Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud, Winfix Lots Of Popups. Etc


  • This topic is locked This topic is locked
8 replies to this topic

#1 mike3334

mike3334

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 31 August 2007 - 06:37 PM

Hi, I've followed the instructions in the preparation guide. Also was unable to remove smitfraud using instructions for smitfraudfix. Lots of popups. Here is my Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:28 PM, on 8/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.universalhub.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {A24B57F8-505D-4fc5-9960-740E304D1ABA} - C:\WINDOWS\system32\tmp9.tmp.dll (file missing)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Active Web Reader] C:\Program Files\Deskshare\Active Web Reader\Active Web Reader.exe -background
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SysRestore] "C:\DOCUME~1\Mike\LOCALS~1\Temp\tmp64.tmp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [{60185407-0BB0-1033-0203-060506210001}] "C:\Program Files\Common Files\{60185407-0BB0-1033-0203-060506210001}\Update.exe" te-110-12-0000234
O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: dplcpl - dplcpl.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

--
End of file - 7821 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:46 PM

Posted 31 August 2007 - 09:11 PM

Hello mike3334,

Welcome to Bleeping Computer :thumbsup:

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 mike3334

mike3334
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 01 September 2007 - 09:24 AM

Hi Teacup, thanks for your help. Here are the requested logs.

Combofix:

ComboFix 07-08-30.3 - "Mike" 2007-09-01 10:07:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.795 [GMT -4:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Mike\APPLIC~1\macromedia\Flash Player\#SharedObjects\9U4U5UH8\www.broadcaster.com
C:\DOCUME~1\Mike\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Program Files\Common Files\{30185~1
C:\Program Files\Common Files\{60185~1
C:\WINDOWS\system32\components
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_COM+_MESSAGES
-------\LEGACY_CORE
-------\core


((((((((((((((((((((((((( Files Created from 2007-08-01 to 2007-09-01 )))))))))))))))))))))))))))))))


2007-09-01 09:50 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-31 19:24 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-31 18:38 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2007-08-31 17:11 <DIR> d-------- C:\DOCUME~1\Mike\.housecall6.6
2007-08-31 13:13 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-31 13:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-31 13:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-31 10:24 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-30 22:20 2,530 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-30 22:19 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-30 22:19 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-30 19:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-29 18:21 <DIR> d-------- C:\DOCUME~1\Mike\APPLIC~1\McAfee
2007-08-29 12:49 <DIR> d-------- C:\Program Files\Windows Defender
2007-08-25 13:22 <DIR> d-------- C:\DOCUME~1\Kathy\APPLIC~1\Yahoo!
2007-08-25 12:02 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-08-07 13:58 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-01 00:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-08-31 19:15 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-08-31 10:28 --------- d-------- C:\DOCUME~1\Mike\APPLIC~1\SiteAdvisor
2007-08-30 07:35 --------- d-------- C:\Program Files\Greetings Workshop
2007-08-29 18:22 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-08-29 13:28 6894 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-29 13:28 152 -r-hs---- C:\WINDOWS\system32\A82C973AA4.sys
2007-08-25 13:24 --------- d-------- C:\DOCUME~1\Kathy\APPLIC~1\SiteAdvisor
2007-08-25 13:14 --------- d-------- C:\Program Files\McAfee
2007-08-25 12:02 --------- d-------- C:\Program Files\Yahoo!
2007-08-25 12:00 --------- d-------- C:\DOCUME~1\Mike\APPLIC~1\Yahoo!
2007-08-25 12:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-08-21 17:42 --------- d-------- C:\DOCUME~1\Mike\APPLIC~1\AdobeUM
2007-08-16 16:32 --------- d-------- C:\Program Files\Common Files\McAfee
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-24 12:02 33800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-07-24 07:40 79304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-07-21 09:08 40488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-07-21 09:08 35240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-07-21 09:08 201288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-07-19 02:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 09:20 113952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-07-13 09:20 --------- d-------- C:\Program Files\eGames
2007-07-12 19:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-07-11 13:03 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-07-11 13:03 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2007-07-11 13:01 --------- d-------- C:\Program Files\Common Files\Motorola Shared
2007-07-03 19:42 --------- d-------- C:\Program Files\MSXML 4.0
2007-07-03 18:53 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-07-03 18:53 --------- d-------- C:\Program Files\Belkin
2007-06-27 10:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 10:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 10:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 10:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 10:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 10:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 10:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 10:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 10:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 10:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 10:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 10:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 10:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 10:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 10:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 10:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 10:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 10:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 10:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 04:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 04:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 04:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 03:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-15 04:12 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 04:12 151040 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 04:12 1498112 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-15 04:12 1054208 --------- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 04:12 1022976 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 06:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-04-23 09:00 774144 --a------ C:\Program Files\RngInterstitial.dll
2004-08-10 11:00:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-10 11:00:00 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-10 11:00:00 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2004-08-10 11:00:00 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-10 11:00:00 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-10 11:00:00 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 C:\WINDOWS\stsystra.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 10:50 C:\WINDOWS\LOGI_MWX.EXE]
"Active Web Reader"="C:\Program Files\Deskshare\Active Web Reader\Active Web Reader.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 20:05]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-03-30 11:42]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 02:33]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" []
"Aim6"="" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]

