Sign in to follow this  
kens24@hotmail.com

PC Infection

Recommended Posts

Here is my Hi-jackthis log. Ive tried Norton, My isp Anti-virus, Ad-aware...... but i cant get my pc running correctly.

I have several pop ups at startup, and IE has gone crazy. SCPROT.EXE keeps trying to connect, I dont even know what that is.

I also have a red circle with a white x in the system tray.

 

Help, Need Help please.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:57:38 PM, on 12/26/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZuneBusEnum.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\WINDOWS\system32\regsvr32.exe

C:\Program Files\SecCenter\scprot4.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\Verizon\VSP\VerizonServicepoint.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Palm\Hotsync.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe

c:\windows\system\hpsysdrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Ken\My Documents\PC SECURITY\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=28425

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll

O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - C:\Program Files\Mobkjqfi\ptvesxqy.dll

O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bqhwputc] rundll32.exe "C:\Program Files\bqhwputc\rgncbmrk.dll",Init

O4 - HKLM\..\Run: [mlqpgjep] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\mlqpgjep.dll"

O4 - HKLM\..\Run: [fkpcjovg] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\fkpcjovg.dll"

O4 - HKLM\..\Run: [vupmnolu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\vupmnolu.dll"

O4 - HKLM\..\Run: [abyxohwt] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\abyxohwt.dll"

O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe

O4 - HKLM\..\Run: [ofslqjkr] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ofslqjkr.dll"

O4 - HKLM\..\Run: [olwtgbal] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\olwtgbal.dll"

O4 - HKLM\..\Run: [sC2] C:\Program Files\SecCenter\scprot4.exe

O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"

O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN

O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"

O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"

O4 - HKLM\..\RunOnce: [indexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\RunOnce: [indexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by141fd.bay141.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197735601875

O20 - Winlogon Notify: winmfu32 - C:\WINDOWS\SYSTEM32\winmfu32.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe

O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 10229 bytes

Share this post


Link to post
Share on other sites
Here is my Hi-jackthis log. Ive tried Norton, My isp Anti-virus, Ad-aware...... but i cant get my pc running correctly.

I have several pop ups at startup, and IE has gone crazy. SCPROT.EXE keeps trying to connect, I dont even know what that is.

I also have a red circle with a white x in the system tray.

 

Help, Need Help please.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:57:38 PM, on 12/26/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZuneBusEnum.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\WINDOWS\system32\regsvr32.exe

C:\Program Files\SecCenter\scprot4.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\Verizon\VSP\VerizonServicepoint.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Palm\Hotsync.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe

c:\windows\system\hpsysdrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Ken\My Documents\PC SECURITY\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=28425

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll

O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - C:\Program Files\Mobkjqfi\ptvesxqy.dll

O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bqhwputc] rundll32.exe "C:\Program Files\bqhwputc\rgncbmrk.dll",Init

O4 - HKLM\..\Run: [mlqpgjep] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\mlqpgjep.dll"

O4 - HKLM\..\Run: [fkpcjovg] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\fkpcjovg.dll"

O4 - HKLM\..\Run: [vupmnolu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\vupmnolu.dll"

O4 - HKLM\..\Run: [abyxohwt] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\abyxohwt.dll"

O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe

O4 - HKLM\..\Run: [ofslqjkr] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ofslqjkr.dll"

O4 - HKLM\..\Run: [olwtgbal] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\olwtgbal.dll"

O4 - HKLM\..\Run: [sC2] C:\Program Files\SecCenter\scprot4.exe

O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"

O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN

O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"

O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"

O4 - HKLM\..\RunOnce: [indexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\RunOnce: [indexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by141fd.bay141.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197735601875

O20 - Winlogon Notify: winmfu32 - C:\WINDOWS\SYSTEM32\winmfu32.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe

O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 10229 bytes

 

 

Is there anyone available to help with this? I understand the holiday season, but others have received replies.

Share this post


Link to post
Share on other sites

Hi kens24,

 

Apologies for the delay. The demand for help is huge, but there is not enough helpers unfortunately.

 

If you still require help, please post a new HijackThis log.

Share this post


Link to post
Share on other sites

Thanks for the reply, This is my current Hijackthis log. I have not used the pc since i posted this file. I am writting this

reply from a pc at work. Please take a look a the log and tell what has infested my pc at home.

 

Regards, and thanks in advance.

 

Kens24

Share this post


Link to post
Share on other sites

Hi kens24,

 

I see a few different Anti-Virus and Firewall programs installed. Could you tell me what programs you have and which are being used. It is vital that only one Anti-Virus and Firewall program is being run and the others should be uninstalled.

