-ACBC-AB76550A115D} - C:\WINDOWS\rmvgor.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe

O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--

End of file - 9457 bytes

Link to post
Share on other sites

OK still not clean. Run HJT and put a check next to these:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

O21 - SSODL: sapnet - {BA9D3F44-D0EB-441E-ADCE-478EF7EA7D57} - C:\WINDOWS\sapnet.dll

O21 - SSODL: rmvgor - {067AB3C3-869D-4ABF-ACBC-AB76550A115D} - C:\WINDOWS\rmvgor.dll

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Click fix and then please follow the directions below.

1. Download this file :

http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:

Do not mouseclick combofix's window while its running. That may cause it to stall

Link to post
Share on other sites

here is the log you asked for hope it helps B)

ComboFix 07-11-19.4C - JR 2007-11-29 17:53:37.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.498 [GMT -5:00]

Running from: C:\Documents and Settings\JR\Desktop\ComboFix(4).exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\JR\Desktop\Error Cleaner.url

C:\Documents and Settings\JR\Desktop\Privacy Protector.url

C:\Documents and Settings\JR\Desktop\Spyware&Malware Protection.url

C:\Documents and Settings\JR\Favorites\Error Cleaner.url

C:\Documents and Settings\JR\Favorites\Privacy Protector.url

C:\Documents and Settings\JR\Favorites\Spyware&Malware Protection.url

C:\WINDOWS\privacy_danger

C:\WINDOWS\privacy_danger\images\capt.gif

C:\WINDOWS\privacy_danger\images\danger.jpg

C:\WINDOWS\privacy_danger\images\down.gif

C:\WINDOWS\privacy_danger\images\spacer.gif

C:\WINDOWS\privacy_danger\index.htm

.

((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))

.

2007-11-28 21:56 <DIR> d-------- C:\Program Files\SiteAdvisor

2007-11-28 21:56 <DIR> d-------- C:\Documents and Settings\JR\Application Data\SiteAdvisor

2007-11-28 21:52 104,024 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys

2007-11-28 21:43 <DIR> d-------- C:\Program Files\McAfee

2007-11-28 21:43 <DIR> d-------- C:\Program Files\Common Files\McAfee

2007-11-28 21:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee

2007-11-24 17:21 <DIR> d-------- C:\Program Files\HighJackThis

2007-11-23 21:19 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2007-11-23 20:54 <DIR> d-------- C:\Program Files\Java

2007-11-20 17:48 335,872 --a------ C:\WINDOWS\sapnet.dll

2007-11-20 17:48 294,912 --a------ C:\WINDOWS\rmvgor.dll

2007-11-20 17:48 151,552 --a------ C:\WINDOWS\nethop.exe

2007-11-20 17:44 <DIR> d-------- C:\Program Files\RichVideoCodec

2007-11-11 13:09 <DIR> d-------- C:\Program Files\Guitar Pro 5

2007-11-06 16:47 <DIR> d-------- C:\Program Files\iPod

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2070-01-01 00:00 --------- d-----w C:\Program Files\MacroStudioMX2004withFlashPro

2007-11-29 22:46 --------- d-----w C:\Documents and Settings\JR\Application Data\Azureus

2007-11-28 21:27 4,520 ----a-w C:\WINDOWS\system32\tmp.reg

2007-11-28 02:41 --------- d-----w C:\Program Files\Ares

2007-11-26 23:23 678 ----a-w C:\Program Files\Shortcut to HiJackThis.exe.lnk

2007-11-20 22:30 --------- d-----w C:\Program Files\AIMTunes

2007-11-13 20:45 --------- d-----w C:\Program Files\Common Files\Adobe

2007-11-04 23:33 --------- d-----w C:\Program Files\Full Tilt Poker

2007-10-21 21:01 --------- d-----w C:\Documents and Settings\JR\Application Data\QQ Games Plugin

