Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Toolbar 7.1 Virus/malware/trojan


  • Please log in to reply
5 replies to this topic

#1 bevaprice

bevaprice

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 15 November 2007 - 06:10 PM

My wonderful husband clicked on something and for the past 3 days I have been trying to get rid of this thing. I deleted a hidden folder in windows\fonts that almost 23,000 zip files in it. Computer won't let me install House Call software. Thanks for the help!! Here's Hijack log. I will be up until about 1am eastern. I'll be home after 3pm Friday if I miss you tonight (Thursday).

Beverly



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:17 PM, on 11/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wyrlleef.dll
O4 - HKLM\..\Run: [54c2ac3e] rundll32.exe "C:\WINDOWS\system32\ibbmbbev.dll",b
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194993630109
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

--
End of file - 5650 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:03 AM

Posted 15 November 2007 - 07:09 PM

Hi Beverly,

Welcome to Bleeping Computer :blink: I'm a couple of hours behind you, so I have a while yet to be up if you want to have a go at this thing now. :thumbsup:

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 bevaprice

bevaprice
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 18 November 2007 - 09:47 PM

Thanks for the help. Here's log file. Let me know next step.

ComboFix 07-11-08.3 - Beverly 2007-11-18 21:35:14.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.485 [GMT -5:00]
Running from: C:\Documents and Settings\Beverly\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-19 to 2007-11-19 )))))))))))))))))))))))))))))))
.

2007-11-18 21:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-15 17:51 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-15 01:04 <DIR> d-------- C:\Documents and Settings\Beverly\.housecall6.6
2007-11-15 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-15 00:09 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-13 23:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-11-13 19:05 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-13 19:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-13 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-13 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-12 00:49 <DIR> d-------- C:\Program Files\Snapfish PictureMover
2007-11-12 00:39 <DIR> d-------- C:\Documents and Settings\Beverly\Application Data\Snapfish
2007-11-11 08:58 <DIR> d-------- C:\Program Files\CCleaner
2007-11-11 08:43 <DIR> d-------- C:\WINDOWS\pss
2007-11-10 13:13 <DIR> d-------- C:\Documents and Settings\Steve\Application Data\Comcast
2007-11-09 15:51 <DIR> d-------- C:\Documents and Settings\Everyone Else\Application Data\Windows Desktop Search
2007-11-09 12:17 <DIR> d-------- C:\Program Files\ExpertGPS
2007-11-08 22:32 <DIR> d-------- C:\Documents and Settings\Beverly\Shared
2007-11-08 22:32 <DIR> d-------- C:\Documents and Settings\Beverly\Incomplete
2007-11-08 22:31 <DIR> d-------- C:\Program Files\LimeWire
2007-11-08 22:31 <DIR> d-------- C:\Documents and Settings\Beverly\Application Data\LimeWire
2007-11-08 17:26 <DIR> d-------- C:\Program Files\eFax Messenger 4.3
2007-11-08 17:26 <DIR> d-------- C:\Documents and Settings\Beverly\Application Data\eFax Messenger
2007-11-08 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Setup
2007-11-08 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output
2007-11-05 17:45 <DIR> d-------- C:\Documents and Settings\Beverly\Application Data\Family Lawyer
2007-11-02 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-11-02 17:18 <DIR> d-------- C:\Program Files\Dell Support Center
2007-11-02 17:18 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2007-10-28 08:38 <DIR> d-------- C:\Documents and Settings\Steve\Application Data\Windows Desktop Search
2007-10-27 23:22 <DIR> d--h----- C:\WINDOWS\PIF
2007-10-25 19:10 <DIR> d-------- C:\Documents and Settings\Beverly\Application Data\Windows Desktop Search
2007-10-25 19:07 <DIR> d-------- C:\Program Files\Windows Desktop Search
2007-10-25 18:55 <DIR> d-------- C:\Program Files\iTunes
2007-10-25 18:55 <DIR> d-------- C:\Program Files\iPod
2007-10-25 18:55 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-10-25 18:52 <DIR> d-------- C:\Documents and Settings\Beverly\Application Data\Apple Computer
2007-10-25 18:51 <DIR> d-------- C:\Program Files\Apple Software Update
2007-10-25 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-10-25 18:39 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-25 18:37 <DIR> d-------- C:\Documents and Settings\Beverly\Application Data\OfficeUpdate12
2007-10-25 18:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-10-25 17:00 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-25 17:00 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-25 17:00 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-25 17:00 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-25 17:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-25 16:59 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-10-25 16:59 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-25 16:59 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-25 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-25 16:43 <DIR> d-------- C:\Program Files\QuickTime
2007-10-25 16:25 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-10-25 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-25 16:15 <DIR> d-------- C:\WINDOWS\Sun
2007-10-25 16:13 <DIR> d-------- C:\Program Files\Java
2007-10-25 16:13 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-22 18:32 <DIR> d-------- C:\Program Files\Yahoo!
2007-10-22 08:32 <DIR> d-------- C:\Program Files\Tribeca
2007-10-22 08:30 <DIR> d-------- C:\Program Files\Tribeca Labs
2007-10-21 10:37 <DIR> d-------- C:\Program Files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-16 04:09 --------- d-----w C:\Program Files\LD Supreme
2007-11-14 20:46 --------- d-----w C:\Program Files\AucTamer
2007-11-13 21:33 --------- d-----w C:\Program Files\RGB
2007-11-10 00:39 --------- d-----w C:\Program Files\GScoutmate60
2007-11-02 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2007-10-25 21:24 --------- d-----w C:\Program Files\Microsoft Works
2007-10-21 16:42 --------- d-----w C:\Program Files\TrackMaker
2007-10-17 22:24 --------- d-----w C:\Program Files\MSECache
2007-10-15 12:00 --------- d-----w C:\Program Files\CueCard
2007-10-13 22:51 --------- d-----w C:\Program Files\Pony Luv
2007-10-12 14:03 --------- d-----w C:\Program Files\Synaptics
2007-10-12 13:53 --------- d-----w C:\Program Files\AucTamer1
2007-10-10 04:13 --------- d-----w C:\Program Files\Microsoft Money 2006
2007-10-10 01:06 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-10 00:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-10 00:28 --------- d-----w C:\Program Files\Magellan
2007-10-09 23:56 --------- d-----w C:\Program Files\McAfee
2007-10-09 23:49 --------- d-----w C:\Documents and Settings\Beverly\Application Data\Comcast
2007-10-09 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-09 19:40 --------- d-----w C:\Program Files\Common Files\McAfee
2007-10-09 19:38 --------- d-----w C:\Program Files\McAfee.com
2007-10-09 19:29 --------- d-----w C:\Program Files\Common Files\Simple Star Shared
2007-10-09 19:29 --------- d-----w C:\Program Files\Comcast
2007-10-09 03:30 --------- d-----w C:\Program Files\Seagate Software
2007-10-09 03:30 --------- d-----w C:\Program Files\Common Files\Crystal Decisions
2007-10-09 02:23 --------- d-----w C:\Program Files\MySoftware
2007-10-09 01:46 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-10-09 01:46 --------- d-----w C:\Program Files\Common Files\L&H
2007-10-09 01:44 --------- d-----w C:\Program Files\Microsoft.NET
2007-10-09 01:36 --------- d-----w C:\Program Files\Microsoft Plus! Photo Story 2 LE
2007-10-09 01:36 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2007-10-09 01:35 --------- d-----w C:\Program Files\Microsoft Home Publishing 2000
2007-10-09 01:27 --------- d-----w C:\Program Files\APA Referencing Macros 2.0
2007-10-09 00:04 --------- d-----w C:\Program Files\MSXML 4.0
2007-10-08 22:20 --------- d-----w C:\Program Files\SigmaTel
2007-10-08 22:14 --------- d-----w C:\Program Files\Broadcom
2007-10-08 22:13 --------- d-----w C:\Program Files\DIFX
2007-10-08 22:12 --------- d-----w C:\Program Files\Intel
2007-10-08 22:10 5 ----a-w C:\WINDOWS\system32\drivers\DELL_XPS_MP061 .MRK
2007-10-08 22:10 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL_XPS_MP061 .MRK
2007-10-08 22:10 --------- d-----w C:\Program Files\CONEXANT
2007-10-08 22:08 --------- d-----w C:\Program Files\Dell
2007-10-08 21:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-08 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-10-08 21:45 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2007-10-08 21:45 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-10-08 21:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2007-10-08 21:43 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-10-08 21:42 --------- d-----w C:\Program Files\Roxio
2007-10-08 21:39 --------- d-----w C:\Program Files\CyberLink
2007-10-08 21:37 --------- d-----w C:\Program Files\Jasc Software Inc
2007-10-08 21:34 --------- d-----w C:\Program Files\Dell Computer
2007-10-08 21:34 --------- d-----w C:\Documents and Settings\Beverly\Application Data\Jasc Software Inc
2007-10-08 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-08 21:17 --------- d-----w C:\Program Files\GemMaster
2007-10-08 21:17 --------- d-----w C:\Program Files\ESPNMotion
2007-10-08 21:17 --------- d-----w C:\Program Files\DIGStream
2007-10-08 21:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream
2007-10-08 21:06 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-08 20:59 --------- d-----w C:\Program Files\Windows Plus
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B75C9F6-0418-45B4-B4D3-7DE2D56873A4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43BB4554-E891-45B7-9791-5791364734FD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B75F6EE5-EF87-4AE7-AD10-5356808CA713}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-25 16:43]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 16:23]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 19:15]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 16:44]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 16:45]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 16:41]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:56]
"eFax 4.3"="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 12:21]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 17:57]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-11-07 04:20]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 11:48]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 15:50]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 15:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 17:56]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe" [2005-05-09 18:16]

C:\Documents and Settings\Beverly\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsssr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter

.
Contents of the 'Scheduled Tasks' folder
"2007-11-12 12:36:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-15 06:02:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-11-01 05:00:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-18 21:38:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-18 21:40:02
C:\ComboFix2.txt ... 2007-11-18 21:16
.
--- E O F ---

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:03 AM

Posted 19 November 2007 - 12:17 PM

Hello,

Could I please see a new HijackThis log? :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 bevaprice

bevaprice
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 20 November 2007 - 05:50 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:49:15 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B75C9F6-0418-45B4-B4D3-7DE2D56873A4} - (no file)
O2 - BHO: (no name) - {43BB4554-E891-45B7-9791-5791364734FD} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B75F6EE5-EF87-4AE7-AD10-5356808CA713} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194993630109
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O20 - Winlogon Notify: awtsssr - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10188 bytes

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:03 AM

Posted 30 November 2007 - 10:39 AM

Hello,

I apologize for my delayed reply. :blink: I had to move without warning and had no choice. Can you please tell how your computer is running? We'll go from there after that. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users