 

The reason for this is that multiple Anti-Virus and Firewall programs will conflict with each other, reducing the protection given and cause computer problems.

 

Once you only have one of each, please do the following...

 

1. I need to see another log from HijackThis.

  • Run Hijackthis.
  • Click on Open the Misc Tools section.
  • Next click on Open uninstall manager.
  • Press the Save list button.
  • Save the file to your desktop, with the default name of uninstall_list
  • Copy & Paste the entire contents of that file in your in your next post.

2. Please download ComboFix to your Desktop.

  • Double click on Combofix.exe & follow the prompts.
  • When the scan has finished, it shall produce a log for you. Post that log in your next reply

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

3. Please post the following...

 

Uninstall list

ComboFix log

New HijackThis log

Share this post


Link to post
Share on other sites
Hi kens24,

 

I see a few different Anti-Virus and Firewall programs installed. Could you tell me what programs you have and which are being used. It is vital that only one Anti-Virus and Firewall program is being run and the others should be uninstalled.

 

The reason for this is that multiple Anti-Virus and Firewall programs will conflict with each other, reducing the protection given and cause computer problems.

 

Once you only have one of each, please do the following...

 

1. I need to see another log from HijackThis.

  • Run Hijackthis.
  • Click on Open the Misc Tools section.
  • Next click on Open uninstall manager.
  • Press the Save list button.
  • Save the file to your desktop, with the default name of uninstall_list
  • Copy & Paste the entire contents of that file in your in your next post.

2. Please download ComboFix to your Desktop.

  • Double click on Combofix.exe & follow the prompts.
  • When the scan has finished, it shall produce a log for you. Post that log in your next reply

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

3. Please post the following...

 

Uninstall list

ComboFix log

New HijackThis log

 

 

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 

HERE IS THE UNINSTALL LIST:

 

Ad-Aware 2007

Adobe Flash Player ActiveX

Adobe Photoshop 5.5

Adobe Reader 7.0.5

Apple Software Update

Audacity 1.2.6

Authentium AntiVirus SDK - 2

AutoCAD 2000

BitTorrent 5.0.7

CCleaner (remove only)

Corel Uninstaller

Customer Experience Enhancement

Data Fax SoftModem with SmartCP

Deer Hunter 5

DivX

Doom 3

Easy Internet Sign-up

Formatta Filler 7.0

GameSpy 3D

GameSpy Arcade

GemMaster Mystic

Half-Life 2

High Definition Audio Driver Package - KB888111

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB910393)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB893357)

Hotfix for Windows XP (KB906569)

Hotfix for Windows XP (KB912024)

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB935448)

HP Boot Optimizer

HP DigitalMedia Archive

HP DVD Play 2.1

HP Imaging Device Functions 7.0

HP Photosmart and Deskjet 7.0.A

HP Photosmart Essential

HP Photosmart for Media Center PC

HP Photosmart Premier Software 6.5

HP Software Update

HP Solution Center 7.0

HP Web Helper

Intel® Matrix Storage Manager

Intel® PRO Network Connections Drivers

Intel® Quick Resume Technology Drivers

Intel® Viiv™ Software

LADSPA_plugins-win-0.4.15

Logitech SetPoint

Microsoft .NET Framework 1.0 Hotfix (KB887998)

Microsoft .NET Framework 1.0 Hotfix (KB930494)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Money 2006

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 Premium

Microsoft Office Standard Edition 2003 60 days trial

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Works

Mozilla Firefox (2.0.0.11)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

muvee autoProducer 5.0

muvee autoProducer unPlugged 2.0

My HP Games

Netscape Browser (remove only)

NVIDIA Drivers

OCR Software by I.R.I.S 7.0

Otto

Palm

PC-Doctor 5 for Windows

PerfectDisk

PlayLinc

Pocket Tunes 4.0.0

PPSDKRedistributables

Python 2.2 pywin32 extensions (build 203)

Python 2.2.3

Quicken 2006

QuickTime

RadLight Ogg Media DirectShow filter (remove only)

RealPlayer

Realtek High Definition Audio Driver

Rhapsody

Rocky Mountain Trophy Hunter 3

RPS Ad Blocker

RPS AntiFraud

RPS AntiSpyware

RPS AntiVirus

RPS App Detector

RPS AsRealtime

RPS Backup

RPS Burn

RPS Diagnostic Utility

RPS Firewall

RPS ParentalControl

RPS Performance Tool

RPS PopupBlocker

RPS Privacy Manager

RPS RpsCore

RPS Security Cleanup

RPS Zip

Security Update for Microsoft .NET Framework 2.0 (KB928365)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB937894)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB941202)

Security Update for Windows XP (KB941568)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB941644)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB943485)

Security Update for Windows XP (KB944653)

Sonic Express Labeler

Sonic MyDVD Plus

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

Symantec Technical Support Web Controls

Update for Windows Internet Explorer 7 (KB928089)

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB912945)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB929338)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB933360)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Update for Windows XP (KB942763)

Updates from HP (remove only)

URGE

Verizon Internet Security Suite

Verizon Online Help and Support

Verizon Servicepoint 1.5.12

Virtual Earth 3D (Beta)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player 11

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB883667

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB892050

Windows XP Hotfix - KB893066

Windows XP Media Center Edition 2005 KB908246

Windows XP Media Center Edition 2005 KB925766

WinRAR archiver

Yahoo! Toolbar for Internet Explorer

 

HERE IS THE COMBOFIX LOG:

 

ComboFix 08-01-14.3 - Ken 2008-01-14 1:04:45.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1501 [GMT -5:00]

Running from: C:\Documents and Settings\Ken\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\3269.exe

C:\Program Files\Helper

C:\Program Files\Helper\Helper6.dll

C:\Program Files\lsass.exe

C:\Program Files\SecCenter

C:\Program Files\SecCenter\scprot4.exe

C:\Program Files\spoolsv.exe

C:\WINDOWS\cookies.ini

C:\WINDOWS\system32\fnjmjihh.ini

C:\WINDOWS\system32\juvprpba

C:\WINDOWS\system32\juvprpba\bg1.gif

C:\WINDOWS\system32\juvprpba\bgtop.gif

C:\WINDOWS\system32\juvprpba\bottom1.gif

C:\WINDOWS\system32\juvprpba\essentials.gif

C:\WINDOWS\system32\juvprpba\icon1.ico

C:\WINDOWS\system32\juvprpba\install1.gif

C:\WINDOWS\system32\juvprpba\left1.gif

C:\WINDOWS\system32\juvprpba\li.gif

C:\WINDOWS\system32\juvprpba\logo.gif

C:\WINDOWS\system32\juvprpba\main.htm

C:\WINDOWS\system32\juvprpba\mainframe.htm

C:\WINDOWS\system32\juvprpba\reinstall1.gif

C:\WINDOWS\system32\juvprpba\right1.gif

C:\WINDOWS\system32\juvprpba\s1.htm

C:\WINDOWS\system32\juvprpba\s2.htm

C:\WINDOWS\system32\juvprpba\s3.htm

C:\WINDOWS\system32\juvprpba\SMTop1.gif

C:\WINDOWS\system32\juvprpba\SMTop2.gif

C:\WINDOWS\system32\juvprpba\SMTop3.gif

C:\WINDOWS\system32\juvprpba\SMTop4.gif

C:\WINDOWS\system32\juvprpba\soft1_off.gif

C:\WINDOWS\system32\juvprpba\soft1_off_ext.gif

C:\WINDOWS\system32\juvprpba\soft1_on.gif

C:\WINDOWS\system32\juvprpba\soft1_on_ext.gif

C:\WINDOWS\system32\juvprpba\soft2_off.gif

C:\WINDOWS\system32\juvprpba\soft2_off_ext.gif

C:\WINDOWS\system32\juvprpba\soft2_on.gif

C:\WINDOWS\system32\juvprpba\soft2_on_ext.gif

C:\WINDOWS\system32\juvprpba\soft3_off.gif

C:\WINDOWS\system32\juvprpba\soft3_off_ext.gif

C:\WINDOWS\system32\juvprpba\soft3_on.gif

C:\WINDOWS\system32\juvprpba\soft3_on_ext.gif

C:\WINDOWS\system32\juvprpba\softbottom_off.gif

C:\WINDOWS\system32\juvprpba\softbottom_on.gif

C:\WINDOWS\system32\juvprpba\softleft_off.gif

C:\WINDOWS\system32\juvprpba\softleft_on.gif

C:\WINDOWS\system32\juvprpba\top1.gif

C:\WINDOWS\system32\juvprpba\top2.gif

C:\WINDOWS\system32\juvprpba\turnoff1.gif

C:\WINDOWS\system32\juvprpba\turnon1.gif

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\rqtwa.ini

C:\WINDOWS\system32\rqtwa.ini2

C:\WINDOWS\system32\twytyfom.ini

C:\WINDOWS\system32\urqrpqn.dll

C:\WINDOWS\system32\winmfu32.dll

E:\Autorun.inf

 

.

((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))

.

