Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log Please Help Diagnose


  • Please log in to reply
8 replies to this topic

#1 haser

haser

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 16 August 2007 - 09:06 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:22 PM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\DriveCleaner Free\DNSE.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\kimberly\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Common Files\DriveCleaner Free\DNSE.exe" -c
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/dsl_settings/...vzTCPConfig.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183179210234
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 8686 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 16 August 2007 - 09:15 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum haser :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 haser

haser
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 16 August 2007 - 12:03 PM

ComboFix 07-08-16.3 - "kimberly" 2007-08-16 10:50:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.142 [GMT -4:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\DriveCleaner Free
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\DriveCleaner Free\DriveCleaner HomePage.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\DriveCleaner Free\DriveCleaner Online Manual.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\DriveCleaner Free\DriveCleaner Online Support.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\DriveCleaner Free\DriveCleaner.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\DriveCleaner Free\Uninstall DriveCleaner.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\DriveCleaner Free\DriveCleaner HomePage.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\DriveCleaner Free\DriveCleaner Online Manual.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\DriveCleaner Free\DriveCleaner Online Support.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\DriveCleaner Free\DriveCleaner.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\DriveCleaner Free\Uninstall DriveCleaner.lnk
C:\DOCUME~1\kimberly\APPLIC~1.\DriveCleaner Free
C:\DOCUME~1\kimberly\APPLIC~1.\DriveCleaner Free\Logs\update.log
C:\DOCUME~1\kimberly\APPLIC~1\..\err.log
C:\DOCUME~1\kimberly\APPLIC~1\..\ResErrors.log
C:\DOCUME~1\kimberly\APPLIC~1\DriveCleaner Free\Logs\update.log
C:\DOCUME~1\Rebecca\APPLIC~1\..\err.log
C:\DOCUME~1\Rebecca\APPLIC~1\..\ResErrors.log
C:\DOCUME~1\Rebecca\APPLIC~1\DriveCleaner Free
C:\DOCUME~1\Rebecca\APPLIC~1\DriveCleaner Free\Logs\update.log
C:\Program Files\Common Files\drivecleaner free
C:\Program Files\Common Files\drivecleaner free\DNSE.exe
C:\Program Files\Common Files\drivecleaner free\up.dat
C:\Program Files\DriveCleaner Free
C:\Program Files\DriveCleaner Free\Activate.dat
C:\Program Files\DriveCleaner Free\Appbase\AE_CD_Cr.dat
C:\Program Files\DriveCleaner Free\Appbase\AReadr4.dat
C:\Program Files\DriveCleaner Free\Appbase\AReadr5.dat
C:\Program Files\DriveCleaner Free\Appbase\ASDSEEpv.dat
C:\Program Files\DriveCleaner Free\Appbase\ASPack.dat
