[Resolved] What do I have to do to stop the hijacks, which I am again - 247fixes PC Help Forum

IPB

Welcome Guest ( Log In | Register )

247fixes PC Help Forum > Malware Removal > Resolved Hijackthis logs

2 Pages

1 2 >

Closed Topic

Start new topic

[Resolved] What do I have to do to stop the hijacks, which I am again

B-man View Member Profile	Aug 28 2008, 03:59 AM Post #1
Full Member Group: Member Posts: 24 Joined: 10-April 08 From: grand rapids, mi Member No.: 1,012	You folks are great w/ the help lets see if we can get rid of them again. Here's the hijackthis log but kaspersky won't let me do a scan cause it seems to think I don't have the right java. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:53:50 PM, on 8/27/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\StartupMonitor.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Comodo\Firewall\cfp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\hzrTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\hzrService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify...=us&.src=ym R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4dfb-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Hazard Shield] C:\WINDOWS\system32\hzrTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; sbcydsl 3.12; WP EmbeddedWB 14.55; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Windows-Media-Player/10.00.00.3990; Creative ZENcast v2.00.13) O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! Chess - http://origin.games.yahoo.net/games/clients/y/ct5_x.cab O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} - http://www.cyberlink.com/winxp/CheckDVD.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1218165823046 O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/su/ocx/15034/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6EB4FFCC-4195-4790-8BD3-F8D4D849F922}: NameServer = 66.73.20.40 206.141.193.55 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\WINDOWS\system32\guard32.dll, O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HazardShield - Orbitech - C:\WINDOWS\system32\hzrService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- End of file - 11507 bytes Thanks

Rorschach112 View Member Profile	Aug 28 2008, 04:49 PM Post #2
Scratch Group: Global Moderator Posts: 418 Joined: 30-April 08 Member No.: 1,040	Hello Please visit this web page for instructions for downloading and running ComboFix http://www.bleepingcomputer.com/combofix/how-to-use-combofix This includes installing the Windows XP Recovery Console in case you have not installed it yet. For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058. Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal. Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

B-man View Member Profile	Aug 29 2008, 01:44 AM Post #3
Full Member Group: Member Posts: 24 Joined: 10-April 08 From: grand rapids, mi Member No.: 1,012	Ok, not sure what's going on but after combo fix runs it tries to run a report but it say on some of the lines access is denied and closes. If that's what it's suppose to do I can't find the report afterwords. But here is the hijackthis. Also things are changing in the task bar at bottom left, like time changed to military time and avast is no longer there. Also wondering if I have to many security programs that are interfering w/ each other. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:39, on 2008-08-28 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\WINDOWS\StartupMonitor.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Comodo\Firewall\cfp.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\hzrService.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify...=us&.src=ym R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4dfb-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Hazard Shield] C:\WINDOWS\system32\hzrTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! Chess - http://origin.games.yahoo.net/games/clients/y/ct5_x.cab O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} - http://www.cyberlink.com/winxp/CheckDVD.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1218165823046 O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/su/ocx/15034/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6EB4FFCC-4195-4790-8BD3-F8D4D849F922}: NameServer = 66.73.20.40 206.141.193.55 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HazardShield - Orbitech - C:\WINDOWS\system32\hzrService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- End of file - 10255 bytes

Rorschach112 View Member Profile	Aug 29 2008, 09:18 PM Post #4
Scratch Group: Global Moderator Posts: 418 Joined: 30-April 08 Member No.: 1,040	Can you post the ComboFix log ?

B-man View Member Profile	Aug 29 2008, 09:30 PM Post #5
Full Member Group: Member Posts: 24 Joined: 10-April 08 From: grand rapids, mi Member No.: 1,012	Can you please tell me where to find it?

Rorschach112 View Member Profile	Aug 29 2008, 09:59 PM Post #6
Scratch Group: Global Moderator Posts: 418 Joined: 30-April 08 Member No.: 1,040	In the folder C:\ComboFix

B-man View Member Profile	Aug 29 2008, 10:44 PM Post #7
Full Member Group: Member Posts: 24 Joined: 10-April 08 From: grand rapids, mi Member No.: 1,012	I had looked there. There's over 100 icons and nothing titled logfile.