 

2008-01-14 01:03 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-13 23:21 . 2008-01-14 00:40 <DIR> d-------- C:\Program Files\Zune

2007-12-26 14:34 . 2007-12-26 14:34 1,158 --a------ C:\WINDOWS\mozver.dat

2007-12-19 23:22 . 2007-12-19 23:22 0 --a------ C:\WINDOWS\nsreg.dat

2007-12-19 23:06 . 2008-01-09 11:45 1,355 --a------ C:\WINDOWS\imsins.BAK

2007-12-19 22:51 . 2007-12-19 22:51 <DIR> d-------- C:\Documents and Settings\Ken\Application Data\Netscape

2007-12-19 00:49 . 2007-03-06 13:24 55,296 --a------ C:\WINDOWS\system32\drivers\rp_skt32.sys

2007-12-19 00:48 . 2007-12-19 00:48 <DIR> d-------- C:\Program Files\Raxco

2007-12-19 00:48 . 2007-12-19 09:27 <DIR> d-------- C:\Program Files\Common Files\Scanner

2007-12-19 00:48 . 2007-12-19 00:48 <DIR> d-------- C:\Program Files\Common Files\Authentium

2007-12-19 00:48 . 2007-12-19 00:48 <DIR> d-------- C:\Program Files\CA

2007-12-19 00:48 . 2007-12-19 00:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco

2007-12-19 00:48 . 2007-04-19 11:24 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys

2007-12-19 00:47 . 2007-12-19 00:50 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2007-12-19 00:44 . 2007-12-19 00:44 <DIR> d-------- C:\Documents and Settings\Ken\Application Data\InstallShield

2007-12-18 00:29 . 2007-12-18 00:29 <DIR> d-------- C:\Program Files\CCleaner

2007-12-18 00:25 . 2007-12-18 00:25 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe

2007-12-18 00:10 . 2007-12-18 00:26 <DIR> d-------- C:\VundoFix Backups

2007-12-16 19:47 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-12-16 19:47 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2007-12-15 23:26 . 2007-12-15 23:26 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2007-12-15 23:26 . 2007-12-15 23:26 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf

2007-12-15 23:25 . 2008-01-14 00:40 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2007-12-15 15:07 . 2004-08-04 00:56 116,224 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll

2007-12-15 15:07 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe

2007-12-15 15:07 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll

2007-12-15 15:07 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll

2007-12-15 15:07 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\system32\dllcache\xrxflnch.exe

2007-12-15 15:05 . 2001-08-17 13:28 794,399 --a------ C:\WINDOWS\system32\dllcache\usr1806v.sys

2007-12-15 15:04 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys

2007-12-15 15:03 . 2004-08-09 16:00 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime

2007-12-15 15:02 . 2001-08-17 12:18 285,760 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys

2007-12-15 15:01 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\system32\dllcache\slntamr.sys

2007-12-15 15:00 . 2001-08-17 22:36 386,560 --a------ C:\WINDOWS\system32\dllcache\sgiul50.dll

2007-12-15 14:59 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll

2007-12-15 14:58 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys

2007-12-15 14:57 . 2004-08-09 16:00 482,304 --a------ C:\WINDOWS\system32\dllcache\pintlgnt.ime

2007-12-15 14:56 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\system32\dllcache\ovcodek2.sys

2007-12-15 14:55 . 2004-08-04 00:56 1,737,856 --a------ C:\WINDOWS\system32\dllcache\mtxparhd.dll

2007-12-15 14:54 . 2004-08-09 16:00 1,875,968 --a------ C:\WINDOWS\system32\dllcache\msir3jp.lex

2007-12-15 14:53 . 2004-08-09 16:00 1,158,818 --a------ C:\WINDOWS\system32\dllcache\korwbrkr.lex

2007-12-15 14:52 . 2004-08-09 16:00 811,064 --a------ C:\WINDOWS\system32\dllcache\imjp81k.dll

2007-12-15 14:51 . 2004-08-09 16:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll

2007-12-15 14:50 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll

2007-12-15 14:49 . 2001-08-17 12:17 629,952 --a------ C:\WINDOWS\system32\dllcache\eqn.sys

2007-12-15 14:48 . 2001-08-17 12:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys

2007-12-15 14:47 . 2004-08-09 16:00 1,677,824 --a------ C:\WINDOWS\system32\dllcache\chsbrkr.dll

2007-12-15 14:46 . 2004-08-04 00:56 1,888,992 --a------ C:\WINDOWS\system32\dllcache\ati3duag.dll

2007-12-15 14:45 . 2001-08-17 13:28 762,780 --a------ C:\WINDOWS\system32\dllcache\3cwmcru.sys

2007-12-15 14:36 . 2007-12-15 14:36 <DIR> d-------- C:\Documents and Settings\Ken\Application Data\Symantec

2007-12-15 13:30 . 2007-12-19 01:42 <DIR> d-------- C:\Program Files\Norton 360

2007-12-15 13:06 . 2007-12-15 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files

2007-12-15 10:52 . 2008-01-13 10:27 <DIR> d-------- C:\Program Files\Mobkjqfi

2007-12-15 09:00 . 2008-01-13 10:27 <DIR> d-------- C:\Program Files\Btebpkgm

2007-12-15 04:28 . 2007-12-15 04:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-12-15 04:28 . 2007-12-15 04:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-12-15 02:08 . 2007-12-19 07:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-12-15 00:21 . 2007-12-18 01:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2007-12-15 00:21 . 2007-12-15 00:21 1,409 --a------ C:\WINDOWS\QTFont.for

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-14 05:38 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\uTorrent

2008-01-14 05:35 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Motive

2008-01-13 15:27 --------- d-----w C:\Program Files\Vvdtmusu

2008-01-13 15:27 --------- d-----w C:\Program Files\Qvmwaxgc

2008-01-13 15:27 --------- d-----w C:\Program Files\Mqowubgs

2008-01-13 15:27 --------- d-----w C:\Program Files\Bcoxkesc

2008-01-08 19:17 162 ----a-w C:\Documents and Settings\Courtney\Application Data\wklnhst.dat

2007-12-20 05:42 --------- d-----w C:\Program Files\bqhwputc

2007-12-20 04:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-12-20 04:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2007-12-19 20:39 --------- d-----w C:\Documents and Settings\Courtney\Application Data\Verizon

2007-12-19 05:52 --------- d-----w C:\Documents and Settings\Ken\Application Data\Verizon

2007-12-19 05:48 --------- d-----w C:\Program Files\Verizon

2007-12-19 05:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Verizon

2007-12-19 05:47 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-17 23:00 --------- d-----w C:\Documents and Settings\Courtney\Application Data\Motive

2007-12-16 02:22 --------- d-----w C:\Program Files\PeoplePC

2007-12-15 18:58 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2007-12-15 18:58 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2007-12-15 09:29 --------- d-----w C:\Program Files\Lavasoft

2007-12-15 09:29 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Lavasoft

2007-12-15 06:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive

2007-12-15 06:12 --------- d-----w C:\Program Files\Common Files\Motive

2007-11-18 23:35 --------- d-----w C:\Program Files\BonkEnc

2007-11-16 02:38 40,832 ----a-w C:\WINDOWS\system32\drivers\zumbus.sys

2007-07-17 17:50 0 ----a-w C:\Documents and Settings\Ken\Application Data\wklnhst.dat

2007-03-18 02:22 251 ----a-w C:\Program Files\wt3d.ini

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C}]

C:\Program Files\Mobkjqfi\ptvesxqy.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"IndexCleaner"="C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" [2007-08-07 17:31 61168]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 23:01 67584]

"ftutil2"="ftutil2.dll" [2004-06-07 16:05 106496 C:\WINDOWS\system32\ftutil2.dll]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 22:05 16239616 C:\WINDOWS\RTHDCPL.EXE]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 16:15 151552]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-20 19:06 7622656]

"nwiz"="nwiz.exe" []

"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 11:05 90112]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 00:14 237568]

"PCDrProfiler"="" []

"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 00:34 249856]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]

"Motive SmartBridge"="C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe" [2006-06-23 11:33 438359]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-16 08:20 282624]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-29 09:47 180269]

"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 16:37 936960]

"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 15:20 2061816]

"Verizon Internet Security Suite"="C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe" [2007-08-07 17:31 303344]

"-FreedomNeedsReboot"="C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe" [2007-08-07 17:31 13552]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"IndexCleaner"="C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" [2007-08-07 17:31 61168]

 

C:\Documents and Settings\Courtney\Start Menu\Programs\Startup\

PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-09-29 09:15:29]

 

C:\Documents and Settings\Kids\Start Menu\Programs\Startup\

PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-09-29 09:15:29]

 

C:\Documents and Settings\Ken\Start Menu\Programs\Startup\

PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-09-29 09:15:29]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 14:27:34]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-05-10 19:32:55]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

 

R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 10:45]

R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 21:38]

R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 12:44]

S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-09-27 16:12]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]

\Shell\AutoRun\command - Z:\CD_Start.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6c38bf4-a433-11db-9fe4-0018f3e7e421}]

\Shell\AutoRun\command - M:\LaunchU3.exe -a

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-14 01:13:10

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-14 1:17:39 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-14 06:17:35

.

2008-01-09 16:46:27 --- E O F ---

 

 

AND FINALLY HERE IS THE NEW HIJACKTHIS LOG:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:21:10 AM, on 1/14/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\Verizon\VSP\VerizonServicepoint.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Palm\Hotsync.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe

C:\WINDOWS\eHome\ehmsas.exe

c:\windows\system\hpsysdrv.exe

C:\Documents and Settings\Ken\My Documents\PC SECURITY\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=28425

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll

O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - C:\Program Files\Mobkjqfi\ptvesxqy.dll (file missing)

O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe

O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN

O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"

O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"

O4 - HKLM\..\RunOnce: [indexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\RunOnce: [indexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by141fd.bay141.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197735601875

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe

O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 9089 bytes

 

 

THANKS AGAIN FOR ALL YOUR ASSISTANCE!

Share this post


Link to post
Share on other sites

Hi kens24,

 

Please do the following...

 

1. Download & run this file - Flash_Disinfector.exe

 

2. Open HijackThis

- Click the Do a system scan only button

- Check the following entries (below)

 

O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - C:\Program Files\Mobkjqfi\ptvesxqy.dll (file missing)

 

- Close ALL open windows (especially Internet Explorer!)

- Click Fix Checked

Close HiajckThis

 

3. Find and delete the following Folder in RED, if found:

 

C:\Program Files\Mobkjqfi

 

4. Please do an online scan with Kaspersky WebScanner

 

Click on Kaspersky Online Scanner

 

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

 

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT

  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:

      Extended (if available otherwise Standard)

    • Scan Options:

      Scan Archives
      Scan Mail Bases

    [*]Click OK

    [*]Now under select a target to scan:

      Select My Computer

    [*]This will program will start and scan your system.

    [*]The scan will take a while so be patient and let it run.

    [*]Once the scan is complete it will display if your system has been infected.

    • Now click on the Save as Text button:

    [*]Save the file to your desktop.

5. Please post the Kaspersky report, along with a new HijackThis log.

 

I see references to Norton/Symantec. Has this been uninstalled? Are you using Verizon Internet Security Suite? Please let me know.

Share this post


Link to post
Share on other sites
Hi kens24,

 

Please do the following...

 

1. Download & run this file - Flash_Disinfector.exe

 

2. Open HijackThis

- Click the Do a system scan only button

- Check the following entries (below)

 

O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - C:\Program Files\Mobkjqfi\ptvesxqy.dll (file missing)

 

- Close ALL open windows (especially Internet Explorer!)

- Click Fix Checked

Close HiajckThis

 

3. Find and delete the following Folder in RED, if found:

 

C:\Program Files\Mobkjqfi

 

4. Please do an online scan with Kaspersky WebScanner

 

Click on Kaspersky Online Scanner

 

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

 

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT

  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)

    • Scan Options:

    • Scan Archives
      Scan Mail Bases

    [*]Click OK

    [*]Now under select a target to scan:

    • Select My Computer

    [*]This will program will start and scan your system.

    [*]The scan will take a while so be patient and let it run.

    [*]Once the scan is complete it will display if your system has been infected.

    • Now click on the Save as Text button:

    [*]Save the file to your desktop.

5. Please post the Kaspersky report, along with a new HijackThis log.

 

I see references to Norton/Symantec. Has this been uninstalled? Are you using Verizon Internet Security Suite? Please let me know.

 

 

ok, I used to run norton, then upgraded to norton 360 after i got infected. This didnt fix the problem so i uninstalled and starting

using Verizon Internet Security Suite.

 

I could not find the online scanner on the link you gave me for kaspersky. I didnt download kaspersky Anti-virus SOS 6.0. I scanned using this, and it found a lot of stuff still on the pc. I have added the log file here. ok..... well i trying to post it here, but its too big.

 

 

Scan My Computer

----------------

Scanned: 735448

Detected: 48

Untreated: 0

Start time: 1/19/2008 10:59:55 PM

Duration: 06:16:03

Finish time: 1/20/2008 5:15:58 AM

Signatures published: 1/19/2008 7:25:29 PM

 

 

Detected

--------

Status Object

------ ------

deleted: adware not-a-virus:AdWare.Win32.Virtumonde.bnr File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0000043.dll

deleted: adware not-a-virus:AdWare.Win32.Virtumonde.bnr File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0000044.dll

deleted: Trojan program Trojan-Downloader.Win32.Obfuscated.n File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0000104.exe

deleted: Trojan program Trojan-Downloader.Win32.Alphabet.ai File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0000111.exe//PE_Patch.PECompact//PecBundle//PECompact

deleted: Trojan program Trojan.Win32.Obfuscated.mi File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP15\A0004037.dll

deleted: Trojan program Trojan.Win32.Obfuscated.mi File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP15\A0004038.dll

deleted: Trojan program Trojan.Win32.Obfuscated.mi File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP15\A0004039.dll

deleted: Trojan program Trojan.Win32.Obfuscated.mi File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP15\A0004040.dll

deleted: Trojan program Trojan.Win32.Obfuscated.mi File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP15\A0004041.dll

deleted: Trojan program Trojan.Win32.Obfuscated.mi File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP15\A0004042.dll

deleted: Trojan program Trojan.Win32.Obfuscated.mi File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP16\A0004065.dll

deleted: Trojan program Trojan-Downloader.Win32.Alphabet.ai File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0002369.exe//PE_Patch.PECompact//PecBundle//PECompact

deleted: adware not-a-virus:AdWare.Win32.WeatherBug.a File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0002772.exe//WiseSFXDropper//WISE0015.BIN

deleted: adware not-a-virus:AdWare.Win32.WeatherBug.a File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0002772.exe//WiseSFXDropper//WISE0016.BIN

deleted: adware not-a-virus:AdWare.Win32.Virtumonde.coa File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20\A0004269.dll

deleted: Trojan program Trojan.Win32.Dialer.yz File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20\A0004270.dll//PE_Patch.PECompact//PecBundle//PECompact

deleted: adware not-a-virus:AdWare.Win32.Agent.xt File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20\A0004275.dll//PE_Patch.PECompact//PecBundle//PECompact

deleted: Trojan program Trojan-Downloader.Win32.Alphabet.ai File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20\A0004280.exe//PE_Patch.PECompact//PecBundle//PECompact

deleted: adware not-a-virus:AdWare.Win32.WebHancer.214 File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP4\A0003260.exe//CryptFF/wbhshare.dll

deleted: adware not-a-virus:AdWare.Win32.WebHancer File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP4\A0003260.exe//CryptFF/Webhdll.dll

deleted: adware not-a-virus:AdWare.Win32.WebHancer.214 File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP4\A0003260.exe//CryptFF/WhAgent.exe

deleted: adware not-a-virus:AdWare.Win32.WebHancer.214 File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP4\A0003260.exe//CryptFF/whiehlpr.dll

deleted: adware not-a-virus:AdWare.Win32.WebHancer.214 File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP4\A0003260.exe//CryptFF/whieshm.dll

deleted: adware not-a-virus:AdWare.Win32.WebHancer.214 File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP4\A0003260.exe//CryptFF/whInstaller.exe

deleted: Trojan program Trojan-Downloader.Win32.Zlob.fec File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0003688.dll

deleted: adware not-a-virus:AdWare.Win32.SaveNow.e File: C:\Documents and Settings\Ken\My Documents\Ken's Portfolio\Tia\beachfree.exe/beaches.exe/BSAVEINST.EXE//data0001.cab/Save.exe

deleted: adware not-a-virus:AdWare.Win32.SaveNow.bl File: C:\Documents and Settings\Ken\My Documents\Ken's Portfolio\Tia\beachfree.exe/beaches.exe/BSAVEINST.EXE//data0001.cab/SaveUninst.exe

deleted: adware not-a-virus:AdWare.Win32.SaveNow.ar File: C:\Documents and Settings\Ken\My Documents\Ken's Portfolio\Tia\snowfree.exe/setup.exe/SAVENOWINST.EXE/SaveNow.exe

deleted: adware not-a-virus:AdWare.Win32.SaveNow.bl File: C:\Documents and Settings\Ken\My Documents\Ken's Portfolio\Tia\wfallsfree.exe/wfalls.exe/BSAVEINST.EXE//data0001.cab

deleted: adware not-a-virus:AdWare.Win32.SaveNow.ar File: C:\Documents and Settings\Ken\My Documents\Ken's Portfolio\Tia\snow\setup.exe/SAVENOWINST.EXE/SaveNow.exe

deleted: Trojan program Trojan-Downloader.Win32.Alphabet.ai File: C:\QooBox\Quarantine\C\Program Files\lsass.exe.vir//PE_Patch.PECompact//PecBundle//PECompact

deleted: adware not-a-virus:AdWare.Win32.Agent.xt File: C:\QooBox\Quarantine\C\Program Files\Helper\Helper6.dll.vir//PE_Patch.PECompact//PecBundle//PECompact

deleted: adware not-a-virus:AdWare.Win32.Virtumonde.coa File: C:\QooBox\Quarantine\C\WINDOWS\system32\urqrpqn.dll.vir

deleted: Trojan program Trojan.Win32.Dialer.yz File: C:\QooBox\Quarantine\C\WINDOWS\system32\winmfu32.dll.vir//PE_Patch.PECompact//PecBundle//PECompact

deleted: adware not-a-virus:AdWare.Win32.Virtumonde.bnr File: C:\VundoFix Backups\jkkifee.dll.bad

deleted: adware not-a-virus:AdWare.Win32.Virtumonde.bnr File: C:\VundoFix Backups\khfedeb.dll.bad

deleted: adware not-a-virus:AdWare.Win32.WeatherBug.a File: E:\I386\APPS\APP23866\src\CompaqPresario_Spring06.exe//WiseSFXDropper//WISE0015.BIN

deleted: adware not-a-virus:AdWare.Win32.WeatherBug.a File: E:\I386\APPS\APP23866\src\CompaqPresario_Spring06.exe//WiseSFXDropper//WISE0016.BIN

deleted: adware not-a-virus:AdWare.Win32.WeatherBug.a File: E:\I386\APPS\APP23866\src\HPPavillion_Spring06.exe//WiseSFXDropper//WISE0015.BIN

deleted: adware not-a-virus:AdWare.Win32.WeatherBug.a File: E:\I386\APPS\APP23866\src\HPPavillion_Spring06.exe//WiseSFXDropper//WISE0016.BIN

deleted: adware not-a-virus:AdWare.Win32.WeatherBug.a File: E:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0004505.exe//WiseSFXDropper//WISE0015.BIN

deleted: adware not-a-virus:AdWare.Win32.WeatherBug.a File: E:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0004505.exe//WiseSFXDropper//WISE0016.BIN

deleted: adware not-a-virus:AdWare.Win32.WeatherBug.a File: E:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0004506.exe//WiseSFXDropper//WISE0015.BIN

deleted: adware not-a-virus:AdWare.Win32.WeatherBug.a File: E:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0004506.exe//WiseSFXDropper//WISE0016.BIN

deleted: adware not-a-virus:AdWare.Win32.SaveNow.ar File: c:\documents and settings\ken\my documents\ken's portfolio\tia\snow\setup.exe

deleted: adware not-a-virus:AdWare.Win32.WeatherBug.a File: E:\I386\APPS\APP23866\src\HPPavillion_Spring06.exe//WiseSFXDropper

deleted: adware not-a-virus:AdWare.Win32.WeatherBug.a File: E:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0004505.exe//WiseSFXDropper

deleted: adware not-a-virus:AdWare.Win32.WeatherBug.a File: E:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0004506.exe//WiseSFXDropper

 

events not pasted..............

 

 

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

All objects 30136 25 25 0 0 599 142 288 4

System memory 3282 0 0 0 0 1 3 0 0

Startup objects 649 0 0 0 0 3 26 0 0

System Backup storage 7905 25 25 0 0 173 64 0 4

All hard drives 18300 0 0 0 0 422 49 288 0

All removable drives 0 0 0 0 0 0 0 0 0

 

 

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology Yes

Enable iSwift technology Yes

Record information about dangerous objects to program statistics Yes

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:06:23 AM, on 1/20/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe

C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\Verizon\VSP\VerizonServicepoint.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Palm\Hotsync.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe

C:\WINDOWS\system32\wuauclt.exe

c:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Ken\My Documents\PC SECURITY\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=28425

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll

O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe

O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN

O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"

O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe"

O4 - HKLM\..\RunOnce: [indexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\RunOnce: [indexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197735601875

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe

O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe

O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 9398 bytes

Share this post


Link to post
Share on other sites

Hi ken24,

 

Please do the following...

 

1. Please uninstall Kaspersky now. Having multiple Anti-Virus programs will cause problems.

 

2. Follow the instructions Here to completely remove Norton 360.

 

3. Click Start > Run > type: combofix /u > Press OK. This will uninstall ComboFix.

 

4. Post a new HijackThis log and let me know how things are.

Share this post


Link to post
Share on other sites
Hi ken24,

 

Please do the following...

 

1. Please uninstall Kaspersky now. Having multiple Anti-Virus programs will cause problems.

 

2. Follow the instructions Here to completely remove Norton 360.

 

3. Click Start > Run > type: combofix /u > Press OK. This will uninstall ComboFix.

 

4. Post a new HijackThis log and let me know how things are.

 

 

 

Well its been awhile since i was able to do what you last suggested, but here is the latest hijackthis log. The pc seems to be back to normal other than a few errors about missing files (sometimes not all the time). Thanks a bunch.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:31:52 AM, on 2/13/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\Verizon\VSP\VerizonServicepoint.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Palm\Hotsync.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

c:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe

C:\Documents and Settings\Ken\My Documents\PC SECURITY\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=28425

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll

O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe

O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN

O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"

O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\RunOnce: [indexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\RunOnce: [indexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197735601875

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe

O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 9539 bytes

 

 

Ken.

Share this post


Link to post
Share on other sites
Sign in to follow this