C:\Program Files\DriveCleaner Free\Appbase\Babylon.dat
C:\Program Files\DriveCleaner Free\Appbase\BDelphi5.dat
C:\Program Files\DriveCleaner Free\Appbase\CatchUp.dat
C:\Program Files\DriveCleaner Free\Appbase\CBuildr5.dat
C:\Program Files\DriveCleaner Free\Appbase\CCGA.dat
C:\Program Files\DriveCleaner Free\Appbase\CManager.dat
C:\Program Files\DriveCleaner Free\Appbase\CuteFTP4.dat
C:\Program Files\DriveCleaner Free\Appbase\CuteHTML.dat
C:\Program Files\DriveCleaner Free\Appbase\DAcceler.dat
C:\Program Files\DriveCleaner Free\Appbase\DiscJug.dat
C:\Program Files\DriveCleaner Free\Appbase\ECDCreat4.dat
C:\Program Files\DriveCleaner Free\Appbase\Far.dat
C:\Program Files\DriveCleaner Free\Appbase\FFTsks.dat
C:\Program Files\DriveCleaner Free\Appbase\FlashFXP.dat
C:\Program Files\DriveCleaner Free\Appbase\FrntPage.dat
C:\Program Files\DriveCleaner Free\Appbase\FrontPEx.dat
C:\Program Files\DriveCleaner Free\Appbase\FtpEXP.dat
C:\Program Files\DriveCleaner Free\Appbase\FtpVoya.dat
C:\Program Files\DriveCleaner Free\Appbase\GetRight.dat
C:\Program Files\DriveCleaner Free\Appbase\GoZilla.dat
C:\Program Files\DriveCleaner Free\Appbase\GravMRU.dat
C:\Program Files\DriveCleaner Free\Appbase\H_TxtPad.dat
C:\Program Files\DriveCleaner Free\Appbase\HomeSite.dat
C:\Program Files\DriveCleaner Free\Appbase\HotDogPr.dat
C:\Program Files\DriveCleaner Free\Appbase\IconExtr.dat
C:\Program Files\DriveCleaner Free\Appbase\iMesh.dat
C:\Program Files\DriveCleaner Free\Appbase\ImgReady3.dat
C:\Program Files\DriveCleaner Free\Appbase\InsShExp.dat
C:\Program Files\DriveCleaner Free\Appbase\JASC_P_P.dat
C:\Program Files\DriveCleaner Free\Appbase\KaZaA.dat
C:\Program Files\DriveCleaner Free\Appbase\LView.dat
C:\Program Files\DriveCleaner Free\Appbase\MacDir.dat
C:\Program Files\DriveCleaner Free\Appbase\MacDrWea.dat
C:\Program Files\DriveCleaner Free\Appbase\MicAng.dat
C:\Program Files\DriveCleaner Free\Appbase\MicDes.dat
C:\Program Files\DriveCleaner Free\Appbase\MM_CON.dat
C:\Program Files\DriveCleaner Free\Appbase\MMUnDisk.dat
C:\Program Files\DriveCleaner Free\Appbase\Morpheus.dat
C:\Program Files\DriveCleaner Free\Appbase\MPaint.dat
C:\Program Files\DriveCleaner Free\Appbase\MPicPub.dat
C:\Program Files\DriveCleaner Free\Appbase\MPImaGal.dat
C:\Program Files\DriveCleaner Free\Appbase\MSExplorer.dat
C:\Program Files\DriveCleaner Free\Appbase\MSoffice.dat
C:\Program Files\DriveCleaner Free\Appbase\MSRegEdit.dat
C:\Program Files\DriveCleaner Free\Appbase\MSWMP.dat
C:\Program Files\DriveCleaner Free\Appbase\MSWordPad.dat
C:\Program Files\DriveCleaner Free\Appbase\Nero.dat
C:\Program Files\DriveCleaner Free\Appbase\NetShow.dat
C:\Program Files\DriveCleaner Free\Appbase\NTBackup.dat
C:\Program Files\DriveCleaner Free\Appbase\pfilelst.xda
C:\Program Files\DriveCleaner Free\Appbase\PhotShel.dat
C:\Program Files\DriveCleaner Free\Appbase\PHPCoder.dat
C:\Program Files\DriveCleaner Free\Appbase\PowerZIP.dat
C:\Program Files\DriveCleaner Free\Appbase\RapidBr.dat
C:\Program Files\DriveCleaner Free\Appbase\RealAuPl.dat
C:\Program Files\DriveCleaner Free\Appbase\RealDown.dat
C:\Program Files\DriveCleaner Free\Appbase\SecurCRT.dat
C:\Program Files\DriveCleaner Free\Appbase\SL_BlWin.dat
C:\Program Files\DriveCleaner Free\Appbase\SmartClr.dat
C:\Program Files\DriveCleaner Free\Appbase\Sonique.dat
C:\Program Files\DriveCleaner Free\Appbase\StuffIt.dat
C:\Program Files\DriveCleaner Free\Appbase\TelepPro.dat
C:\Program Files\DriveCleaner Free\Appbase\UGifAnim.dat
C:\Program Files\DriveCleaner Free\Appbase\UltraEd.dat
C:\Program Files\DriveCleaner Free\Appbase\UMedStud.dat
C:\Program Files\DriveCleaner Free\Appbase\UPhImpV.dat
C:\Program Files\DriveCleaner Free\Appbase\UPhotoEx.dat
C:\Program Files\DriveCleaner Free\Appbase\UVidStud.dat
C:\Program Files\DriveCleaner Free\Appbase\VNC.dat
C:\Program Files\DriveCleaner Free\Appbase\WebFeret.dat
C:\Program Files\DriveCleaner Free\Appbase\WebReap.dat
C:\Program Files\DriveCleaner Free\Appbase\WinACE.dat
C:\Program Files\DriveCleaner Free\Appbase\WinGate.dat
C:\Program Files\DriveCleaner Free\Appbase\WinRAR.dat
C:\Program Files\DriveCleaner Free\Appbase\WinZIP.dat
C:\Program Files\DriveCleaner Free\Appbase\WiseInst.dat
C:\Program Files\DriveCleaner Free\Appbase\wordslst.xda
C:\Program Files\DriveCleaner Free\Appbase\YahooPl.dat
C:\Program Files\DriveCleaner Free\Appbase\ZipMagic.dat
C:\Program Files\DriveCleaner Free\atl71.dll
C:\Program Files\DriveCleaner Free\AV.dat
C:\Program Files\DriveCleaner Free\bnlink.dat
C:\Program Files\DriveCleaner Free\err.log
C:\Program Files\DriveCleaner Free\img\button.gif
C:\Program Files\DriveCleaner Free\img\button2.gif
C:\Program Files\DriveCleaner Free\img\header.gif
C:\Program Files\DriveCleaner Free\img\logo.gif
C:\Program Files\DriveCleaner Free\img\spacer.gif
C:\Program Files\DriveCleaner Free\img\top_line.gif
C:\Program Files\DriveCleaner Free\img\top1.jpg
C:\Program Files\DriveCleaner Free\img\top2.jpg
C:\Program Files\DriveCleaner Free\InstHelp.exe
C:\Program Files\DriveCleaner Free\lapv.dat
C:\Program Files\DriveCleaner Free\license.rtf
C:\Program Files\DriveCleaner Free\manual.url
C:\Program Files\DriveCleaner Free\mfc71.dll
C:\Program Files\DriveCleaner Free\msvcp71.dll
C:\Program Files\DriveCleaner Free\msvcr71.dll
C:\Program Files\DriveCleaner Free\pv.dat
C:\Program Files\DriveCleaner Free\pv.exe
C:\Program Files\DriveCleaner Free\readme.rtf
C:\Program Files\DriveCleaner Free\remnag.dat
C:\Program Files\DriveCleaner Free\ResErrors.log
C:\Program Files\DriveCleaner Free\ScanReport.dat
C:\Program Files\DriveCleaner Free\Schedule.dat
C:\Program Files\DriveCleaner Free\sr.log
C:\Program Files\DriveCleaner Free\support.url
C:\Program Files\DriveCleaner Free\UDC.exe
C:\Program Files\DriveCleaner Free\UDC.xml
C:\Program Files\DriveCleaner Free\UDC6.url
C:\Program Files\DriveCleaner Free\UDCPChk.dll
C:\Program Files\DriveCleaner Free\unins000.dat
C:\Program Files\DriveCleaner Free\unins000.exe
C:\Program Files\DriveCleaner Free\uninstall.ico
C:\Program Files\DriveCleaner Free\UninstallPage.html
C:\Program Files\DriveCleaner Free\up.dat
C:\Program Files\DriveCleaner Free\updater.dat
C:\Program Files\DriveCleaner Free\vbpv.dat
C:\Program Files\VirusProtectPro 3.6
C:\Program Files\VirusProtectPro 3.6\ignored.lst
C:\WINDOWS\system32\__c00891B8.dat
C:\WINDOWS\system32\__c00F0674.dat


