 Winanonymous?pornography?colleges?trusted Virus Support?, Crazy webpages pop up when I use Internet Explorer |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
 May 4 2008, 07:48 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 4 Joined: 4-May 08 Member No.: 207,049  |
Hi Guys, I'm brand new to this forum. I followed a link from Yahoo Answers because our family is being inundated with these strange pop ups telling us that we have spyware, illegal pornography, and wanting us to download,scan, etc. This is then followed up by other webpage pop ups for colleges,and of course the random "sexy" site. I find that I don't have problems when using Firefox, just Internet Explorer. I haven't been able to do the Kapersky Online Scanner because it's for Explorer only. I'll post the DSS and Hijack this stuff and then afterwards try the online scanner.
I apologize if I have this all backwards. I will update with the Kapersky Online scanner if I can get it done. Thank you for whatever help you can offer! Have a great evening! -ANGELFISHFOOD Here's the Hijackthis log: Deckard's System Scanner v20071014.68 Run by Melissa Lea Sorenson on 2008-05-04 18:15:00 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 75: 2008-05-05 00:15:14 UTC - RP587 - Deckard's System Scanner Restore Point 74: 2008-05-04 02:10:00 UTC - RP586 - Last known good configuration 73: 2008-05-04 02:09:47 UTC - RP585 - System Checkpoint 72: 2008-05-04 02:09:47 UTC - RP584 - System Checkpoint 71: 2008-05-04 02:09:46 UTC - RP583 - System Checkpoint -- First Restore Point -- 1: 2008-05-04 02:09:16 UTC - RP513 - Removed WordPerfect Office 12 Backed up registry hives. Performed disk cleanup. Total Physical Memory: 510 MiB (512 MiB recommended). -- HijackThis (run as Melissa Lea Sorenson.exe) -------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:19:13 PM, on 04/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DNA\btdna.exe C:\Program Files\BitTorrent\bittorrent.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Melissa Lea Sorenson\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Melissa Lea Sorenson.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DC R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/start/enCA/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aliant.net/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll O2 - BHO: (no name) - {3713F9EE-C059-4540-B697-987EF263A088} - C:\WINDOWS\system32\awtQKAtq.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: (no name) - {BADBF36C-9799-475D-9DA3-D911EE18C9E1} - C:\WINDOWS\system32\jkkijghi.dll O2 - BHO: {591b0fc0-aa4f-daba-4674-f0a8ff33c60e} - {e06c33ff-8a0f-4764-abad-f4aa0cf0b195} - C:\WINDOWS\system32\jwsnajou.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [103a228d] rundll32.exe "C:\WINDOWS\system32\atpufqlb.dll",b O4 - HKLM\..\Run: [BM13091111] Rundll32.exe "C:\WINDOWS\system32\nsyicqtv.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://minxiemelissa.spaces.live.com//Phot...ad/MsnPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161988681437 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: awtQKAtq - C:\WINDOWS\SYSTEM32\awtQKAtq.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- End of file - 10648 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell> S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt> S3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 MREMP50 (MREMP50 NDIS Protocol Driver) - c:\program files\common files\motive\mremp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 MREMP50a64 (MREMP50a64 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mremp50a64.sys (file missing) S3 MRESP50 (MRESP50 NDIS Protocol Driver) - c:\program files\common files\motive\mresp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 MRESP50a64 (MRESP50a64 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mresp50a64.sys (file missing) S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour> R2 McciCMService - "c:\program files\common files\motive\mccicmservice.exe" <Not Verified; Motive Communications, Inc.; > R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter R2 WDBtnMgrSvc.exe (WD Drive Manager Service) - "c:\program files\western digital\wd drive manager\wdbtnmgrsvc.exe" <Not Verified; WDC; WD Drive Manager> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-05-03 18:29:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2008-04-01 