The logs follow...just to let you know, once combofix rebooted computer, it came to a black screen giving me the option of Safe mode, safe mode with networking...etc. the only way i could get past that screen was to select "last known working configuration." all the other options simply rebooted the computer.
HJT uninstall list
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Photoshop CS
Adobe Shockwave Player
Apple Software Update
Backyard Basketball
Big Fish Games Client
DigiLab 1.6.6
Digital Photo Recovery 2.0.3
Disney's Toontown Online
DownloadManager
EPSON Print CD
EPSON Printer Software
Express Burn
Family Feud (remove only)
Film Factory
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
ICC Color Profiles
Indeo® Software
Intel(R) Active Monitor
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 3
L&H TTS3000 Russian
LEGO Creator
Lemmings Revolution (remove only)
Lernout & Hauspie TruVoice American English TTS Engine
MediaRECOVER PRO
Microsoft .NET Framework 1.1
Microsoft AntiSpyware
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Morpheus Toolbar
MSN Music Assistant
Multiple Image Resizer .NET
Multiple Image Resizer .NET
My Sam's Club Digital Photo Center
NCH Tone Generator Uninstall
Neat Image v5 Demo
Norton Spyware Scan provided by Yahoo!
NTI Backup NOW! 3
NTI DriveBackup! 3
NTI DVD-Maker 6 Gold
NVIDIA Display Driver
NVIDIA Drivers
OpenMG Limited Patch 4.0-04-08-02-01
OpenMG Secure Module 4.0.00
Outerinfo
p2pnetworks
PartyPokerNet
Photodex Presenter
PixRecovery
PowerDVD
ProShow Gold
PSM
QuickTime
RealArcade
RealPlayer
Rhapsody Player Engine
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Snood for Windows version 3.52-W
SonicStage 2.1.00
SoundMAX
The Weather Channel Desktop
Ulead DVD MovieFactory 2 SE
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
WavePad Uninstall
Weather Services
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Music Jukebox
Yahoo! Toolbar for Internet Explorer
Zoo Tycoon: Complete Collection
Combofix text
"Kevin Keelan" - 2007-07-03 17:41:46 - ComboFix 07-07-04.1 - Service Pack 2
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\TEMP
C:\DOCUME~1\KEVINK~1\APPLIC~1.\sks~1
C:\Program Files\Common Files\pppatc~1
C:\Program Files\Common Files\pppatc~1\alg.exe
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\downloadmanager\agent.dll
C:\Program Files\downloadmanager\api.exe
C:\Program Files\downloadmanager\insdl.dll
C:\Program Files\downloadmanager\mptray.exe
C:\Program Files\downloadmanager\mpupdate.exe
C:\Program Files\downloadmanager\p2pinst.exe
C:\Program Files\downloadmanager\p2pl.exe
C:\Program Files\inetget2
C:\Program Files\mediapipe
C:\Program Files\mediapipe\ErrorLog.txt
C:\Program Files\mediapipe\ItBill.exe
C:\Program Files\mediapipe\ItBill_terms.txt
C:\Program Files\mediapipe\register.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\AlConfig.xml
C:\Program Files\p2pnetworks\alp2plib.log
C:\Program Files\p2pnetworks\alp2plib.log.bak
C:\Program Files\p2pnetworks\install.log
C:\Program Files\p2pnetworks\mpp2pl.exe
C:\Program Files\p2pnetworks\p2pnetworks.exe
C:\Program Files\p2pnetworks\sp2p.cache
C:\Program Files\p2pnetworks\uninst.exe
C:\Program Files\winpop
C:\Program Files\winpop\UnInstall.exe
C:\Program Files\winpop\winpop.exe
C:\WINDOWS\b.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\retadpu11.exe
C:\WINDOWS\system32\kayb.dll
C:\WINDOWS\system32\sstem~1
C:\WINDOWS\system32\sstem~1\cmd.exe
C:\WINDOWS\system32\wnstssv32.exe
C:\WINDOWS\wr.txt
((((((((((((((((((((((((( Files Created from 2007-06-03 to 2007-07-03 )))))))))))))))))))))))))))))))
2007-07-03 17:39 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-03 17:39 1,118,676 --a------ C:\ComboFix.exe
2007-06-23 13:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-06-23 13:22 <DIR> d-------- C:\Program Files\Lemmings Revolution
2007-06-23 13:11 <DIR> d-------- C:\Downloads
2007-06-23 08:36 <DIR> d-------- C:\My Games
2007-06-23 08:35 <DIR> d-------- C:\My Download Files
2007-06-23 08:31 774,144 --a------ C:\Program Files\RngInterstitial.dll
2007-06-22 23:25 <DIR> d-------- C:\Program Files\Family Feud
2007-06-22 23:25 <DIR> d-------- C:\Program Files\bfgclient
2007-06-22 23:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
2007-06-22 12:46 <DIR> d-------- C:\WINDOWS\lhsp
2007-06-22 12:21 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-06-22 12:21 <DIR> d-------- C:\DOCUME~1\KEVINK~1\APPLIC~1\NCH Swift Sound
2007-06-07 20:57 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-03 21:50:30 -------- d-----w C:\Program Files\DownloadManager
2007-07-03 21:39:41 -------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-06-23 12:30:48 -------- d-----w C:\Program Files\Real
2007-06-23 12:30:47 -------- d-----w C:\Program Files\Common Files\Real
2007-06-22 16:08:29 -------- d-----w C:\Program Files\DigiLab
2007-06-19 03:37:42 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-06-04 03:06:16 -------- d-----w C:\Program Files\PartyGaming.Net
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-11 20:41:55 552 ----a-w C:\WINDOWS\system32\d3d8caps.dat
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-10-26 12:28 440384 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-04-16 20:39 37808 --a------ C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9}]
2006-12-16 12:31 237568 --a------ C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar4.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D73F49B1-B51B-4d32-A3B7-BD04B8342F53}]
2006-12-16 12:31 57344 --a------ C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-10-23 13:37]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2003-10-14 18:44]
"IMONTRAY"="C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe" [2003-01-10 16:08]
"RestoreIT!"="C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.exe" [2003-03-06 16:27]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 15:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"ymetray"="C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" [2006-08-14 13:09]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-16 17:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-26 21:45]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"EPSON Stylus Photo 2200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-06-30 15:05]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-14 15:33]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 07:51]
"Hsas"="C:\PROGRA~1\COMMON~1\PPPATC~1\alg.exe" []
"Lebpzln"="C:\WINDOWS\system32\s?stem\cmd.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [2005-06-24 15:24]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\farstone]
NULL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
"C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe"
Contents of the 'Scheduled Tasks' folder
2007-06-30 20:55:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
**************************************************************************
catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-07-03 17:58:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus Photo 2200 = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_SFF.tmp"??t??w???w????????Z??w????*??w????~?I?????????????>??w??S???5?????????????z?#???F???????????????????????????????F????????????w????????????????\????????b?w??????????????#?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-03 17:59:58 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-03 17:59
--- E O F ---
Here's combofix quarantined files in case you need it
- Code: Select all
2004-02-10 13:59 12800 --a------ C:\Qoobox\Quarantine\C\Program Files\DownloadManager\insdl.dll.vir
2004-02-10 13:59 12800 --a------ C:\Qoobox\Quarantine\C\Program Files\MediaPipe\register.dll.vir
2005-05-12 18:43 915 --a------ C:\Qoobox\Quarantine\C\Program Files\p2pnetworks\AlConfig.xml.vir
2005-11-21 20:58 361856 --a------ C:\Qoobox\Quarantine\C\Program Files\p2pnetworks\p2pnetworks.exe.vir
2005-11-21 20:59 211955 --a------ C:\Qoobox\Quarantine\C\Program Files\DownloadManager\p2pinst.exe.vir
2006-03-09 19:31 27349 --a------ C:\Qoobox\Quarantine\C\Program Files\MediaPipe\ItBill_terms.txt.vir
2006-03-10 20:24 114688 --a------ C:\Qoobox\Quarantine\C\Program Files\p2pnetworks\mpp2pl.exe.vir
2006-03-10 20:24 95652 --a------ C:\Qoobox\Quarantine\C\Program Files\DownloadManager\p2pl.exe.vir