((((((((((((((((((((((((( Files Created from 2007-07-16 to 2007-08-16 )))))))))))))))))))))))))))))))


2007-08-16 10:48 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-15 16:05 <DIR> d-------- C:\Program Files\IObit
2007-08-15 15:20 <DIR> d-------- C:\Program Files\Verizon
2007-08-15 11:15 <DIR> d-------- C:\Program Files\CleanCache 3.0
2007-08-14 18:38 <DIR> d-------- C:\Program Files\Dl_cats
2007-08-14 18:28 <DIR> d-------- C:\Program Files\Dell Photo AIO Printer 924
2007-08-14 17:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-08-14 17:44 983,092 --a------ C:\WINDOWS\system32\dlccgf.dll
2007-08-14 17:44 86,016 --a------ C:\WINDOWS\system32\dlcccub.dll
2007-08-14 17:44 770,048 --a------ C:\WINDOWS\system32\dlcchbn3.dll
2007-08-14 17:44 73,728 --a------ C:\WINDOWS\system32\dlcccu.dll
2007-08-14 17:44 704,512 --a------ C:\WINDOWS\system32\dlcccomc.dll
2007-08-14 17:44 638,976 --a------ C:\WINDOWS\system32\dlccpmui.dll
2007-08-14 17:44 491,520 --a------ C:\WINDOWS\system32\dlcccoms.exe
2007-08-14 17:44 483,328 --a------ C:\WINDOWS\system32\dlcclmpm.dll
2007-08-14 17:44 430,080 --a------ C:\WINDOWS\system32\dlccutil.dll
2007-08-14 17:44 413,696 --a------ C:\WINDOWS\system32\dlcccomm.dll
2007-08-14 17:44 40,960 --a------ C:\WINDOWS\system32\dlccvs.dll
2007-08-14 17:44 372,736 --a------ C:\WINDOWS\system32\dlccih.exe
2007-08-14 17:44 368,640 --a------ C:\WINDOWS\system32\dlcccfg.exe
2007-08-14 17:44 36,864 --a------ C:\WINDOWS\system32\dlcccur.dll
2007-08-14 17:44 176,128 --a------ C:\WINDOWS\system32\dlccinsb.dll
2007-08-14 17:44 155,648 --a------ C:\WINDOWS\system32\dlccprox.dll
2007-08-14 17:44 155,648 --a------ C:\WINDOWS\system32\dlccins.dll
2007-08-14 17:44 131,072 --a------ C:\WINDOWS\system32\dlccjswr.dll
2007-08-14 17:44 114,688 --a------ C:\WINDOWS\system32\dlccpplc.dll
2007-08-14 17:44 106,496 --a------ C:\WINDOWS\system32\dlccinsr.dll
2007-08-14 17:44 1,183,744 --a------ C:\WINDOWS\system32\dlccserv.dll
2007-08-14 17:44 1,134,592 --a------ C:\WINDOWS\system32\dlccusb1.dll
2007-08-14 17:44 <DIR> d-------- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2007-08-14 17:44 <DIR> d-------- C:\Temp
2007-08-14 17:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Citrix
2007-08-14 17:25 60,968 --a------ C:\DOCUME~1\kimberly\GoToAssistDownloadHelper.exe
2007-08-14 16:41 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2007-08-14 16:41 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-08-12 21:44 <DIR> d-------- C:\Program Files\GameShadow
2007-08-10 20:00 <DIR> d-------- C:\Program Files\Morpheus
2007-08-10 20:00 <DIR> d-------- C:\DOCUME~1\Rebecca\APPLIC~1\Morpheus
2007-08-10 15:40 <DIR> d-------- C:\Program Files\Safari
2007-08-10 15:40 <DIR> d-------- C:\Program Files\Bonjour
2007-08-10 11:21 <DIR> d-------- C:\DOCUME~1\Rebecca\APPLIC~1\WinPatrol
2007-08-08 07:56 <DIR> d-------- C:\Program Files\9Dragons
2007-08-07 07:53 <DIR> d-------- C:\Program Files\Acclaim
2007-08-06 22:09 <DIR> d-------- C:\Program Files\BillP Studios
2007-08-06 22:09 <DIR> d-------- C:\DOCUME~1\kimberly\APPLIC~1\WinPatrol
2007-08-06 21:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-05 19:45 <DIR> d-------- C:\Program Files\uTorrent
2007-08-05 19:45 <DIR> d-------- C:\DOCUME~1\kimberly\APPLIC~1\uTorrent
2007-08-02 16:31 <DIR> d-------- C:\DOCUME~1\kimberly\APPLIC~1\Opera
2007-08-01 19:10 <DIR> d-------- C:\Program Files\Opera
2007-07-29 14:47 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-29 14:11 <DIR> d-------- C:\DOCUME~1\kimberly\APPLIC~1\SpywareBot
2007-07-29 14:10 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-29 14:10 <DIR> d-------- C:\Program Files\SpywareBot
2007-07-26 17:34 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-07-26 17:33 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-07-26 17:32 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-07-26 17:32 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-07-25 22:33 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2007-07-25 22:33 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2007-07-25 22:33 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2007-07-25 22:33 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2007-07-25 22:33 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-07-25 22:33 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-07-25 22:33 76,288 --a------ C:\WINDOWS\system32\uniime.dll
2007-07-25 22:33 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2007-07-25 22:33 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2007-07-25 22:33 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2007-07-25 22:33 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2007-07-25 22:33 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2007-07-25 22:33 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2007-07-25 22:33 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2007-07-25 22:33 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2007-07-25 22:33 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2007-07-25 22:33 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2007-07-25 22:33 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-07-25 22:33 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-07-25 22:33 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-07-25 22:33 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2007-07-25 22:33 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2007-07-25 22:33 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-07-25 22:33 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2007-07-25 22:33 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2007-07-24 21:01 <DIR> d-------- C:\Program Files\Softnyx