Rorschach112 View Member Profile	Aug 30 2008, 12:30 PM Post #8
Scratch Group: Global Moderator Posts: 418 Joined: 30-April 08 Member No.: 1,040	Run ComboFix again and post the log it gives you

B-man View Member Profile	Aug 30 2008, 05:22 PM Post #9
Full Member Group: Member Posts: 24 Joined: 10-April 08 From: grand rapids, mi Member No.: 1,012	Ok, worked that time. here's the combo fix ComboFix 08-08-28.02 - Brad Froehlich 2008-08-30 12:48:05.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.219 [GMT -4:00] Running from: C:\Documents and Settings\Brad Froehlich\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\system32\dao350.dll . ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-30 ))))))))))))))))))))))))))))))) . C:\ComboFix\CreateD00.bat . C:\ComboFix\CreateC00.bat . 2008-08-24 18:39 . 2008-08-24 18:39 69,632 --a------ C:\WINDOWS\system32\Winsock Orcas.dll 2008-08-24 18:39 . 2008-08-24 18:39 40,960 --a------ C:\WINDOWS\system32\hzrTray.exe 2008-08-24 18:39 . 2008-08-24 18:39 25,600 --a------ C:\WINDOWS\system32\hzrService.exe 2008-08-14 10:22 . 2008-08-14 10:22 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-08-13 23:17 . 2008-08-13 23:18 <DIR> d-------- C:\Program Files\QuickTime 2008-08-13 14:24 . 2008-08-30 10:23 4 --a------ C:\WINDOWS\system32\25A1D5 2008-08-12 17:14 . 2008-05-01 10:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-12 17:09 . 2008-04-11 15:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-08 11:22 . 2008-08-24 19:41 <DIR> d-------- C:\Program Files\a-squared Free 2008-08-08 09:17 . 2008-08-08 09:59 <DIR> d-------- C:\Program Files\a-squared Anti-Malware 2008-08-08 08:51 . 2008-08-24 18:41 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-07 23:40 . 2008-08-28 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS 2008-08-07 23:39 . 2008-08-28 20:11 <DIR> d-------- C:\Program Files\NOS 2008-08-07 23:31 . 2008-08-07 23:32 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-06 09:39 . 2008-08-06 11:09 <DIR> d-------- C:\Program Files\EsetOnlineScanner 2008-08-05 11:53 . 2008-08-05 11:53 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-05 11:53 . 2008-08-05 11:53 <DIR> d-------- C:\Documents and Settings\Brad Froehlich\Application Data\Malwarebytes 2008-08-05 11:53 . 2008-08-05 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-05 11:53 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-05 11:53 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-31 20:44 . 2008-07-31 20:44 <DIR> d-------- C:\Program Files\VS Revo Group 2008-07-31 14:06 . 2008-08-08 08:30 <DIR> d-------- C:\Program Files\SpywareGuard 2008-07-30 12:47 . 2008-07-30 12:58 <DIR> d-------- C:\Documents and Settings\Brad Froehlich\Pavark 2008-07-22 13:41 . 2008-08-29 17:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hazard Shield 2008-07-10 17:09 . 2008-07-10 17:18 <DIR> d-------- C:\Program Files\V CAST Music with Rhapsody 2008-07-10 16:48 . 2008-07-10 16:48 <DIR> d-------- C:\Program Files\LG Electronics 2008-07-10 16:48 . 2007-04-09 09:55 22,912 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys 2008-07-10 16:48 . 2007-04-09 09:56 21,248 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys 2008-07-10 16:48 . 2007-04-09 09:53 12,672 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys 2008-07-10 16:47 . 2007-05-01 18:23 528,384 --------- C:\WINDOWS\system32\VZWDownManager.exe 2008-07-10 16:47 . 2007-05-01 18:23 49,152 --------- C:\WINDOWS\system32\VZWDLManager.dll 2008-07-10 16:47 . 2007-05-02 04:34 375 --------- C:\WINDOWS\system32\VZWDLManager.inf 2008-07-09 10:51 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-07-09 10:40 . 2008-07-09 10:40 <DIR> d-------- C:\Program Files\Windows Installer Clean Up 2008-07-07 16:26 . 2008-07-07 16:26 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-29 15:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity 2008-08-26 18:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-24 22:38 --------- d-----w C:\Program Files\Hazard Shield 2008-08-21 20:43 --------- d-----w C:\Program Files\Finale NotePad 2007 2008-08-17 18:32 --------- d-----w C:\Documents and Settings\Brad Froehlich\Application Data\Yahoo! 