C:\DOCUME~1\Kathy\STARTM~1\Programs\Startup\
Greetings Workshop Reminders.lnk - C:\Program Files\Greetings Workshop\GWREMIND.EXE [1997-09-04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dplcpl]
dplcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPodManager]
C:\Program Files\iPod\bin\iPodManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\Money Express.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
"C:\Program Files\Microsoft Money\System\Activation.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)
"ATI Smart"=2 (0x2)

R3 BLKWGD;Belkin Wireless G Desktop Card Service;C:\WINDOWS\system32\DRIVERS\BLKWGD.sys
R3 wlanndi5;wlanndi5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\wlanndi5.SYS
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe


Contents of the 'Scheduled Tasks' folder
2007-08-19 18:46:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-31 22:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (GUEST_ROOM-Mike).job - c:\program files\mcafee.com\vso\mcmnhdlr.exe
2007-08-15 05:00:00 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-09-01 05:00:00 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-09-01 14:05:07 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-01 10:12:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-01 10:14:58 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-01 10:14

--- E O F ---


HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:08 AM, on 9/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.universalhub.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Active Web Reader] C:\Program Files\Deskshare\Active Web Reader\Active Web Reader.exe -background
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: dplcpl - dplcpl.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

--
End of file - 7395 bytes



#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:46 PM

Posted 01 September 2007 - 04:39 PM

Hello,

We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O20 - AppInit_DLLs:
O20 - Winlogon Notify: dplcpl - dplcpl.dll (file missing)


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot you rcomputer.

Your Java is way out of date, which leaves your computer vulnerable.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6u2.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Use Cleanmgr to clean temporary files:

1. Click > start > run and type cleanmgr and click OK
2. Scan your system for files to remove.
3. Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
4. Click OK to remove those files.
5. Click Yes to confirm deletion.

Download the trial version of Spy Sweeper from
Here


Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Restart your computer, and then please copy and paste the SpySweeper log into this thread. Please also let me know how it's running now. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 mike3334

mike3334
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 02 September 2007 - 12:18 PM