2007-07-24 20:58 <DIR> d-------- C:\Downloads
2007-07-19 21:36 <DIR> d-------- C:\DOCUME~1\Rebecca\APPLIC~1\vlc
2007-07-18 20:27 <DIR> d-------- C:\Program Files\QuickTime
2007-07-18 20:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-15 15:20 --------- d-------- C:\Program Files\Common Files\Motive
2007-08-14 21:27 --------- d-------- C:\DOCUME~1\kimberly\APPLIC~1\AdobeUM
2007-08-10 19:58 --------- d-------- C:\Program Files\LimeWire
2007-08-07 07:53 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-27 10:39 --------- d-------- C:\Program Files\WarRock
2007-07-23 15:58 879832 --a------ C:\WINDOWS\system32\drivers\VetEFile.sys
2007-07-23 15:58 108360 --a------ C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-07-19 02:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-18 20:30 --------- d-------- C:\DOCUME~1\kimberly\APPLIC~1\Apple Computer
2007-07-15 21:16 --------- d-------- C:\Program Files\Veoh Networks
2007-07-13 11:29 --------- d-------- C:\DOCUME~1\kimberly\APPLIC~1\MSNInstaller
2007-07-12 19:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-11 23:18 --------- d-------- C:\Program Files\CCleaner
2007-07-11 21:50 26787 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-07-11 21:48 74864 --a------ C:\WINDOWS\system32\VetRedir.dll
2007-07-11 21:48 21031 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.sys
2007-07-11 21:48 15735 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.sys
2007-07-11 21:48 15478 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.sys
2007-07-11 21:48 115824 --a------ C:\WINDOWS\UnVet32.exe
2007-07-11 21:48 111728 --a------ C:\WINDOWS\AVShlExt.dll
2007-07-11 21:48 --------- d-------- C:\Program Files\Yahoo!
2007-07-11 20:47 --------- d-------- C:\Program Files\Common Files\Scanner
2007-07-11 17:37 --------- d-------- C:\Program Files\Modem Helper
2007-07-11 16:47 --------- d-------- C:\Program Files\Eusing Free Registry Cleaner
2007-07-04 22:25 56 -r-hs---- C:\WINDOWS\system32\04C2206212.sys
2007-07-04 22:25 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-06-30 22:27 --------- d-------- C:\DOCUME~1\kimberly\APPLIC~1\Motive
2007-06-30 15:40 --------- d-------- C:\DOCUME~1\kimberly\APPLIC~1\Corel Photo Album
2007-06-29 16:22 --------- d-------- C:\DOCUME~1\kimberly\APPLIC~1\vlc
2007-06-29 16:18 --------- d-------- C:\Program Files\VideoLAN
2007-06-28 21:18 --------- d-------- C:\DOCUME~1\kimberly\APPLIC~1\Real
2007-06-27 10:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 10:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 10:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 10:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 10:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 10:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 10:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 10:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 10:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 10:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 10:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 10:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 10:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 10:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 10:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 10:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 10:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 10:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 10:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 04:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 04:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 04:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 03:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-17 23:10 --------- d-------- C:\DOCUME~1\kimberly\APPLIC~1\acccore
2007-06-16 21:21 --------- d-------- C:\Program Files\AIM6
2007-06-16 21:18 --------- d-------- C:\Program Files\Common Files\AOL
2007-06-16 16:54 --------- d-------- C:\Program Files\Microsoft Money 2005
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 06:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-05-27 14:53 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-05-27 14:53 104960 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-05-17 07:28 549376 --a------ C:\WINDOWS\system32\oleaut32.dll
2007-05-17 07:28 549376 --------- C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-05-16 11:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 20:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 14:03]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-04 19:45]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 12:06]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 17:37]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2007-07-11 21:48]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2007-07-11 21:48]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2005-06-17 00:30]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 14:38]
"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 15:03]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2007-07-27 21:39]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 14:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)