2007-10-21 21:00 --------- d-----w C:\Program Files\AIM6

2007-10-21 20:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads

2007-10-21 20:57 --------- d-----w C:\Program Files\Tencent

2007-10-21 20:54 --------- d-----w C:\Program Files\Viewpoint

2007-10-21 20:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint

2007-10-21 20:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL

2007-10-14 20:42 --------- d-----w C:\Program Files\BitComet

2007-10-13 14:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2007-10-10 20:01 --------- d-----w C:\Program Files\Apple Software Update

2007-10-09 02:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus

2007-10-09 02:56 --------- d-----w C:\Program Files\Azureus

2007-10-06 13:30 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2007-10-04 04:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe

2007-09-06 04:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe

2006-04-07 15:19 25,512 -c--a-w C:\Documents and Settings\JR\Application Data\GDIPFONTCACHEV1.DAT

2005-04-22 10:07 184 -c--a-w C:\Program Files\Free-Codecs.txt

2003-10-01 09:52 73,332 -c--a-w C:\Program Files\eula.pdf

2003-10-01 09:52 5,110 -c--a-w C:\Program Files\contents.txt

2003-10-01 09:52 36,864 -c--a-w C:\Program Files\setup.exe

2003-10-01 09:52 17,252 -c--a-w C:\Program Files\readme.txt

2002-04-08 03:03 673 -c--a-w C:\Program Files\Read_Me.txt

.

((((((((((((((((((((((((((((( snapshot@2007-11-24_17.19.25.82 )))))))))))))))))))))))))))))))))))))))))

.

- 2004-10-13 00:06:17 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2007-11-29 20:14:31 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2004-10-13 00:06:17 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2007-11-29 20:14:31 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2004-10-13 00:06:17 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2007-11-29 20:14:31 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2007-11-24 22:18:37 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2007-11-29 22:54:26 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2007-11-24 22:18:38 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2007-11-29 22:54:27 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{23ED2206-856D-461A-BBCF-1C2466AC5AE3}"= C:\Program Files\Video Add-on\ictmdl.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{23ed2206-856d-461a-bbcf-1c2466ac5ae3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim6"="" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]

"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 10:01]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 00:50]

"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 00:51]

"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]

"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 13:05]

"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 09:19]

"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 08:21]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]

"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00]

"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]

"SNM"="C:\Program Files\SpyNoMore\SNM.exe" []

"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2007-10-19 20:16]

"iTunesHelper"="D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe" [2007-11-02 18:36]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"TraySantaCruz"="C:\WINDOWS\system32\tbctray.exe" [2002-04-03 14:47]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-01-26 13:32:43]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"sapnet"= {D8FE4152-6574-42AF-9457-9065C49B075C} - C:\WINDOWS\sapnet.dll [2007-11-20 13:41 335872]

"rmvgor"= {7B8CADDB-42F5-471B-9541-DE1B6A6CD0E1} - C:\WINDOWS\rmvgor.dll [2007-11-20 13:41 294912]

R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys

R3 tbcspud;Santa Cruz Driver;C:\WINDOWS\system32\drivers\tbcspud.sys

R3 tbcwdm;Santa Cruz WDM Driver;C:\WINDOWS\system32\drivers\tbcwdm.sys

S2 RVIEG01;VSC Engine;\??\C:\Program Files\Cakewalk\Shared Dxi\Roland\RVIEg01.sys

S3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys

S3 PNDIS5;PNDIS5 NDIS Protocol Driver;\??\F:\PNDIS5.SYS

S3 vtdg46xx;vtdg46xx;\??\C:\PROGRA~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys

*Newly Created Service* - ENTDRV51

.

Contents of the 'Scheduled Tasks' folder

"2007-11-29 15:57:49 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2007-11-29 02:49:14 C:\WINDOWS\Tasks\McDefragTask.job"

- C:\WINDOWS\system32\defrag.exe

"2007-11-29 02:49:12 C:\WINDOWS\Tasks\McQcTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe.4158 0

.

**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-29 17:59:37

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

Completion time: 2007-11-29 18:01:11

C:\ComboFix2.txt ... 2007-11-24 17:20

.

--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:05:42 PM, on 11/29/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe

C:\WINDOWS\system32\tbctray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HighJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup

O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL

O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://sln.lasalle.edu/iNotes6W.cab

O21 - SSODL: sapnet - {D8FE4152-6574-42AF-9457-9065C49B075C} - C:\WINDOWS\sapnet.dll

O21 - SSODL: rmvgor - {7B8CADDB-42F5-471B-9541-DE1B6A6CD0E1} - C:\WINDOWS\rmvgor.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 8836 bytes

Link to post
Share on other sites

Hi please get this program

Author: Option^Explicit Download Location

License: Freeware KillBox Download Link http://download.bleepingcomputer.com/spyware/KillBox.exe

Operating System: Windows

File Description:

Pocket KillBox is a program that can be used to get rid of files that stubbornly refuse to allow you to delete them.

Usage Information:

Download this file and run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted.

Put these files into it C:\WINDOWS\sapnet.dll

C:\WINDOWS\rmvgor.dll

Then post a new HJT log.

Link to post
Share on other sites

I did what you said and on the program it said that C:\WINDOWS\rmvgor.dll did not exist but it deleted the other file, and my desktop says its in Active Desktop Recovery...i dont know if the virus is gone but my computer still runs slow, hopefully i did this right

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:30:57 PM, on 12/2/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\tbctray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\HighJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL

O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://sln.lasalle.edu/iNotes6W.cab

O21 - SSODL: sapnet - {D8FE4152-6574-42AF-9457-9065C49B075C} - C:\WINDOWS\sapnet.dll (file missing)

O21 - SSODL: rmvgor - {7B8CADDB-42F5-471B-9541-DE1B6A6CD0E1} - C:\WINDOWS\rmvgor.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--

End of file - 8697 bytes

Link to post
Share on other sites

Ok, I finally was able to do the panda scan so hopefully I did this right, and also here is a new HJT log....oh and i did do the rougeremover didnt know if there was a log I had to post for that.

Incident Status Location

Adware:adware/exact.bargainbuddy Not disinfected c:\windows\system32\bbchk.exe

Potentially unwanted tool:application/mywebsearch Not disinfected hkey_current_user\software\MyWebSearch

Potentially unwanted tool:application/funweb Not disinfected hkey_local_machine\software\Fun Web Products

Adware:adware/seekmo Not disinfected Windows Registry

Adware:adware/pacimedia Not disinfected Windows Registry

Adware:adware/exact.searchbar Not disinfected Windows Registry

Adware:adware/wupd Not disinfected Windows Registry

Spyware:spyware/media-motor Not disinfected Windows Registry

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.ads.pointroll.com/]

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.ads.pointroll.com/]

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.ads.pointroll.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[stat.onestat.com/]

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.adrevolver.com/]

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.questionmarket.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.go.com/]

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.ehg-dig.hitbox.com/]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.advertising.com/]

Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.bluestreak.com/]

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.zedo.com/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.ad.yieldmanager.com/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.fastclick.net/]

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.overture.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.serving-sys.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.bs.serving-sys.com/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.com.com/]

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.adultfriendfinder.com/]

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.realmedia.com/]

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.perf.overture.com/]

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.xiti.com/]

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.apmebf.com/]

Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[www.burstbeacon.com/]

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.burstnet.com/]

Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.tradedoubler.com/]

Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.weborama.fr/]

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.trafficmp.com/]

Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.yadro.ru/]

Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.azjmp.com/]

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.ehg.hitbox.com/]

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.casalemedia.com/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\JR\Cookies\jr@112.2o7[1].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\JR\Cookies\jr@advertising[1].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\JR\Cookies\jr@atwola[1].txt

Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\JR\Cookies\jr@bfast[2].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\JR\Cookies\jr@cgi-bin[2].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\JR\Cookies\jr@cgi-bin[3].txt

Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\JR\Cookies\jr@citi.bridgetrack[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\JR\Cookies\jr@com[2].txt

Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\JR\Cookies\jr@cs.sexcounter[2].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\JR\Cookies\jr@doubleclick[1].txt

Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\JR\Cookies\jr@drivecleaner[2].txt

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\JR\Cookies\jr@ehg-dig.hitbox[1].txt

Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\JR\Cookies\jr@entrepreneur[2].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\JR\Cookies\jr@fastclick[1].txt

Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\JR\Cookies\jr@go.drivecleaner[1].txt

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\JR\Cookies\jr@hg1.hitbox[1].txt

Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\JR\Cookies\jr@stats.drivecleaner[2].txt

Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\JR\Cookies\jr@valueclick[2].txt

Spyware:Cookie/AntiVirGear Not disinfected C:\Documents and Settings\JR\Cookies\jr@www.antivirgear[2].txt

Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\JR\Cookies\jr@www.drivecleaner[1].txt

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\JR\Desktop\ComboFix(2).exe[nircmd.exe]

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\JR\Desktop\ComboFix(2).exe[nircmd.cfexe]

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\JR\Desktop\ComboFix(4).exe[nircmd.exe]

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\JR\Desktop\ComboFix(4).exe[nircmd.cfexe]

Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\JR\Desktop\fdvdcodecs.exe[NNCLXA638.EXE]

Potentially unwanted tool:Application/MyWay Not disinfected C:\Documents and Settings\JR\Desktop\fdvdcodecs.exe[s4BarSp.exe]

Adware:Adware/ClockSync Not disinfected C:\Documents and Settings\JR\Desktop\fdvdcodecs.exe[VVSNInst.exe]

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\JR\Desktop\SmitfraudFix\Process.exe

Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\JR\Desktop\SmitfraudFix\restart.exe

Virus:Generic Malware Not disinfected C:\Documents and Settings\JR\Desktop\spynomore.exe[snmIeGuard.dll]

Virus:Generic Malware Not disinfected C:\Documents and Settings\JR\Desktop\spynomore.exe[sNM.exe]

Adware:Adware/NewMediaCodec Not disinfected C:\Documents and Settings\JR\Local Settings\Temp\ac8zt2.dat[ac8zt2/msmhost.dll]

Adware:Adware/AdwareRemover2007 Not disinfected C:\Documents and Settings\JR\Local Settings\Temporary Internet Files\Content.IE5\NV7KYYXZ\install1216[1].cab[setup.exe]

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\JR\SmitfraudFix\Process.exe

Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\JR\SmitfraudFix\restart.exe

Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\K-Lite Codec Pack\K-Lite Codec Pack\XviD-1.0.2-Setup.exe[gunist.exe]

Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\K-Lite Codec Pack\K-Lite Codec Pack\XviD-1.0.2-Setup.exe[gunist.exe][proxya.exe]

Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe

Potentially unwanted tool:Application/SuperFast Not disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\restart.exe

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe

Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe

Potentially unwanted tool:Application/Processor Not disinfected D:\SmitfraudFix\Process.exe

Virus:Trj/Rebooter.J Disinfected D:\SmitfraudFix\Reboot.exe

Potentially unwanted tool:Application/SuperFast Not disinfected D:\SmitfraudFix\restart.exe

Virus:Trj/Rebooter.J

HighJackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:20:11 AM, on 12/4/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\tbctray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\SiteAdvisor\SiteAdv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\HighJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL

O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://sln.lasalle.edu/iNotes6W.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O21 - SSODL: sapnet - {D8FE4152-6574-42AF-9457-9065C49B075C} - C:\WINDOWS\sapnet.dll (file missing)

O21 - SSODL: rmvgor - {7B8CADDB-42F5-471B-9541-DE1B6A6CD0E1} - C:\WINDOWS\rmvgor.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--

End of file - 8883 bytes

Link to post
Share on other sites

Ahhh the nasties are getting weak.... muaaahhhh OK find this file and delete:

c:\windows\system32\bbchk.exe

Please download this file: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe' rel="external nofollow">

SDFix.exe

* Open the extracted SDFix folder and double click RunThis.bat to start the script.

* Type Y to begin the cleanup process.

* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.

* Press any Key and it will restart the PC.

* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt

(Report.txt will also be copied to Clipboard ready for posting back on the forum).

* Finally paste the contents of the Report.txt back on the forum.

Reboot your system in Normal Mode. Then post the SDFix log and a new HJT log please.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.