Done. Here is the spysweeper log. Thanks-Mike

1:03 PM: Removal process completed. Elapsed time 00:00:18
1:03 PM: Quarantining All Traces: webtrendslive cookie
1:03 PM: Quarantining All Traces: server.iad.liveperson cookie
1:03 PM: Quarantining All Traces: imlive.com cookie
1:03 PM: Quarantining All Traces: reliablestats cookie
1:03 PM: Quarantining All Traces: abcsearch cookie
1:03 PM: Quarantining All Traces: trafficmp cookie
1:03 PM: Quarantining All Traces: pch cookie
1:03 PM: Quarantining All Traces: realmedia cookie
1:03 PM: Quarantining All Traces: overture cookie
1:03 PM: Quarantining All Traces: monstermarketplace cookie
1:03 PM: Quarantining All Traces: mediaplex cookie
1:03 PM: Quarantining All Traces: howstuffworks cookie
1:03 PM: Quarantining All Traces: atlas dmt cookie
1:03 PM: Quarantining All Traces: adultfriendfinder cookie
1:03 PM: Quarantining All Traces: specificclick.com cookie
1:03 PM: Quarantining All Traces: adlegend cookie
1:03 PM: Quarantining All Traces: 2o7.net cookie
1:03 PM: Quarantining All Traces: winantiviruspro cookie
1:03 PM: Quarantining All Traces: findwhat cookie
1:03 PM: Quarantining All Traces: atwola cookie
1:03 PM: Quarantining All Traces: advertising cookie
1:03 PM: Quarantining All Traces: adrevolver cookie
1:03 PM: Quarantining All Traces: yieldmanager cookie
1:03 PM: Quarantining All Traces: 3 cookie
1:03 PM: Quarantining All Traces: core adware
1:03 PM: Quarantining All Traces: maxifiles
1:03 PM: Removal process initiated
12:54 PM: Traces Found: 53
12:54 PM: Custom Sweep has completed. Elapsed time 00:26:06
12:54 PM: File Sweep Complete, Elapsed Time: 00:23:06
12:52 PM: Warning: TCompressedFile.GetStreams(1): Stream read error
12:52 PM: C:\qoobox\Quarantine\catchme2007-09-01_101249.07.zip (ID = 539858)
12:52 PM: Found Adware: core adware
12:52 PM: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned.
12:51 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms37821400-3fa2-4dad-8a2a-b602e6145e87.tmp". The operation completed successfully
12:51 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms7ef5d3fa-716e-43b1-9ff2-105d57b8e8b5.tmp". The operation completed successfully
12:51 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmseff7abc8-72dd-4490-8b03-e8cfa8f82e08.tmp". The operation completed successfully
12:51 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms15811ebf-858b-4dfe-872f-e354a6b5c161.tmp". The operation completed successfully
12:51 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms675be64c-9609-4c46-9b77-9fc51c7fefb1.tmp". The operation completed successfully
12:51 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms299aa3a5-2fb1-48ac-8b2a-5cc2871ef6f4.tmp". The operation completed successfully
12:51 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsf9a2e8d3-1719-466e-a311-e52dae11c495.tmp". The operation completed successfully
12:51 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms06c75a6a-6ed9-497c-8e34-6aeb9e67cffb.tmp". The operation completed successfully
12:51 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmse7a7b622-dfd9-40e0-add8-1285e4a4c0e8.tmp". The operation completed successfully
12:51 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms766ce561-4dbc-4b60-8b6b-e0365f1546ff.tmp". The operation completed successfully
12:51 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms48831fe3-7e89-463c-93b1-34b3484f8e8f.tmp". The operation completed successfully
12:51 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsd9c203c3-27ec-45dd-8fa9-e776f4baea3e.tmp". The operation completed successfully
12:51 PM: Warning: Failed to open file "c:\windows\temp\mcmsc_xguabrbxdf2ubm5". The operation completed successfully
12:31 PM: Starting File Sweep
12:31 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
12:31 PM: C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\49bq7vld.default\cookies.txt (ID = 2253)
12:31 PM: C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\49bq7vld.default\cookies.txt (ID = 3667)
12:31 PM: C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\49bq7vld.default\cookies.txt (ID = 3667)
12:31 PM: Found Spy Cookie: webtrendslive cookie