Contents of the 'Scheduled Tasks' folder
2007-08-16 14:59:53 C:\WINDOWS\Tasks\SmartDefrag.job - C:\Program Files\IObit\IObit SmartDefrag\schedule.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-16 10:59:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-16 11:03:21 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-16 11:03

--- E O F ---

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 16 August 2007 - 12:09 PM

Could you post the new Hijackthis log please.
Posted Image
Posted Image

#5 haser

haser
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 16 August 2007 - 02:48 PM

sorry about last one this is it.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:25 PM, on 8/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Verizon\McciBrowser.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\kimberly\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/dsl_settings/...vzTCPConfig.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183179210234
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 9165 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 16 August 2007 - 02:59 PM

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

Exit Hijackthis.

Find and delete:
C:\Program Files\MyWaySA

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#7 haser

haser
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 16 August 2007 - 06:03 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/16/2007 at 07:00 PM

Application Version : 3.9.1008

Core Rules Database Version : 3287
Trace Rules Database Version: 1298

Scan type : Complete Scan
Total Scan Time : 00:58:08

Memory items scanned : 447
Memory threats detected : 0
Registry items scanned : 5432
Registry threats detected : 7
File items scanned : 42688
File threats detected : 121

MyWay Search Assistant Computers
HKLM\Software\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\Programmable
C:\PROGRAM FILES\MYWAYSA\SRCHASDE\DESRCAS.DLL

Adware.Tracking Cookie
C:\Documents and Settings\kimberly\Cookies\kimberly@server.cpmstar[1].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@ad.bannerconnect[2].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@ad.directanetworks[2].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@ad.iconadserver[2].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@ad.motiveinteractive[2].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@ad.uk.tangozebra[1].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@ad.zanox[1].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@adbrite[1].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@adfarm1.adition[1].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@adinterax[2].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@ads.cartoonnetwork[1].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@ads.monster[1].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@ads.toonamijetstream[1].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@ads.turner[1].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@adserver.easyad[2].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@adserver3.teracent[1].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@adserving.cpxinteractive[2].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@animetoplist[2].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@apmebf[1].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@azjmp[2].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@clicksor[1].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@entrepreneur[1].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@interclick[2].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@linkto.mediafire[2].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@media.adrevolver[2].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@mediafire[2].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@mediaservices.myspace[1].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@precisionclick[2].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@qnsr[1].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@roiservice[1].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@screensavers[2].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@server.iad.liveperson[2].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@server.iad.liveperson[4].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@tremor.adbureau[2].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@wjadserver[1].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@www.ppctracking[1].txt
C:\Documents and Settings\jeffrey\Cookies\jeffrey@www.xctrk[2].txt
C:\Documents and Settings\jennifer\Cookies\jennifer@ad.directanetworks[2].txt
C:\Documents and Settings\jennifer\Cookies\jennifer@adbrite[1].txt
C:\Documents and Settings\jennifer\Cookies\jennifer@adserver.easyad[1].txt
C:\Documents and Settings\jennifer\Cookies\jennifer@apmebf[1].txt
C:\Documents and Settings\nicole pierre\Cookies\nicole_pierre@ad.directanetworks[2].txt
C:\Documents and Settings\nicole pierre\Cookies\nicole_pierre@adserver.easyad[1].txt
C:\Documents and Settings\nicole pierre\Cookies\nicole_pierre@apmebf[1].txt
C:\Documents and Settings\nicole pierre\Cookies\nicole_pierre@precisionclick[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@acvs.mediaonenetwork[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@ad.adtoma[2].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@ad.bannerconnect[2].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@ad.interepads[2].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@ad.uk.tangozebra[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@adbrite[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@adinterax[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@adlegend[2].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@ads.addesktop[2].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@ads.morpheus[2].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@ads.realtechnetwork[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@ads.realtechnetwork[2].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@ads.revsci[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@ads1.itadnetwork.co[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@adserver.easyad[2].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@adserving.cpxinteractive[2].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@adultfriendfinder[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@adv.webmd[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@americanmedia.us.intellitxt[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@apmebf[2].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@ar.atwola[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@atwola[2].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@audit.median[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@azjmp[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@bizrate[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@clickshift[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@clickstream.stylehive[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@drivecleaner[2].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@entrepreneur[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@go.drivecleaner[2].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@go.drivecleaner[3].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@go.winantivirus[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@go.winantivirus[3].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@imrworldwide[2].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@indextools[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@interclick[2].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@keywordmax[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@media.adrevolver[2].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@media.mtvnservices[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@mediaonenetwork[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@partner2profit[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@roiservice[2].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@server.iad.liveperson[3].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@server.iad.liveperson[4].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@server.iad.liveperson[5].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@server.iad.liveperson[6].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@server.iad.liveperson[7].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@server.iad.liveperson[8].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@sexblo[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@stats.drivecleaner[2].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@studenti.adbureau[2].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@teenvogue[2].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@track.searchignite[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@tracking.3gnet[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@tremor.adbureau[2].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@winantivirus[2].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@www.drivecleaner[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@www.googleadservices[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@www.googleadservices[2].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@www.googleadservices[3].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@www.sexstarsvideo[2].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@www5.addfreestats[1].txt
C:\Documents and Settings\Rebecca\Cookies\rebecca@xiti[1].txt

Unclassified.SpywareBot (Not A Threat)
HKU\S-1-5-21-930666202-3879742263-1043271372-1009\Software\SpywareBot
C:\Program Files\SpywareBot\Log\2007 Jul 29 - 01_11_16 PM.log
C:\Program Files\SpywareBot\Log
C:\Program Files\SpywareBot

Malware.DriveCleaner
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\DRIVECLEANER FREE\DNSE.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\DRIVECLEANER FREE\INSTHELP.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\DRIVECLEANER FREE\UDC.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP91\A0022616.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP96\A0023134.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP96\A0023139.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP96\A0023143.EXE

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\__C00F0674.DAT.VIR

Malware.VirusProtectPro
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP94\A0022708.EXE

#8 haser

haser
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 16 August 2007 - 06:08 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:31 PM, on 8/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\kimberly\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/dsl_settings/...vzTCPConfig.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183179210234
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 8472 bytes

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 16 August 2007 - 07:07 PM

Your log is clean :thumbsup:
If all's ok,please do the following.

Find and delete:
Combofix.exe
C:\QOOBOX

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

------------------------------------------------

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users