Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popinstall?


  • Please log in to reply
7 replies to this topic

#1 cubacin

cubacin

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 07 September 2007 - 07:51 PM

Popup windows galore...slow running browsers...thanks in advance for any help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:03 PM, on 9/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue

CS2\bin\VersionCueCS2.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft

Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Adobe\Adobe Version Cue

CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch

Jukebox\mm_tray.exe
C:\Program Files\Trend Micro\Internet Security

12\pccguide.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Adobe Version Cue

CS2\ControlPanel\VersionCueCS2Tray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Adobe\Adobe Acrobat

7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Trend Micro\Internet Security

12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Adobe Acrobat

7.0\Acrobat\Acrobat.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\U2NvdHQgQ2hhdXNzZWU\command.exe
C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\CINDYA~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\nltaorfi.exe
C:\WINDOWS\system32\ptwpcaql.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Cindy and

Scott\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection

Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) -

{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program

Files\MyWaySA\SrchAsDe\deSrcAs.dll
O3 - Toolbar: Adobe PDF -

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

Files\Adobe\Adobe Acrobat

7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program

Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program

Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel

PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI

Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program

Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program

Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program

Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla]

C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program

Files\Common

Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program

Files\Common

Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot]

C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program

Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend

Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DellHelp]

C:\Dell\DellHelp\DellHelp.exe /c
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program

Files\Adobe\Adobe Version Cue

CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program

Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program

Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [horymyz] C:\Program Files\Windows

NT\horymyz22011.exe
O4 - HKLM\..\Run: [runner1]

C:\WINDOWS\retadpu1000106.exe

61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD

86D67C56389B284534F310
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe

"C:\WINDOWS\system32\nbcckuoy.dll",forkonce
O4 - HKLM\..\RunOnce: [RemoveInstallPath] cmd.exe

C:\WINDOWS\system32\cmd.exe /c rmdir /S /Q

"C:\PROGRA~1\WinPop" > nul
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend

Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program

Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program

Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Skype] "C:\Program

Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk =

?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program

Files\Common Files\Adobe\Calibration\Adobe Gamma

Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk =

C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk =

C:\Program Files\Common

Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Convert link target to

Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to

existing PDF - res://C:\Program Files\Adobe\Adobe

Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to

Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.ht

ml
O8 - Extra context menu item: Convert selected links to

existing PDF - res://C:\Program Files\Adobe\Adobe

Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htm

l
O8 - Extra context menu item: Convert selection to Adobe

PDF - res://C:\Program Files\Adobe\Adobe Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to

existing PDF - res://C:\Program Files\Adobe\Adobe

Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -

res://C:\Program Files\Adobe\Adobe Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF -

res://C:\Program Files\Adobe\Adobe Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel

- res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com -

{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com -

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems -

C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems

Incorporated - C:\Program Files\Adobe\Adobe Version Cue

CS2\bin\VersionCueCS2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) -

America Online, Inc. -

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc.

- C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown

owner - C:\WINDOWS\U2NvdHQgQ2hhdXNzZWU\command.exe
O23 - Service: DomainService - -

C:\WINDOWS\system32\ptwpcaql.exe
O23 - Service: DSBrokerService - Unknown owner -

C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Macromedia Licensing Service - Unknown

owner - C:\Program Files\Common Files\Macromedia

Shared\Service\Macromedia Licensing.exe
O23 - Service: Network Monitor - Unknown owner -

C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program

Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component

(PcCtlCom) - Trend Micro Incorporated. -

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor

(S24EventMonitor) - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) -

Trend Micro Incorporated. -

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) -

Trend Micro Inc. -

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) -

Trend Micro Inc. -

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation -

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11672 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 08 September 2007 - 06:09 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum cubacin :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Please move HijackThis to a permanent folder on the hard drive such as C:\HJT.
Create a new folder and place HijackThis.exe inside that folder so that the backups of log changes it creates are saved in the same folder and can be used to reverse any line entry deletion if found to be necessary.
If you run Hijackthis from the desktop, the files it removes will not be backed up properly.

How to create a new folder named HJT
1. Click Start/My Computer,in the 'My Computer' window,open the window in which you want to create the new folder,click on Local Disk C:
2. From the 'File' menu choose 'New'.
3. From the 'New' menu choose 'Folder'.
4. Type the folder name: HJT
5. Then press Enter.


Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.


The current formatting of your log makes it difficult to read/evaluate.
Open 'Notepad',click on 'Format' at the top,then uncheck 'Word Wrap' if it's checked.


Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.