12:31 PM: C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\49bq7vld.default\cookies.txt (ID = 1957)
12:31 PM: C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\49bq7vld.default\cookies.txt (ID = 3341)
12:31 PM: C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\49bq7vld.default\cookies.txt (ID = 3341)
12:31 PM: C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\49bq7vld.default\cookies.txt (ID = 3341)
12:31 PM: Found Spy Cookie: server.iad.liveperson cookie
12:31 PM: C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\2si8e30w.default\cookies.txt (ID = 2844)
12:31 PM: Found Spy Cookie: imlive.com cookie
12:31 PM: C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\2si8e30w.default\cookies.txt (ID = 2255)
12:31 PM: C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\3cx1e3ga.default\cookies.txt (ID = 3254)
12:31 PM: C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\3cx1e3ga.default\cookies.txt (ID = 3254)
12:31 PM: C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\3cx1e3ga.default\cookies.txt (ID = 3254)
12:31 PM: C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\3cx1e3ga.default\cookies.txt (ID = 3254)
12:31 PM: C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\3cx1e3ga.default\cookies.txt (ID = 3254)
12:31 PM: Found Spy Cookie: reliablestats cookie
12:31 PM: C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\3cx1e3ga.default\cookies.txt (ID = 1957)
12:31 PM: C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\3cx1e3ga.default\cookies.txt (ID = 1957)
12:31 PM: C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\3cx1e3ga.default\cookies.txt (ID = 6442)
12:31 PM: C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\3cx1e3ga.default\cookies.txt (ID = 2253)
12:31 PM: C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\3cx1e3ga.default\cookies.txt (ID = 2175)
12:31 PM: C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\3cx1e3ga.default\cookies.txt (ID = 2175)
12:31 PM: C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\3cx1e3ga.default\cookies.txt (ID = 2175)
12:31 PM: c:\documents and settings\mike\cookies\mike@www.monstermarketplace[2].txt (ID = 3007)
12:31 PM: c:\documents and settings\mike\cookies\mike@www.abcsearch[1].txt (ID = 2034)
12:31 PM: Found Spy Cookie: abcsearch cookie
12:31 PM: c:\documents and settings\mike\cookies\mike@trafficmp[2].txt (ID = 3581)
12:31 PM: Found Spy Cookie: trafficmp cookie
12:31 PM: c:\documents and settings\mike\cookies\mike@specificclick[2].txt (ID = 3399)
12:31 PM: c:\documents and settings\mike\cookies\mike@sb.pch[2].txt (ID = 3124)
12:31 PM: c:\documents and settings\mike\cookies\mike@sb.pch[1].txt (ID = 3124)
12:31 PM: Found Spy Cookie: pch cookie
12:31 PM: c:\documents and settings\mike\cookies\mike@realmedia[2].txt (ID = 3235)
12:31 PM: Found Spy Cookie: realmedia cookie
12:31 PM: c:\documents and settings\mike\cookies\mike@overture[1].txt (ID = 3105)
12:31 PM: Found Spy Cookie: overture cookie
12:31 PM: c:\documents and settings\mike\cookies\mike@monstermarketplace[3].txt (ID = 3006)
12:31 PM: c:\documents and settings\mike\cookies\mike@monstermarketplace[2].txt (ID = 3006)
12:31 PM: Found Spy Cookie: monstermarketplace cookie
12:31 PM: c:\documents and settings\mike\cookies\mike@mediaplex[2].txt (ID = 6442)
12:31 PM: Found Spy Cookie: mediaplex cookie
12:31 PM: c:\documents and settings\mike\cookies\mike@media.adrevolver[1].txt (ID = 2089)
12:31 PM: c:\documents and settings\mike\cookies\mike@howstuffworks[1].txt (ID = 2805)
12:31 PM: Found Spy Cookie: howstuffworks cookie
12:31 PM: c:\documents and settings\mike\cookies\mike@findwhat[1].txt (ID = 2674)
12:31 PM: c:\documents and settings\mike\cookies\mike@atdmt[2].txt (ID = 2253)
12:31 PM: Found Spy Cookie: atlas dmt cookie
12:31 PM: c:\documents and settings\mike\cookies\mike@advertising[1].txt (ID = 2175)
12:31 PM: c:\documents and settings\mike\cookies\mike@adultfriendfinder[1].txt (ID = 2165)
12:31 PM: Found Spy Cookie: adultfriendfinder cookie
12:31 PM: c:\documents and settings\mike\cookies\mike@adrevolver[1].txt (ID = 2088)
12:31 PM: c:\documents and settings\mike\cookies\mike@adopt.specificclick[1].txt (ID = 3400)