01:00:03 362 --a------ C:\WINDOWS\Tasks\McQcTask.job 2007-10-28 20:37:53 370 --a------ C:\WINDOWS\Tasks\McDefragTask.job -- Files created between 2008-04-04 and 2008-05-04 ----------------------------- 2008-05-04 18:18:45 0 d-------- C:\Program Files\Trend Micro 2008-05-04 08:16:29 108096 --a------ C:\WINDOWS\system32\jwsnajou.dll 2008-05-04 08:13:35 95296 --a------ C:\WINDOWS\system32\atpufqlb.dll 2008-05-04 08:13:26 104512 --a------ C:\WINDOWS\system32\nsyicqtv.dll 2008-05-03 20:09:05 364649 --ahs---- C:\WINDOWS\system32\ihgjikkj.ini2 2008-05-03 20:08:58 281600 --a------ C:\WINDOWS\system32\jkkijghi.dll 2008-05-03 20:04:41 42496 --a------ C:\WINDOWS\system32\pmnMfGXo.dll 2008-05-03 20:03:47 42496 --a------ C:\WINDOWS\system32\awtQKAtq.dll 2008-05-03 09:41:35 0 d-------- C:\Program Files\iPod 2008-04-10 16:16:09 0 d-------- C:\Program Files\Yahoo! 2008-04-05 10:16:47 0 d-------- C:\Program Files\DNA 2008-04-05 10:16:47 0 d-------- C:\Documents and Settings\Melissa Lea Sorenson\Application Data\DNA 2008-04-05 10:00:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar 2008-04-05 10:00:06 0 d-------- C:\Program Files\Winamp Toolbar 2008-04-05 09:59:11 0 d-------- C:\Program Files\Winamp 2008-04-05 09:59:11 0 d-------- C:\Documents and Settings\Melissa Lea Sorenson\Application Data\Winamp -- Find3M Report --------------------------------------------------------------- 2008-05-04 18:19:35 0 d-------- C:\Documents and Settings\Melissa Lea Sorenson\Application Data\BitTorrent 2008-05-03 09:59:08 0 d-------- C:\Program Files\Apple Software Update 2008-05-03 09:42:29 0 d-------- C:\Program Files\iTunes 2008-05-03 09:36:56 0 d-------- C:\Program Files\QuickTime 2008-04-15 08:34:05 0 d-------- C:\Program Files\Java 2008-04-05 10:17:03 0 d-------- C:\Program Files\BitTorrent 2008-03-31 20:34:10 0 d-------- C:\Documents and Settings\Melissa Lea Sorenson\Application Data\Google 2008-03-31 19:44:13 0 d-------- C:\Program Files\Picasa2 2008-03-31 19:42:33 0 d-------- C:\Program Files\Google 2008-03-31 19:40:30 0 d-------- C:\Program Files\Western Digital Technologies 2008-03-31 19:40:06 0 d-------- C:\Program Files\Western Digital 2008-03-31 18:15:06 0 d-------- C:\Program Files\Hewlett-Packard 2008-03-31 18:06:26 0 d-------- C:\Program Files\HP 2008-03-21 09:03:01 0 d-------- C:\Program Files\Bonjour 2008-03-21 08:57:53 0 d-------- C:\Program Files\Common Files 2008-03-21 08:57:53 0 d-------- C:\Program Files\Common Files\Apple 2008-03-19 21:27:22 0 d-------- C:\Program Files\Common Files\xing shared 2008-03-19 21:27:16 0 d-------- C:\Program Files\Real 2008-03-19 21:26:51 0 d-------- C:\Program Files\Common Files\Real 2008-03-19 21:05:15 0 d-------- C:\Documents and Settings\Melissa Lea Sorenson\Application Data\Real 2008-03-19 20:59:51 3683 --a------ C:\WINDOWS\mozver.dat 2008-03-07 20:26:05 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-02-11 16:48:13 5018 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2008-02-11 16:48:13 104 -r-hs---- C:\WINDOWS\system32\6D9134488C.sys 2008-02-11 15:20:24 1009 --a------ C:\WINDOWS\eReg.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3713F9EE-C059-4540-B697-987EF263A088}] 03/05/2008 08:03 PM 42496 --a------ C:\WINDOWS\system32\awtQKAtq.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BADBF36C-9799-475D-9DA3-D911EE18C9E1}] 03/05/2008 08:09 PM 281600 --a------ C:\WINDOWS\system32\jkkijghi.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e06c33ff-8a0f-4764-abad-f4aa0cf0b195}] 04/05/2008 08:16 AM 108096 --a------ C:\WINDOWS\system32\jwsnajou.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [19/03/2008 04:36 PM 1267040] [-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [14/10/2004 06:42 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM] "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [03/09/2003 07:12 PM] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10/06/2005 09:44 AM] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/2005 09:44 AM] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [20/09/2005 07:35 AM] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [20/09/2005 07:32 AM] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [20/09/2005 07:36 AM] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [25/10/2001 08:55 AM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [19/03/2008 09:25 PM] "WD Drive Manager"="C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [30/01/2008 04:50 AM] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [31/03/2008 07:42 PM] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [20/02/2007 07:18 PM] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01/04/2008 12:49 PM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 11:37 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36 AM] "103a228d"="C:\WINDOWS\system32\atpufqlb.dll" [04/05/2008 08:13 AM] "BM13091111"="C:\WINDOWS\system32\nsyicqtv.dll" [04/05/2008 08:13 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 04:00 AM] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/04/2008 07:37 PM] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [11/04/2008 06:06 AM] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [05/04/2008 10:17 AM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{3713F9EE-C059-4540-B697-987EF263A088}"= C:\WINDOWS\system32\awtQKAtq.dll [03/05/2008 08:03 PM 42496] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtQKAtq] awtQKAtq.dll 03/05/2008 08:03 PM 42496 C:\WINDOWS\system32\awtQKAtq.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkijghi [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk backup=C:\WINDOWS\pss\ WinCinema Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TELUS_eCare_Lite_McciTrayApp] C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "C:\Program Files\Winamp\winampa.exe" *Newly Created Service* - HTTPFILTER *Newly Created Service* - RASAUTO -- End of Deckard's System Scanner: finished at 2008-05-04 18:22:53 ------------ Attached is the second part of the Hijackthis text Also, I managed to run the Kaspersky scan: Sunday, May 04, 2008 7:53:20 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 4/05/2008 Kaspersky Anti-Virus database records: 740088 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target Critical Areas C:\WINDOWS C:\DOCUME~1\MELISS~1\LOCALS~1\Temp\ Scan Statistics Total number of scanned objects 14040 Number of viruses found 1 Number of infected objects 6 Number of suspicious objects 0 Duration of the scan process 00:20:41 Infected Object Name Virus Name Last Action C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\pfirewall.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\atpufqlb.dll Infected: Trojan.Win32.Monder.gen skipped C:\WINDOWS\system32\awtQKAtq.dll Infected: Trojan.Win32.Monder.gen skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\jkkijghi.dll Infected: Trojan.Win32.Monder.gen skipped C:\WINDOWS\system32\jwsnajou.dll Infected: Trojan.Win32.Monder.gen skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\system32\nsyicqtv.dll Infected: Trojan.Win32.Monder.gen skipped C:\WINDOWS\system32\pmnMfGXo.dll Infected: Trojan.Win32.Monder.gen skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\mcafee_ogTiriCIaMQDotE Object is locked skipped C:\WINDOWS\Temp\mcmsc_kA6n4Y40QeNG2uZ Object is locked skipped C:\WINDOWS\Temp\mcmsc_pAcnYxj0vXgWlGP Object is locked skipped C:\WINDOWS\Temp\mcmsc_thXy5kSdyywbOXL Object is locked skipped C:\WINDOWS\Temp\mcmsc_UZUel5P37NfTuNV Object is locked skipped C:\WINDOWS\Temp\mcmsc_VbMQjOxNWWoyiNT Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\DOCUME~1\MELISS~1\LOCALS~1\Temp\~DF6F9.tmp Object is locked skipped I don't know if that's what you'll need. Should I be removing these files. Unfortunately, I don't know THAT much about computers. I sure can mess them up pretty good! Thanks - Angelfishfood This post has been edited by angelfishfood: May 4 2008, 09:08 PM
Attached File(s)
|
 |
 
|
Posts in this topic
angelfishfood Winanonymous?pornography?colleges?trusted Virus Support? May 4 2008, 07:48 PM
steamwiz Hi
Please Download Malwarebytes' Anti-Malware... May 5 2008, 04:13 PM angelfishfood Hi Steam,
I ran the Malware and I already see a ... May 6 2008, 04:49 PM steamwiz Hi
You're doing well :)
You've run Combo... May 7 2008, 01:25 PM angelfishfood Hi Steam!
I checked in the C: drive and the ... May 7 2008, 05:00 PM steamwiz HI
Mmm ... it should be there ... look at the bot... May 8 2008, 03:17 PM angelfishfood Hi Steam,
I did a search of the system for the c... May 11 2008, 12:09 PM steamwiz Hi
If it wasn't at C:\ComboFix2.txt ..... May 11 2008, 02:28 PM
steamwiz Due to lack of feedback This thread is now treated... Jun 24 2008, 03:56 PM  |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2009 - 03:44 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.