Trojan-spy.win32@mx....etc. HELP!

Computing.Net > Forums > Security and Virus > Trojan-spy.win32@mx....etc. HELP!

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Trojan-spy.win32@mx....etc. HELP!

Name: seymop
Date: October 18, 2007 at 15:08:53 Pacific
OS: XP home ed.
CPU/Ram: 2 GhZ, 1GB RAM
Product: dell 4500

Comment:

hey all, I have this virus and various other viruses that go along with it. It has shut down my McCafee antivirus. I have downloaded smitfraudfix and followed the directions exaclty! It doesn't work for me. Any other suggestions or personal help?????
Thanks alot. justin

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: October 18, 2007 at 15:56:02 Pacific

Reply:

Please download and install the latest version of HijackThis v2.0.2:
Download the HijackThis Installer from this link: HijackThis
1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!

Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Response Number 2

Name: seymop
Date: October 19, 2007 at 04:00:59 Pacific

Reply:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:39 AM, on 10/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\WINDOWS\System32\devldr32.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: (no name) - {123DB99C-52BE-4227-A551-63605BE984D6} - C:\Program Files\Common Files\hoke83122.dll (file missing)
O2 - BHO: (no name) - {40B3AE7D-942D-4189-8958-4BE9B94CAA52} - C:\Program Files\Common Files\hoke4444.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: 0 - {78766CF0-6E5D-4CD8-7984-12DCD68008A4} - C:\Program Files\Outlook Express\lavuma562.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\System32\cpatkamb.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\System32\wpqzfegu.dll
O2 - BHO: (no name) - {BACEB7AF-8D88-456E-82D0-7BEB9A4410FE} - C:\WINDOWS\System32\rqrspno.dll (file missing)
O2 - BHO: (no name) - {FC4F74FF-7DA9-449E-871E-29B00377B383} - C:\WINDOWS\System32\awtst.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\wpqzfegu.dll
O4 - HKLM\..\Run: [NvCplDaemon] -RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] -RUNDLL32.exe C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DeltTray] -DeltTray.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\efvlionc.dll",sitypnow
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [0215201192791041mcinstcleanup] C:\DOCUME~1\Justin\LOCALS~1\Temp\021520~1.exe C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O20 - Winlogon Notify: rqrspno - rqrspno.dll (file missing)
O20 - Winlogon Notify: wpqzfegu - C:\WINDOWS\SYSTEM32\wpqzfegu.dll
O23 - Service: McAfee Application Installer Cleanup (0212231192790950) (0212231192790950mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\021223~1.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bm8\command.exe (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\afvjnakt.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - -"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" (file missing)
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - -C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - -C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - -"C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe" (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - -"C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe" (file missing)
O23 - Service: RoxMediaDB9 - Unknown owner - -"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe" (file missing)
O23 - Service: stllssvr - Unknown owner - -"C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" (file missing)
--
End of file - 6727 bytes

SmitFraudFix v2.240
Scan done at 6:59:51.29, Fri 10/19/2007
Run from C:\Documents and Settings\Justin\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\WINDOWS\System32\devldr32.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Justin

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Justin\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Justin\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: CNet PRO200WL PCI Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 68.237.161.12
DNS Server Search Order: 71.250.0.12
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E471ED1A-3D73-48B6-BDB9-6BF4BC270B74}: DhcpNameServer=68.237.161.12 71.250.0.12
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E471ED1A-3D73-48B6-BDB9-6BF4BC270B74}: DhcpNameServer=68.237.161.12 71.250.0.12
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E471ED1A-3D73-48B6-BDB9-6BF4BC270B74}: DhcpNameServer=68.237.161.12 71.250.0.12
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.237.161.12 71.250.0.12
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.237.161.12 71.250.0.12
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.237.161.12 71.250.0.12

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Response Number 3

Name: jabuck
Date: October 19, 2007 at 08:40:03 Pacific

Reply:

Please download ComboFix to the desktop from this link:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Response Number 4

Name: seymop
Date: October 19, 2007 at 14:25:53 Pacific

Reply:

ComboFix 07-10-19.1 - Justin 2007-10-19 16:58:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.728 [GMT -4:00]
Running from: C:\Documents and Settings\Justin\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Justin\Application Data\inst.exe
C:\Program Files\Hammer.dll
C:\Program Files\network monitor
C:\Program Files\outlook
C:\Program Files\Temporary
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\a8
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\cpatkamb.dll
C:\WINDOWS\system32\jkkjg.dll
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\tstwa.bak1
C:\WINDOWS\system32\tstwa.bak2
C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\TTC-4444.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\DomainService
-------\Network Monitor

((((((((((((((((((((((((( Files Created from 2007-09-19 to 2007-10-19 )))))))))))))))))))))))))))))))
.
2007-10-19 16:58 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-19 06:58 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-19 06:50 84,744 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-10-19 06:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-18 18:53 161,768 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-10-18 18:53 37,800 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-10-18 18:53 33,896 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-10-18 18:53 31,560 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-10-18 18:52 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-10-18 18:51 <DIR> d-------- C:\Program Files\McAfee.com
2007-10-18 18:51 <DIR> d-------- C:\Program Files\McAfee
2007-10-18 18:51 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-10-17 07:01 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-17 07:01 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-17 07:01 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-17 07:01 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-17 07:01 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-16 21:23 <DIR> d-------- C:\Program Files\XoftSpySE
2007-10-16 19:29 2,060 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-14 12:25 <DIR> d--h----- C:\WINDOWS\PIF
2007-10-14 11:31 389,184 --a------ C:\WINDOWS\system32\giemijcv.exe
2007-10-14 11:31 339,968 --a------ C:\WINDOWS\system32\wpqzfegu.dll
2007-10-14 11:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-10-14 10:37 389,184 --a------ C:\WINDOWS\system32\chasmvaq.exe
2007-10-14 10:37 339,968 --a------ C:\WINDOWS\system32\cnolejdo.dll
2007-10-13 22:26 <DIR> d--hs---- C:\WINDOWS\bm8
2007-10-13 22:26 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\NetMon
2007-10-13 22:26 45,056 --a------ C:\WINDOWS\system32\katzppd.exe
2007-10-13 22:25 <DIR> d-------- C:\WINDOWS\system32\que1
2007-10-13 22:25 <DIR> d-------- C:\WINDOWS\system32\oTt04e
2007-10-13 22:25 <DIR> d-------- C:\WINDOWS\system32\kat1
2007-10-13 22:25 <DIR> d-------- C:\WINDOWS\system32\comms2
2007-10-13 22:25 <DIR> d-------- C:\Temp\fCOe
2007-10-13 22:25 <DIR> d-------- C:\Temp
2007-10-13 22:25 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-10-08 18:44 8,576 --a------ C:\WINDOWS\system32\drivers\hidgame.sys
2007-10-08 18:44 8,576 --a--c--- C:\WINDOWS\system32\dllcache\hidgame.sys
2007-10-06 12:27 <DIR> d-------- C:\Program Files\BitTorrent_DNA
2007-10-06 12:27 <DIR> d-------- C:\Documents and Settings\Justin\Application Data\BitTorrent DNA
2007-09-28 07:03 <DIR> d-------- C:\Documents and Settings\Justin\Shared
2007-09-28 07:03 <DIR> d-------- C:\Documents and Settings\Justin\Incomplete
2007-09-28 07:02 <DIR> d-------- C:\Documents and Settings\Justin\Application Data\LimeWire
2007-09-22 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-09-22 22:14 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-18 22:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-17 10:43 --------- d-----w C:\Documents and Settings\Justin\Application Data\Roxio
2007-10-16 21:32 --------- d-----w C:\Documents and Settings\Justin\Application Data\BitTorrent
2007-10-14 17:45 --------- d-----w C:\Program Files\DVDFab Platinum 3
2007-10-13 01:49 --------- d-----w C:\Documents and Settings\Justin\Application Data\Vso
2007-10-06 16:32 --------- d-----w C:\Program Files\BitTorrent
2007-09-23 02:17 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-15 00:28 --------- d-----w C:\Program Files\Viewpoint
2007-09-15 00:28 --------- d-----w C:\Program Files\AOD
2007-09-15 00:28 --------- d-----w C:\Program Files\AIM
2007-09-15 00:28 --------- d-----w C:\Documents and Settings\Justin\Application Data\Aim
2007-09-15 00:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-09-14 01:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk
2007-09-12 10:00 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-09-12 10:00 47,360 ----a-w C:\Documents and Settings\Justin\Application Data\pcouffin.sys
2007-09-11 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-08-21 01:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-21 01:00 --------- d-----w C:\Program Files\Common Files\Verizon Online
2007-08-21 00:59 --------- d-----w C:\Program Files\Common Files\Motive
2007-08-21 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{123DB99C-52BE-4227-A551-63605BE984D6}]
C:\Program Files\Common Files\hoke83122.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40B3AE7D-942D-4189-8958-4BE9B94CAA52}]
C:\Program Files\Common Files\hoke4444.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78766CF0-6E5D-4CD8-7984-12DCD68008A4}]
C:\Program Files\Outlook Express\lavuma562.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-14 11:31 339968 --a------ C:\WINDOWS\system32\wpqzfegu.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC4F74FF-7DA9-449E-871E-29B00377B383}]
C:\WINDOWS\System32\awtst.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\wpqzfegu.dll [2007-10-14 11:31 339968]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"NvCplDaemon"="-C:\WINDOWS\System32\NvCpl.dll" []
"NvMediaCenter"="-C:\WINDOWS\System32\NvMcTray.dll" []
"DeltTray"="-DeltTray.exe" []
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 15:30]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-10-06 12:27]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.exe [2001-02-13 01:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrspno]
rqrspno.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wpqzfegu]
wpqzfegu.dll 2007-10-14 11:31 339968 C:\WINDOWS\system32\wpqzfegu.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Justin^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Justin\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
"C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\System32\Drivers\DLARTL_M.SYS
.
Contents of the 'Scheduled Tasks' folder
"2007-10-18 22:52:21 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2007-10-18 22:52:20 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-19 17:23:32
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-19 17:25:01 - machine was rebooted
.
--- E O F ---