Now go to:
C:\HJT\HijackThis.exe
Right click on Hijackthis.exe and select 'Rename', rename it to abc.bat
Double click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.
Posted Image
Posted Image

#3 cubacin

cubacin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 08 September 2007 - 08:04 AM

ComboFix 07-09-08.8 - "Cindy and Scott" 2007-09-08 8:10:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.601 [GMT -4:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\inetget2
C:\Program Files\inetget2\popinstall.exe
C:\Program Files\MSN Gaming Zone\lavuq.dll
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\b122.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\DOWNLO~1\UWA7P_0001_N99M2908NetInstaller.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\dwqqpiou.exe
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\system32\htifnnfv.ini
C:\WINDOWS\system32\kpfrwrqq.dll
C:\WINDOWS\system32\kqackfkw.dll
C:\WINDOWS\system32\ljjjigg.dll
C:\WINDOWS\system32\nbcckuoy.dll
C:\WINDOWS\system32\nltaorfi.exe
C:\WINDOWS\system32\ptwpcaql.exe
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.bak2
C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\vfnnfith.dll
C:\WINDOWS\system32\yhnoxmfs.exe
C:\WINDOWS\system32\youkccbn.ini
C:\WINDOWS\tk58.exe
C:\WINDOWS\U2NvdHQgQ2hhdXNzZWU\asappsrv.dll
C:\WINDOWS\U2NvdHQgQ2hhdXNzZWU\command.exe
C:\WINDOWS\uninstall_nmon.vbs


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\DomainService
-------\Network Monitor


((((((((((((((((((((((((( Files Created from 2007-08-08 to 2007-09-08 )))))))))))))))))))))))))))))))
.

2007-09-08 08:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-08 07:33 <DIR> d-------- C:\hjt
2007-09-06 18:43 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-09-06 18:42 <DIR> d--hs---- C:\WINDOWS\U2NvdHQgQ2hhdXNzZWU
2007-09-06 18:42 <DIR> d-------- C:\WINDOWS\system32\drvr2
2007-09-06 18:42 <DIR> d-------- C:\WINDOWS\system32\cfig322
2007-09-06 18:42 <DIR> d-------- C:\WINDOWS\system32\capcom
2007-09-06 18:42 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-08 07:55 --------- d-------- C:\DOCUME~1\CINDYA~1\APPLIC~1\Skype
2007-07-24 21:49 --------- d-------- C:\Program Files\Filezilla
2007-07-17 20:03 --------- d-------- C:\Program Files\Skype
2007-07-15 10:36 --------- d-------- C:\Program Files\Common Files\Skype
2007-07-15 10:36 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-04-08 18:02:29 56 --sh--r C:\WINDOWS\system32\1A0BA9B879.sys
2007-04-08 18:02:30 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-07-29 20:24:26 472 --sha-r C:\WINDOWS\U2NvdHQgQ2hhdXNzZWU\oZhSxJk0kZ11xrhWtqo.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 16:01]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 18:33]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 16:59]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 23:05]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 19:24]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-12-05 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-05 03:06]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 03:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 21:20]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 21:20]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 18:30]
"DellHelp"="C:\Dell\DellHelp\DellHelp.exe" [2004-04-01 17:51]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 21:52]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 20:39]
"horymyz"="C:\Program Files\Windows NT\horymyz22011.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 19:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 17:10]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-04-08 08:28:41]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-12-05 03:05:41]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-12-05 03:00:12]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 13:59:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 18:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\awtss

R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
S3 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-08 08:32:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-08 8:34:10 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-08 08:33
.
--- E O F ---

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 08 September 2007 - 09:20 AM

Could you carry on with the rest of the instructions please:

Now go to:
C:\HJT\HijackThis.exe
Right click on Hijackthis.exe and select 'Rename', rename it to abc.bat
Double click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.
Posted Image
Posted Image

#5 cubacin

cubacin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 08 September 2007 - 07:30 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:01 PM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\abc.bat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe /c
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [horymyz] C:\Program Files\Windows NT\horymyz22011.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10787 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 09 September 2007 - 05:24 AM

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O4 - HKLM\..\Run: [horymyz] C:\Program Files\Windows NT\horymyz22011.exe

Exit Hijackthis.

Find and delete:
C:\Program Files\MyWaySA

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#7 cubacin

cubacin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 09 September 2007 - 10:05 AM

Everything seems to be working better, at least no random popups...



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/09/2007 at 09:42 AM

Application Version : 3.9.1008

Core Rules Database Version : 3302
Trace Rules Database Version: 1308

Scan type : Complete Scan
Total Scan Time : 00:47:18

Memory items scanned : 617
Memory threats detected : 0
Registry items scanned : 6178
Registry threats detected : 0
File items scanned : 41802
File threats detected : 165

Adware.Tracking Cookie
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@adopt.specificclick[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@ads.cnn[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@adprofile[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@specificclick[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@anad.tacoda[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@sel.as-us.falkag[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@keywordmax[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@www.ezytrack[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@fastclick[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@1068632757[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@gettyimages.122.2o7[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@s.clickability[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@www.elitetrader[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@tribuneinteractive.122.2o7[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@www.burstnet[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@ehg-bestbuy.hitbox[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@ehg-adteractive.hitbox[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@cb.adprofile[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@stat.dealtime[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@atdmt[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@questionmarket[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@roiservice[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@counter2.hitslink[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@babyuniverse.112.2o7[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@data3.perf.overture[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@ehg-thehuddle.hitbox[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@valueclick[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@www.macromedia[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@tribalfusion[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@hitbox[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@serving-sys[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@advertising[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@cfusion[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@trafficmp[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@statse.webtrendslive[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@pt.crossmediaservices[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@ads.addynamix[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@maxserving[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@pro-market[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@apmebf[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@ehg-cskautocorporation.hitbox[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@northwestairlines.112.2o7[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@bs.serving-sys[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@ads2.k8l[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@mediaplex[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@adv.webmd[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@zedo[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@clicksor[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@doubleclick[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@realmedia[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@elitetrader[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@cbs.112.2o7[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@yieldmanager[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@perf.overture[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@burstnet[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@linksynergy[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@meetupcom.122.2o7[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@adlegend[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@ehg-babyuniverse.hitbox[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@cratebarrel.112.2o7[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@ad[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@citi.bridgetrack[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@adinterax[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@74613876[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@ehg.hitbox[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@tacoda[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@bluestreak[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@ad.yieldmanager[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@nextag[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@belnk[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@edge.ru4[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@counter.hitslink[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@casalemedia[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@harpo.122.2o7[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@ads.pointroll[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@atwola[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@icc.intellisrv[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@omahasteaks.122.2o7[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@ehg-consumerenergyco.hitbox[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@revsci[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@kanoodle[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@statcounter[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@server.iad.liveperson[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@overture[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@2o7[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@sales.liveperson[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@anat.tacoda[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@e-2dj6wjliciczgep.stats.esomniture[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@S148566[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@adrevolver[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@winantispyware[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@keepmedia[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@cpvfeed[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@html[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@track.bestbuy[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@ads.k8l[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@fin.adbureau[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@bizrate[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@kiplinger.112.2o7[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@tremor.adbureau[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@hc2.humanclick[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@S151311[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@S146260[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@www.keepmedia[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@cgi-bin[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@www.burstbeacon[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@interclick[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@e-2dj6wfmyajc5gbo.stats.esomniture[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@web4.realtracker[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@ehg-camcorderinfo.hitbox[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@1068539930[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@e-2dj6wjmiehdpwgo.stats.esomniture[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@ex=0_[3].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@media.top-banners[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@go.winantispyware[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@adbrite[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@tracking.foxnews[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@1069095226[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@19072607[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@www.clickmanage[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@adserver[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@adopt.euroclick[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@dist.belnk[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@S151323[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@adrevolver[3].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@ehg-foxinteractive.hitbox[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@ads.pricescan[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@dealtime[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@ehg-elisabeth.hitbox[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@go.winantivirus[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@ex=0_[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@winantivirus[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@stats1.reliablestats[2].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@usatoday1.112.2o7[1].txt
C:\Documents and Settings\Cindy and Scott\Cookies\cindy and scott@drivecleaner[2].txt

Trojan.Downloader-Gen/WinPop
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\INETGET2\POPINSTALL.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP264\A0020958.EXE

Trojan.ZQuest
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\MSN GAMING ZONE\LAVUQ.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP264\A0020948.DLL

Trojan.NetMon/DNSChange
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\NETWORK MONITOR\NETMON.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP264\A0020959.EXE

Trojan.Downloader-Gen/Installer
C:\QOOBOX\QUARANTINE\C\WINDOWS\B122.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP264\A0020945.EXE

Trojan.WinAntiSpyware/WinAntiVirus 2006
C:\QOOBOX\QUARANTINE\C\WINDOWS\DOWNLO~1\UWA7P_0001_N99M2908NETINSTALLER.EXE.VIR

Adware.eZula
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DWQQPIOU.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\PTWPCAQL.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP264\A0020946.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP264\A0020947.EXE

Trojan.Downloader-Gen/TStamp
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NLTAORFI.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\YHNOXMFS.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP264\A0020952.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP264\A0020953.EXE

Trojan.ZQuest-Installer
C:\QOOBOX\QUARANTINE\C\WINDOWS\TK58.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP264\A0020962.EXE

Adware.Adservs
C:\QOOBOX\QUARANTINE\C\WINDOWS\U2NVDHQGQ2HHDXNZZWU\ASAPPSRV.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP264\A0020957.DLL
C:\WINDOWS\SYSTEM32\DRVR2\BBC002NWS.EXE

Unclassified.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\U2NVDHQGQ2HHDXNZZWU\COMMAND.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP264\A0020956.EXE

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINSTALL_NMON.VBS.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP260\A0020737.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP264\A0020944.VBS
C:\WINDOWS\U2NVDHQGQ2HHDXNZZWU\OZHSXJK0KZ11XRHWTQO.VBS

Trojan.Downloader-Gen/HitItQuitIt
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP264\A0020971.DLL




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:39 AM, on 9/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\hjt\abc.bat.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe /c
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10299 bytes

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 09 September 2007 - 10:53 AM

Double click on Combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users