2008-08-14 03:09 --------- d-----w C:\Program Files\Apple Software Update 2008-08-08 03:31 --------- d-----w C:\Program Files\SpywareBlaster 2008-08-01 18:18 507,658 ----a-w C:\WINDOWS\java\Packages\QE0F3TFB.ZIP 2008-08-01 00:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\AppSnap 2008-07-30 13:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-07-20 18:13 --------- d-----w C:\Program Files\Coupons 2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-09 14:51 --------- d-----w C:\Program Files\Java 2008-07-09 14:39 --------- d-----w C:\Program Files\MSECache 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-05-27 01:12 3,416 ----a-w C:\WINDOWS\system32\PerfStringBackup.TMP 2008-05-23 14:17 143,104 ----a-w C:\WINDOWS\system32\guard32.dll 2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll 2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll 2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll 2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll 2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe 2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe 2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll 2008-01-10 20:44 74,536 ----a-w C:\Documents and Settings\Brad Froehlich\Application Data\GDIPFONTCACHEV1.DAT 2005-11-28 21:27 6,904 ------w C:\Documents and Settings\All Users\Application Data\ypinfo.bin 2006-11-15 14:00 450 --sha-r C:\WINDOWS\mk0yeomn5y.dat 2006-11-15 14:00 450 --sha-r C:\WINDOWS\system32\MS5ny0k05m.dll 2008-05-07 17:04 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050720080508\index.dat 2008-05-27 01:08 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052620080527\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 18:43 4670704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 08:06 188416] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-06-10 05:21 217088] "YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19 129536] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-18 11:09 29744] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [2008-06-05 10:32 1655552] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "Hazard Shield"="C:\WINDOWS\system32\hzrTray.exe" [2008-08-24 18:39 40960] "Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 17:23 86016 C:\WINDOWS\StartupMonitor.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 21:17 443968] C:\Documents and Settings\Brad Froehlich\Start Menu\Programs\Startup\ SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk] backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk] backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk] backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector] --a------ 2004-12-02 19:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4] C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar] --a------ 2008-08-12 17:05 652528 C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcq] --a------ 2004-07-02 12:26 122956 C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell] --a------ 2007-12-10 15:35 323216 C:\Program Files\Napster\napster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp] --a------ 2006-11-01 01:04 321088 C:\Program Files\Pure Networks\Network Magic\nmapp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch] --a------ 2007-05-02 19:00 55368 C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-08-18 18:41 1832272 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox] --a------ 2005-09-14 21:44 65536 C:\Program Files\USB Disk Win98 Driver\Res.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-08-30 18:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP] --a------ 2006-07-21 10:43 407032 C:\PROGRA~1\Yahoo!\YOP\yop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Automatic LiveUpdate Scheduler"=2 (0x2) "ZuneNetworkSvc"=2 (0x2) "iPod Service"=3 (0x3) "Apple Mobile Device"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 19:20] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-23 10:17] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-23 10:17] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16] R2 HazardShield;HazardShield;C:\WINDOWS\system32\hzrService.exe [2008-08-24 18:39] R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2002-01-11 00:22] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-18 11:09] . Contents of the 'Scheduled Tasks' folder 2008-08-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Brad Froehlich\Application Data\Mozilla\Firefox\Profiles\p6i7azlz.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxps://login.yahoo.com/config/login_verify2?.refer=slv&.intl=us&.src=ym FF -: plugin - C:\Documents and Settings\Brad Froehlich\Application Data\Mozilla\Firefox\Profiles\p6i7azlz.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07100121.dll FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-30 12:53:20 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-08-30 13:07:28 ComboFix-quarantined-files.txt 2008-08-30 16:58:41 Pre-Run: 53,537,955,840 bytes free Post-Run: 53,534,265,344 bytes free 232 --- E O F --- 2008-08-14 14:24:42

Rorschach112 View Member Profile	Aug 30 2008, 06:34 PM Post #10
Scratch Group: Global Moderator Posts: 418 Joined: 30-April 08 Member No.: 1,040	Hello Make sure to use Internet Explorer for this Please go to VirSCAN.org FREE on-line scan service Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page: C:\WINDOWS\system32\hzrTray.exe Click on the Upload button Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard. Paste the contents of the Clipboard in your next reply.

B-man View Member Profile	Aug 30 2008, 08:20 PM Post #11
Full Member Group: Member Posts: 24 Joined: 10-April 08 From: grand rapids, mi Member No.: 1,012	I think that file might be from hazard shield. VirSCAN.org Scanned Report : Scanned time : 2008/08/30 16:15:48 (EDT) Scanner results: All Scanners reported not find malware! File Name : hzrTray.exe File Size : 40960 byte File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit MD5 : 474a09dd6c2b6dfa350ff3a5c6f598e0 SHA1 : a073a4a6aebc76c3c57f869b2c6876e8f14094f6 Online report : http://virscan.org/report/82686ed8e5af2c5a...86e079bf2d.html Scanner Engine Ver Sig Ver Sig Date Time Scan result a-squared 3.5.0.22 2008.08.29 2008-08-29 2.45 - AhnLab V3 2008.08.30.00 2008.08.30 2008-08-30 0.89 - AntiVir 7.8.1.23 7.0.6.93 2008-08-30 2.29 - Arcavir 1.0.5 200808291850 2008-08-29 1.20 - AVAST! 3.0.1 080830-0 2008-08-30 0.70 - AVG 7.5.51.442 270.6.14/1643 2008-08-30 1.55 - BitDefender 7.60825.1680189 7.20742 2008-08-31 2.94 - CA (VET) 9.0.0.143 31.6.6057 2008-08-29 5.14 - ClamAV 0.93.3 8120 2008-08-30 0.02 - Comodo 2.11 2.0.0.632 2008-08-30 0.42 - CP Secure 1.1.0.715 2008.08.30 2008-08-30 6.42 - Dr.Web 4.44.0.9170 2008.08.30 2008-08-30 3.10 - ewido 4.0.0.2 2008.08.30 2008-08-30 2.46 - F-Prot 4.4.4.56 20080829 2008-08-29 0.99 - F-Secure 5.51.6100 2008.08.30.01 2008-08-30 3.20 - Fortinet 2.81-3.11 9.492 2008-08-30 1.75 - ViRobot 20080829 2008.08.29 2008-08-29 0.41 - Ikarus T3.1.01.34 2008.08.30.71369 2008-08-30 3.25 - JiangMin 11.0.706 2008.08.30 2008-08-30 1.20 - Kaspersky 5.5.10 2008.08.30 2008-08-30 0.03 - KingSoft 2008.1.14.15 2008.8.30.15 2008-08-30 0.59 - McAfee 5.3.00 5373 2008-08-29 2.10 - Microsoft 1.3807 2008.08.30 2008-08-30 4.12 - mks_vir 2.01 2008.08.25 2008-08-25 2.67 - Norman 5.93.01 5.93.00 2008-08-29 4.90 - Panda 9.05.01 2008.08.30 2008-08-30 2.01 - Trend Micro 8.700-1004 5.508.13 2008-08-30 0.03 - Quick Heal 9.50 2008.08.29 2008-08-29 1.69 - Rising 20.0 20.59.51.00 2008-08-30 0.74 - Sophos 2.78.0 4.33 2008-08-31 1.65 - Sunbelt 3.1.1592.1 2210 2008-08-29 0.43 - Symantec 1.3.0.24 20080830.007 2008-08-30 0.05 - nProtect 2008-08-29.00 1993388 2008-08-29 3.56 - The Hacker 6.3.0.6 v00068 2008-08-29 0.40 - VBA32 3.12.8.4 20080830.0609 2008-08-30 1.15 - VirusBuster 4.5.11.10 10.85.1/623263 2008-08-30 0.81 -

Rorschach112 View Member Profile	Aug 31 2008, 12:49 AM Post #12
Scratch Group: Global Moderator Posts: 418 Joined: 30-April 08 Member No.: 1,040	Hello Make sure to use Internet Explorer for this Please go to VirSCAN.org FREE on-line scan service Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page: C:\WINDOWS\java\Packages\QE0F3TFB.ZIP Click on the Upload button Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard. Paste the contents of the Clipboard in your next reply. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: QUOTE File:: C:\WINDOWS\mk0yeomn5y.dat C:\WINDOWS\system32\MS5ny0k05m.dll Folder:: Registry:: Driver:: Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Also post a new HJT log