12:31 PM: Found Spy Cookie: specificclick.com cookie
12:31 PM: c:\documents and settings\mike\cookies\mike@adlegend[1].txt (ID = 2074)
12:31 PM: Found Spy Cookie: adlegend cookie
12:31 PM: c:\documents and settings\mike\cookies\mike@ad.yieldmanager[1].txt (ID = 3751)
12:31 PM: c:\documents and settings\mike\cookies\mike@2o7[1].txt (ID = 1957)
12:31 PM: Found Spy Cookie: 2o7.net cookie
12:31 PM: c:\documents and settings\kathy\cookies\kathy@www.winantiviruspro[1].txt (ID = 3690)
12:31 PM: Found Spy Cookie: winantiviruspro cookie
12:31 PM: c:\documents and settings\kathy\cookies\kathy@findwhat[1].txt (ID = 2674)
12:31 PM: Found Spy Cookie: findwhat cookie
12:31 PM: c:\documents and settings\kathy\cookies\kathy@atwola[1].txt (ID = 2255)
12:31 PM: Found Spy Cookie: atwola cookie
12:31 PM: c:\documents and settings\kathy\cookies\kathy@advertising[2].txt (ID = 2175)
12:31 PM: Found Spy Cookie: advertising cookie
12:31 PM: c:\documents and settings\kathy\cookies\kathy@adrevolver[2].txt (ID = 2088)
12:31 PM: Found Spy Cookie: adrevolver cookie
12:31 PM: c:\documents and settings\kathy\cookies\kathy@ad.yieldmanager[1].txt (ID = 3751)
12:31 PM: Found Spy Cookie: yieldmanager cookie
12:31 PM: c:\documents and settings\kathy\cookies\kathy@85.17.3[2].txt (ID = 1960)
12:31 PM: Found Spy Cookie: 3 cookie
12:31 PM: Starting Cookie Sweep
12:31 PM: Registry Sweep Complete, Elapsed Time:00:01:17
12:30 PM: HKU\WRSS_Profile_S-1-5-21-2858873867-3171906190-2453819166-1006\software\luckytoolbar\ (ID = 1852392)
12:30 PM: HKU\WRSS_Profile_S-1-5-21-2858873867-3171906190-2453819166-1006\software\ipwins\ (ID = 1516546)
12:30 PM: Found Adware: maxifiles
12:29 PM: Starting Registry Sweep
12:29 PM: Memory Sweep Complete, Elapsed Time: 00:01:38
12:28 PM: Starting Memory Sweep
12:28 PM: Start Custom Sweep
12:28 PM: Sweep initiated using definitions version 981
Operation: File Access
Target:
Source: C:\PROGRA~1\MCAFEE\VIRUSS~1\MCSYSMON.EXE
12:26 PM: Tamper Detection
Operation: File Access
Target:
Source: C:\PROGRA~1\MCAFEE\VIRUSS~1\MCSHIELD.EXE
12:16 PM: Tamper Detection
Operation: File Access
Target:
Source: C:\PROGRA~1\MCAFEE\VIRUSS~1\MCSHIELD.EXE
12:16 PM: Tamper Detection
Keylogger: Off
E-mail Attachment: On
12:16 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
12:16 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
12:16 PM: Shield States
12:16 PM: License Check Status (0): Success
12:16 PM: Spyware Definitions: 981
12:15 PM: Spy Sweeper 5.5.7.48 started
12:15 PM: Spy Sweeper 5.5.7.48 started
12:15 PM: | Start of Session, Sunday, September 02, 2007 |
***************



#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:46 PM

Posted 02 September 2007 - 12:40 PM

Hello,

Please also let me know how it's running now. smile.gif

How about a new HiajckThis log while you're at it? :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 mike3334

mike3334
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 02 September 2007 - 01:57 PM

Right, good idea. PC performance seems to be about the same, which is fine. Haven't seen a popup since I ran combofix! :thumbsup:

Here's the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:56 PM, on 9/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.universalhub.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Active Web Reader] C:\Program Files\Deskshare\Active Web Reader\Active Web Reader.exe -background
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6066\SiteAdv.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7957 bytes



#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:46 PM

Posted 02 September 2007 - 02:17 PM

Hello,

Looks good. :thumbsup:

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle Bin and reboot once again.

SpySweeper is a trial, so it's up to you whether you keep it or not. Please be sure you have Defender reenabled!

If there are no further problems, here's some good reading for the future:
http://mvps.org/winhelp2002/unwanted.htm

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:46 PM

Posted 05 September 2007 - 10:35 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users