Response Number 5

Name: jabuck
Date: October 19, 2007 at 15:22:15 Pacific

Reply:

Please go to start> control panel> add/remove programs. and uninstall these programs:
BitTorrent
LimeWire
Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\system32\giemijcv.exe
C:\WINDOWS\system32\wpqzfegu.dll
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\WINDOWS\system32\chasmvaq.exe
C:\WINDOWS\system32\cnolejdo.dll
Folder::
C:\WINDOWS\bm8
C:\WINDOWS\system32\que1
C:\WINDOWS\system32\oTt04e
C:\WINDOWS\system32\kat1
C:\WINDOWS\system32\comms2
C:\Temp\fCOe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{123DB99C-52BE-4227-A551-63605BE984D6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40B3AE7D-942D-4189-8958-4BE9B94CAA52}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78766CF0-6E5D-4CD8-7984-12DCD68008A4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC4F74FF-7DA9-449E-871E-29B00377B383}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrspno]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wpqzfegu]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Post a new Hijack This log and a new Combofix log please.

cnet pro200wl driver surething shared isChar)_ c++	Who is 68.237.161.12 mpfp.sys mfehidk.sys
See More

Response Number 6

Name: seymop
Date: October 19, 2007 at 17:19:36 Pacific

Reply:

ComboFix 07-10-19.1 - Justin 2007-10-19 20:12:52.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.708 [GMT -4:00]
Running from: C:\Documents and Settings\Justin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Justin\Desktop\CFScript.txt
* Created a new restore point
FILE::
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\WINDOWS\system32\chasmvaq.exe
C:\WINDOWS\system32\cnolejdo.dll
C:\WINDOWS\system32\giemijcv.exe
C:\WINDOWS\system32\wpqzfegu.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\fCOe
C:\Temp\fCOe\tOasF.log
C:\WINDOWS\bm8
C:\WINDOWS\system32\chasmvaq.exe
C:\WINDOWS\system32\cnolejdo.dll
C:\WINDOWS\system32\comms2
C:\WINDOWS\system32\giemijcv.exe
C:\WINDOWS\system32\kat1
C:\WINDOWS\system32\kat1\IKtzudll2.exe
C:\WINDOWS\system32\oTt04e
C:\WINDOWS\system32\que1
C:\WINDOWS\system32\que1\aded83122.exe
C:\WINDOWS\system32\wpqzfegu.dll
C:\WINDOWS\system32\wpqzfegu.dll
.
((((((((((((((((((((((((( Files Created from 2007-09-20 to 2007-10-20 )))))))))))))))))))))))))))))))
.
2007-10-19 06:58 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-19 06:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-18 18:51 <DIR> d-------- C:\Program Files\McAfee.com
2007-10-18 18:51 <DIR> d-------- C:\Program Files\McAfee
2007-10-18 18:51 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-10-16 21:23 <DIR> d-------- C:\Program Files\XoftSpySE
2007-10-14 11:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-10-13 22:26 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\NetMon
2007-10-13 22:25 <DIR> d-------- C:\Temp
2007-09-28 07:03 <DIR> d-------- C:\Documents and Settings\Justin\Shared
2007-09-28 07:03 <DIR> d-------- C:\Documents and Settings\Justin\Incomplete
2007-09-28 07:02 <DIR> d-------- C:\Documents and Settings\Justin\Application Data\LimeWire
2007-09-22 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-09-22 22:14 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-18 22:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-17 10:43 --------- d-----w C:\Documents and Settings\Justin\Application Data\Roxio
2007-10-14 17:45 --------- d-----w C:\Program Files\DVDFab Platinum 3
2007-10-13 01:49 --------- d-----w C:\Documents and Settings\Justin\Application Data\Vso
2007-09-23 02:17 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-15 00:28 --------- d-----w C:\Program Files\Viewpoint
2007-09-15 00:28 --------- d-----w C:\Program Files\AOD
2007-09-15 00:28 --------- d-----w C:\Program Files\AIM
2007-09-15 00:28 --------- d-----w C:\Documents and Settings\Justin\Application Data\Aim
2007-09-15 00:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-09-14 01:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk
2007-09-12 10:00 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-09-12 10:00 47,360 ----a-w C:\Documents and Settings\Justin\Application Data\pcouffin.sys
2007-09-11 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-08-21 01:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-21 01:00 --------- d-----w C:\Program Files\Common Files\Verizon Online
2007-08-21 00:59 --------- d-----w C:\Program Files\Common Files\Motive
2007-08-21 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
.
((((((((((((((((((((((((((((( snapshot@2007-10-19_17.24.06.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-19 21:21:08 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-10-20 00:15:33 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-10-19 21:21:08 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-10-20 00:15:33 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-10-19 21:21:08 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-20 00:15:33 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"NvCplDaemon"="-C:\WINDOWS\System32\NvCpl.dll" []
"NvMediaCenter"="-C:\WINDOWS\System32\NvMcTray.dll" []
"DeltTray"="-DeltTray.exe" []
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 15:30]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
@=
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.exe [2001-02-13 01:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Justin^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Justin\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
"C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\System32\Drivers\DLARTL_M.SYS
.
Contents of the 'Scheduled Tasks' folder
"2007-10-18 22:52:21 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2007-10-18 22:52:20 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-19 20:15:58
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-19 20:17:19 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-19 17:25
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:25 PM, on 10/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\WINDOWS\System32\devldr32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] -RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] -RUNDLL32.exe C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DeltTray] -DeltTray.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - -"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" (file missing)
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - -C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - -C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - -"C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe" (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - -"C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe" (file missing)
O23 - Service: RoxMediaDB9 - Unknown owner - -"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe" (file missing)
O23 - Service: stllssvr - Unknown owner - -"C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" (file missing)
--
End of file - 4717 bytes