2006-03-10 20:25 126976 --a------ C:\Qoobox\Quarantine\C\Program Files\DownloadManager\Agent.dll.vir
2006-03-10 20:39 281856 --a------ C:\Qoobox\Quarantine\C\Program Files\DownloadManager\api.exe.vir
2006-03-10 20:39 423296 --a------ C:\Qoobox\Quarantine\C\Program Files\MediaPipe\ItBill.exe.vir
2006-03-10 20:40 116096 --a------ C:\Qoobox\Quarantine\C\Program Files\DownloadManager\MPTray.exe.vir
2006-03-10 20:40 128384 --a------ C:\Qoobox\Quarantine\C\Program Files\DownloadManager\MPUpdate.exe.vir
2006-03-12 02:07 1099 --a------ C:\Qoobox\Quarantine\C\Program Files\p2pnetworks\install.log.vir
2006-03-12 02:07 2048 --a------ C:\Qoobox\Quarantine\C\Program Files\p2pnetworks\sp2p.cache.vir
2006-03-12 02:07 44965 --a------ C:\Qoobox\Quarantine\C\Program Files\p2pnetworks\uninst.exe.vir
2006-03-12 02:07 509 --a------ C:\Qoobox\Quarantine\C\Program Files\MediaPipe\ErrorLog.txt.vir
2006-09-25 18:31 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\b.exe.vir
2007-01-12 16:00 18031 --a------ C:\Qoobox\Quarantine\C\Program Files\Outerinfo\Terms.rtf.vir
2007-06-12 04:12 99855 --a------ C:\Qoobox\Quarantine\C\WINDOWS\b122.exe.vir
2007-06-20 10:49 60928 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\kayb.dll.vir
2007-06-20 10:50 229888 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\SSTEM~1\cmd.exe.vir
2007-06-29 11:32 146944 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1552OinAdmin.exe.vir
2007-07-01 17:41 40183 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1552OinUninstaller.exe.vir
2007-07-01 17:41 72704 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\PPPATC~1\alg.exe.vir
2007-07-01 18:00 13312 --a------ C:\Qoobox\Quarantine\C\Program Files\WinPop\UnInstall.exe.vir
2007-07-01 18:00 49152 --a------ C:\Qoobox\Quarantine\C\Program Files\WinPop\winpop.exe.vir
2007-07-02 20:25 2 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wnstssv32.exe.vir
2007-07-02 20:26 40960 --a------ C:\Qoobox\Quarantine\C\WINDOWS\retadpu11.exe.vir
2007-07-02 21:01 2392 --a------ C:\Qoobox\Quarantine\C\Program Files\p2pnetworks\alp2plib.log.bak.vir
2007-07-03 10:12 343 --a------ C:\Qoobox\Quarantine\C\WINDOWS\wr.txt.vir
2007-07-03 17:52 2392 --a------ C:\Qoobox\Quarantine\C\Program Files\p2pnetworks\alp2plib.log.vir
Folder PATH listing for volume Windows XP
Volume serial number is 688E-5B7A
C:\QOOBOX
\---Quarantine
+---C
| +---Program Files
| | +---Common Files
| | | | Yazzle1552OinAdmin.exe.vir
| | | | Yazzle1552OinUninstaller.exe.vir
| | | |
| | | \---PPPATC~1
| | | alg.exe.vir
| | |
| | +---DownloadManager
| | | Agent.dll.vir
| | | api.exe.vir
| | | insdl.dll.vir
| | | MPTray.exe.vir
| | | MPUpdate.exe.vir
| | | p2pinst.exe.vir
| | | p2pl.exe.vir
| | |
| | +---MediaPipe
| | | ErrorLog.txt.vir
| | | ItBill.exe.vir
| | | ItBill_terms.txt.vir
| | | register.dll.vir
| | |
| | +---Outerinfo
| | | Terms.rtf.vir
| | |
| | +---p2pnetworks
| | | AlConfig.xml.vir
| | | alp2plib.log.bak.vir
| | | alp2plib.log.vir
| | | install.log.vir
| | | mpp2pl.exe.vir
| | | p2pnetworks.exe.vir
| | | sp2p.cache.vir
| | | uninst.exe.vir
| | |
| | \---WinPop
| | UnInstall.exe.vir
| | winpop.exe.vir
| |
| \---WINDOWS
| | b.exe.vir
| | b122.exe.vir
| | retadpu11.exe.vir
| | wr.txt.vir
| |
| \---system32
| | kayb.dll.vir
| | wnstssv32.exe.vir
| |
| \---SSTEM~1
| cmd.exe.vir
|
\---Registry_backups
And a new HJT log
Logfile of HijackThis v1.99.1
Scan saved at 6:09:19 PM, on 7/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\YTBSDK.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://us.f315.mail.yahoo.com/ym/login? ... 3v1kepv10k
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customi ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customi ... .yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_SFF.tmp"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Hsas] "C:\PROGRA~1\COMMON~1\PPPATC~1\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Lebpzln] C:\WINDOWS\system32\s?stem\cmd.exe
O4 - Startup: Epson printer Registration.lnk = F:\E_reg\EPSONREG.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) -
http://70.147.103.42/wg_webeye.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe