tykra

Members
  • Content Count

    12
  • Joined

  • Last visited

Community Reputation

0 Neutral

About tykra

  • Rank
    Member
  1. cool, glad you found it - too late for me to try this time, im already clean - the loooonnnggg way. :-/
  2. Good luck guys, this thing was a mess those who created/injected this deserve a major ###### kicking ... Anyway, I just started reinstalling xp - I have lost a ###### load of stuff that can never be replaced thanks to some idiot(s) Best of luck to you ...
  3. ... I really appreciated your efforts, I wish we could have gotten this thing figured out, but I cant lose another day of work - I figure I will be up all night reloading windows, and enough software to get be going for work tomorrow. thanks. I sure wish I could come face to face with the piece of scum that was responsible for screwing up my PC!
  4. Ok, just got back from dinner 1.5 hr drive from my home - wanted to get as far away from this mess as possible - LOL. Anyway when I booted up and did a HJT scan it found none of the previous items. Well for starters the pc is very slow - I click on windows explorer and nothing happens. I do ctrl-alt-del and about a minute later it finally pops up - under performance tab it states CPU usage is 100% - something decided to take a chunk out of my memory or something. Wait 10 minutes later my windows explorer is creeping its way onto the screen ... When I go to restart it shows CtHelper is not responding [end now], Explorer is not responding, [end now], Imgicon.exe not responding [end now], AXTimer, PC Camera, etc etc I imagine all those apz are the reason my system resources are all gone. Now whats going on? Was one of those HJT fixes a driver that shouldnt have been removed?
  5. I went back and ran Blacklight RootKit Eliminator as I anticipated that might be something I needed to go back and do now ... It stated that "No hidden items found." ... am I getting any closer to having a clean machine yet? From the last HJT log I am curious what some of these items are ...
  6. ============== BEGIN L2D LOG ============== Look2Me-Destroyer V1.0.12 Scanning for infected files..... Scan started at 6/7/2006 3:24:06 PM Attempting to delete infected files... Making registry repairs. Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{267980D6-E4F9-4EEB-82A7-E3DD8F6358FB}" HKCR\Clsid\{267980D6-E4F9-4EEB-82A7-E3DD8F6358FB} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6FCC351D-3335-4396-A2A7-B11ADF054705}" HKCR\Clsid\{6FCC351D-3335-4396-A2A7-B11ADF054705} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8DC8FAF1-D08E-4D0B-A5C6-B654BAD3A5CF}" HKCR\Clsid\{8DC8FAF1-D08E-4D0B-A5C6-B654BAD3A5CF} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{600E2E42-288E-416A-8CD4-3BE2EB9C6891}" HKCR\Clsid\{600E2E42-288E-416A-8CD4-3BE2EB9C6891} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2DADE561-D5C4-46E2-9615-5B6C1ED43C23}" HKCR\Clsid\{2DADE561-D5C4-46E2-9615-5B6C1ED43C23} Restoring Windows certificates. Replaced hosts file with default windows hosts file Restoring SeDebugPrivilege for Administrators - Succeeded ============== END L2D LOG ============== Ok looks as if I was infected by that too - D*mn this thing is nasty! ============== BEGIN HJT LOG ============== Logfile of HijackThis v1.99.1 Scan saved at 3:31:19 PM, on 6/7/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program Files\M-Audio Fast Track\GBInst.exe C:\WINDOWS\System32\CTHELPER.EXE C:\WINDOWS\System32\DSentry.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Iomega\AutoDisk\ADUserMon.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\vsnpstd2.exe c:\progra~1\mcafee\mcafee antispyware\massrv.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\progra~1\mcafee\MCAFEE~1\masalert.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Iomega\AutoDisk\ADService.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\brian\Desktop\HijackThis.exe O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: adobepnl.ADOBE_PANEL - {5E8FA924-DEF0-4E71-8A82-A11CA0C1413B} - C:\WINDOWS\System32\adobepnl.dll O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\System32\susp.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Nero\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...tm=0&expId=5067 O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/ve...n7/DLHelper.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...774/mcfscan.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: A - Sysinternals - www.sysinternals.com - C:\DOCUME~1\brian\LOCALS~1\Temp\A.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: Fast Track Installer (FastTrackInstallerService) - Nemesis - C:\Program Files\M-Audio Fast Track\GBInst.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\xampp\FileZillaFTP\FileZillaServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe ============== END HJT LOG ============== awaiting further instruction ...
  7. This must be a result of fixing those items in HJT, but my infected pc is now slower than a 7777 year itch. I think I might need to make myself a stiff drink, either that or this computer andor I are going out the window.
  8. Ok I have repeated those steps ... [safe mode] - SmitfraudFix deleted all of the same files it had the first time ... - Ewido found nothing just as first time ... - Ran BFU - All was good again ... I then attempted to run backlight without success. ------------------------ F-Secure Backlight could not acquire necessary privileges (SeDebugPriviledge) -Your computer settings may prevent acquiring these privileges. -A malicious program might have diabled these privileges. ------------------------ I was able to run RootkitRevealer ... ============ BEGIN RR LOG ============ HKLM\S-1-5-21-3438958190-1758548669-4134804467-1007\RemoveAccess\InternetProfile 4/13/2004 10:25 AM 15 bytes Data mismatch between Windows API and raw hive data. C:\WINDOWS\softwareDistribution\DataStore\Logs\tmp.edb 6/7/2006 12:02 PM 64 KB Visible in Windows API, but not in MFT or directory inbox. ============ END RR LOG ============ What ever this is, it sure is hiding itself good and disabling everything trying to find/delete it! Very nasty indeed !!!
  9. Well - everything looked good in safe mode - now that I rebooted I am once again getting the spyware popups, task manager, regedit etc are all disabled by this virus. (what ever it is)
  10. Ok, finally completed the next steps - 30m + for each for a couple of the scans - looks like I might have gotten rid of some of the stuff with my previous S+D work. ================== BEGIN RAPPORT.TXT ================== SmitFraudFix v2.55 Scan done at 20:42:48.85, Tue 06/06/2006 Run from C:\Documents and Settings\brian\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\alexaie.dll Deleted C:\WINDOWS\alxie328.dll Deleted C:\WINDOWS\alxtb1.dll Deleted C:\WINDOWS\bg.gif Deleted C:\WINDOWS\BTGrab.dll Deleted C:\WINDOWS\close-bar.gif Deleted C:\WINDOWS\dlmax.dll Deleted C:\WINDOWS\infected.gif Deleted C:\WINDOWS\Pynix.dll Deleted C:\WINDOWS\star.gif Deleted C:\WINDOWS\susp.exe Deleted C:\WINDOWS\warning-bar-ico.gif Deleted C:\WINDOWS\ZServ.dll Deleted C:\WINDOWS\system32\a.exe Deleted C:\WINDOWS\system32\alxres.dll Deleted C:\WINDOWS\system32\bridge.dll Deleted C:\WINDOWS\system32\dailytoolbar.dll Deleted C:\WINDOWS\system32\jao.dll Deleted C:\WINDOWS\system32\questmod.dll Deleted C:\WINDOWS\system32\runsrv32.dll Deleted C:\WINDOWS\system32\runsrv32.exe Deleted C:\WINDOWS\system32\tcpservice2.exe Deleted C:\WINDOWS\system32\txfdb32.dll Deleted C:\WINDOWS\system32\udpmod.dll Deleted C:\WINDOWS\system32\wstart.dll Deleted »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End ================== END RAPPORT.TXT ================== ================== BEGIN EWIDO LOG ================== --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 9:43:14 PM, 6/6/2006 + Report-Checksum: 60641495 + Scan result: No infected objects found. ::Report End ================== END EWIDO LOG ================== ================== BEGIN AV REPORT ================== Scan Results: Scan Completed. 105491 files scanned. No viruses found. File Infection Status Path - No Infections ================== END AV REPORT ================== ================== BEGIN HJT LOG ================== Logfile of HijackThis v1.99.1 Scan saved at 10:40:49 PM, on 6/6/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\brian\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:81 R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: adobepnl.ADOBE_PANEL - {5E8FA924-DEF0-4E71-8A82-A11CA0C1413B} - C:\WINDOWS\System32\adobepnl.dll O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\Toolbar.dll O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [susse] "C:\WINDOWS\System32\hpsw.exe" O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Nero\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [owfw] C:\PROGRA~1\COMMON~1\owfw\owfwm.exe O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...tm=0&expId=5067 O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/ve...n7/DLHelper.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...774/mcfscan.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\k0440ahqed4e0.dll (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: Fast Track Installer (FastTrackInstallerService) - Nemesis - C:\Program Files\M-Audio Fast Track\GBInst.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\xampp\FileZillaFTP\FileZillaServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe ================== END HJT LOG ==================
  11. ====== BFU LOG ====== BFU v1.00.9 Windows XP SP1 (WinNT 5.01.2600 SP1) Script started at 8:28:31 PM, on 6/6/2006 Option Unload Explorer: Yes Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found) Failed: ServiceStop Network Monitor (service not found) Failed: ServiceStop cmdService (service not found) Failed: ServiceDisable Network Monitor (service not found) Failed: ServiceDisable cmdService (service not found) Failed: ServiceDelete Network Monitor (service not found) Failed: ServiceDelete cmdService (service not found) Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|p2pnetwork (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|winlog (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found) Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU1 (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU2 (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|services32 (key not found) Option pause between commands: 300 ms Option pause between commands: 50 ms Failed: FolderDelete C:\Program Files\MsConfigs (folder not found) Failed: FolderDelete C:\Program Files\winupdates (folder not found) Failed: FolderDelete C:\Program Files\winupdate (folder not found) Failed: FolderDelete C:\Program Files\winsupdater (folder not found) Failed: FolderDelete C:\Program Files\MsUpdate (folder not found) Failed: FolderDelete C:\Program Files\MsMovies (folder not found) Failed: FolderDelete C:\Program Files\wmplayer (folder not found) Failed: FolderDelete C:\Program Files\outlook (folder not found) Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed) Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed) Failed: FileDelete C:\DOCUME~1\brian\LOCALS~1\Temp\~DF2A58.tmp (operation failed) Failed: FileDelete C:\DOCUME~1\brian\LOCALS~1\Temp\~DF6A9F.tmp (operation failed) Failed: FileDelete C:\WINDOWS\Temp\sqlite_eSVptoIlOAeFykh (operation failed) Failed: FileDelete C:\WINDOWS\Temp\sqlite_t8ABRz2ue4O4Q63 (operation failed) Failed: FileDelete C:\WINDOWS\Temp\sqlite_tuDwgd2sbHFke3m (operation failed) Failed: FolderDelete C:\Program Files\Maxifiles (folder not found) Failed: FolderDelete C:\Program Files\DNS (folder not found) Failed: FolderDelete C:\Program Files\EQAdvice (folder not found) Failed: FolderDelete C:\Program Files\FCAdvice (folder not found) Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found) Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found) Failed: FolderDelete C:\Program Files\Common Files\InetGet (folder not found) Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found) Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found) Failed: FolderDelete C:\Program Files\InetGet2 (folder not found) Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found) Failed: FolderDelete C:\Program Files\Network Monitor (folder not found) Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found) Failed: FolderDelete C:\Program Files\Update06 (folder not found) Failed: FolderDelete C:\Program Files\Update03 (folder not found) Failed: FolderDelete C:\Program Files\Update04 (folder not found) Failed: FolderDelete C:\Program Files\Update08 (folder not found) Failed: FolderDelete C:\Program Files\W-Update (folder not found) Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found) Failed: FolderDelete C:\Program Files\Cas (folder not found) Failed: FolderDelete C:\Program Files\CasStub (folder not found) Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found) Failed: FolderDelete C:\Program Files\ipwins (folder not found) Failed: FolderDelete C:\temp (folder not found) Failed: FolderDelete C:\WINDOWS\mdrive (folder not found) Failed: FolderCreate C:\bintheredunthat (folder already exists) Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found) Script completed. ====== END LOG ====== proceeding onto your second post procedures ....
  12. Not sure if this is some sort of 6.6.06 attack, but the timing sure is weird - when I booted my computer this morning and signed onto the internet I discovered several things . I keep getting fake security warnings popup in the bottom right of my screen. Examples: "Your computer is working slowly!" "Alert! You are receiving spam!" "Warning! Your security and privacy are at risk!" "You computer is not protected against spyware!" "Danger! Spyware activity detected on your computer!" "Alert! A minimum of 7 spyware items found!" Explorer opens to about:blank and displays a Windows Security Center (remove spyware alert) & link directs to xxxhttp://www.antispywarebox.com/index2.php?aff=0&wd=C:/WINDOWS Task Manager is Disabled. Regedit is Disabled. Msconfig is Disabled. Running adaware finds numerous files to fix - I fix them, then immediately the files are all reinstalled. On start up I see that runsrv32.exe running so maybe that is reinstalling something ??? Examples of files that are being auto installed ... ABetterInternet Admess Alexa Avenue A, Inc Blazefind.Bridge CoolWWWSearch.SmartSearch DailyToolbar SpywareSheriff.FakeAlert Statblaster.All files7 VX2.b.BDS VX2.c VX2.g.SiteHlpr =========== HJT LOG =========== Logfile of HijackThis v1.99.1 Scan saved at 3:31:09 PM, on 6/6/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\M-Audio Fast Track\GBInst.exe C:\PROGRA~1\Iomega\System32\AppServices.exe c:\progra~1\mcafee\mcafee antispyware\massrv.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\WINDOWS\System32\DSentry.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Iomega\AutoDisk\ADUserMon.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Iomega\AutoDisk\ADService.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\progra~1\mcafee\MCAFEE~1\masalert.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\users32.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Documents and Settings\brian\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:81 R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file) O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file) O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file) O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: adobepnl.ADOBE_PANEL - {5E8FA924-DEF0-4E71-8A82-A11CA0C1413B} - C:\WINDOWS\System32\adobepnl.dll O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file) O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file) O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file) O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\Toolbar.dll O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [susse] "C:\WINDOWS\System32\hpsw.exe" O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\System32\susp.exe O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\System32\runsrv32.exe O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Nero\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [owfw] C:\PROGRA~1\COMMON~1\owfw\owfwm.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...tm=0&expId=5067 O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/ve...n7/DLHelper.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...774/mcfscan.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\k0440ahqed4e0.dll (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: Fast Track Installer (FastTrackInstallerService) - Nemesis - C:\Program Files\M-Audio Fast Track\GBInst.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\xampp\FileZillaFTP\FileZillaServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe =========== END LOG =========== I have never had this much trouble getting rid of something before - normally its a quick search on google and its gone within minutes - today I have been searching all day long without success. I imagine this is a new strain of a virus, but mcafee isnt picking it up! Please help, Ive lost an entire day trying to resolve this issue.