Response Number 7

Name: jabuck
Date: October 19, 2007 at 18:53:33 Pacific

Reply:

Open notepad (Start Menu > Run > Type notepad and press "ok".
Copy and paste everything into notepad between the x's making regedit4 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
@=-
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.
Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.
Update your java. Go to start> control panel> java> update> update now> uncheck/decline any google toolbar options.
One update go to control panel> add/remove programs and unistall all the other java versions on the computer except for the jre1.6.0_03 version you just installed. Those older version are one way you could have been infected.
You should consider adding "Spywareblaster" to your arsenol of antispyware tools, just do a google search for spywareblaster, download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.
How is the computer operating?

Response Number 8

Name: miabellezza
Date: October 20, 2007 at 09:31:52 Pacific

Reply:

Here's a step-by-step guide on how to remove the Trojan manually.
http://www.squidoo.com/computer-vir...

Learn how to manually remove Viruses, Spyware, Adware, annoying Pop-Ups from your computer including the dreaded Trojans.
MiaBellezza

Response Number 9

Name: seymop
Date: October 20, 2007 at 10:03:16 Pacific

Reply:

Thank you very much!!!!!! Runs like a top now. how did you learn how to do this stuff?!

Response Number 10

Name: miabellezza
Date: October 20, 2007 at 10:11:19 Pacific

Reply:

seymop, if you're talking to me I learned it because I had to. Prior to my Cogeco Anti-Virus, I had Bitdefender and it wasn't able to stop a lot of virus but fortunately it always gave me the string where the trojan or virus was located. So, if you know where it is, you can get it!
I keep updating that lens, so drop by often.
Learn how to manually remove Viruses, Spyware, Adware, annoying Pop-Ups from your computer including the dreaded Trojans.
MiaBellezza

Response Number 11

Name: jabuck
Date: October 20, 2007 at 11:06:38 Pacific

Reply:

Glad we could help.

Sponsored Link

Ads by Google

Help Removing W32.IRCbot ...

Internet page display pro...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Trojan-spy.win32@mx....etc. HELP!

Trojan-spy.win32@mx problem

Summary

www.computing.net/answers/security/trojanspywin32mx-problem/20290.html

Trojan.spy virus help needed

Summary

www.computing.net/answers/security/trojanspy-virus-help-needed/2845.html

HELP! PSW.x-Vir // W32.Myzor.FK@yf

Summary

www.computing.net/answers/security/help-pswxvir-w32myzorfkyf/19817.html

From the Geek Dictionary
LART - Lart can also be used to Compress the Phrase I Laughed so hard, I farted! I...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
Vbs talking to batch

locate and isolate bad sectors on vista

spybot or windows defender

unable to open jpg files which are recovered

PSPad don't open last document

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE