Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got Spyware?


  • This topic is locked This topic is locked
2 replies to this topic

#1 Todd Mc B

Todd Mc B

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 28 November 2007 - 04:39 PM

I was hit hard with spyware after downloading something. I clean a majority of it but can't get rid of some below im pasting a hihackthis log and a combofix log.
Can one of you brilliant people help me get rid of the rest. I appreciate your help.

This is the combofix log
ComboFix 07-11-19.4 - Todd 2007-11-28 16:25:26.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.507 [GMT -5:00]
Running from: C:\Documents and Settings\Todd\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 )))))))))))))))))))))))))))))))
.

2007-11-28 16:13 <DIR> d-------- C:\Program Files\Windows Defender
2007-11-27 16:16 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-11-27 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-11-27 16:13 <DIR> d-------- C:\Temp
2007-11-27 13:41 <DIR> d-------- C:\Documents and Settings\Todd\Application Data\pdf995
2007-11-26 14:25 <DIR> d-------- C:\VundoFix Backups
2007-11-26 10:28 <DIR> d-------- C:\spoolerlogs
2007-11-26 09:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-26 09:52 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-26 09:52 <DIR> d-------- C:\Documents and Settings\Todd\Application Data\SUPERAntiSpyware.com
2007-11-25 13:29 79,936 --a------ C:\WINDOWS\system32\guphjbfh.dll
2007-11-25 13:23 71,232 --a------ C:\WINDOWS\system32\kgvkycte.exe
2007-11-24 22:09 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2007-11-24 20:07 280 --a------ C:\WINDOWS\system32\PDBootState
2007-11-24 20:00 <DIR> d-------- C:\Program Files\Common Files\Raxco
2007-11-24 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2007-11-24 19:59 <DIR> d-------- C:\Program Files\Raxco
2007-11-24 19:41 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-24 12:49 81,472 --a------ C:\WINDOWS\system32\djwrpfpy.dll
2007-11-24 12:49 71,232 --a------ C:\WINDOWS\system32\miekscsw.exe
2007-11-23 16:16 <DIR> d-------- C:\WINDOWS\system32\bits
2007-11-23 16:16 8,192 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2007-11-23 16:16 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2007-11-23 16:16 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2007-11-23 12:55 775,841 --ahs---- C:\WINDOWS\system32\xudvaxnf.ini
2007-11-23 12:52 83,520 --a------ C:\WINDOWS\system32\btvwreqs.dll
2007-11-23 12:49 71,232 --a------ C:\WINDOWS\system32\nqhaylss.exe
2007-11-23 09:51 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-11-23 08:29 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-23 00:25 742,534 --ahs---- C:\WINDOWS\system32\xetvmdpa.ini
2007-11-23 00:25 83,520 --a------ C:\WINDOWS\system32\wyuhqkfm.dll
2007-11-22 12:49 71,232 --a------ C:\WINDOWS\system32\xeqichlq.exe
2007-11-21 16:56 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-11-21 14:20 13 --a------ C:\WINDOWS\system32\WinTypes.crc
2007-11-21 14:18 151,552 --a------ C:\WINDOWS\system32\style.ocx
2007-11-21 14:18 109,248 --a------ C:\WINDOWS\system32\mswinsck.ocx
2007-11-21 14:18 77,824 --a------ C:\WINDOWS\system32\Alafile.ocx
2007-11-21 14:18 69,632 --a------ C:\WINDOWS\system32\HotKeys.ocx
2007-11-21 13:59 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Blumentals
2007-11-21 13:44 80,960 --a------ C:\WINDOWS\system32\dmwiordr.dll
2007-11-21 13:43 904,121 --a------ C:\WINDOWS\system32\appmmjbo.ini
2007-11-21 12:47 71,232 --a------ C:\WINDOWS\system32\kpjgvarn.exe
2007-11-20 12:50 874,679 --a------ C:\WINDOWS\system32\dwkftxal.ini
2007-11-20 12:50 84,544 --a------ C:\WINDOWS\system32\xpdtnaqa.dll
2007-11-20 12:47 71,232 --a------ C:\WINDOWS\system32\dqyhiynh.exe
2007-11-20 06:06 678,875 --a------ C:\WINDOWS\system32\ujtnscbn.tmp
2007-11-19 05:39 678,875 --a------ C:\WINDOWS\system32\ujtnscbn.ini
2007-11-19 05:33 83,008 --a------ C:\WINDOWS\system32\vjvhaomg.dll
2007-11-19 05:30 71,232 --a------ C:\WINDOWS\system32\lagrvcyd.exe
2007-11-18 18:32 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-18 18:32 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-18 18:32 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-18 18:32 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-18 18:31 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-18 18:31 <DIR> d-------- C:\Documents and Settings\Todd\Application Data\PC Tools
2007-11-18 18:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-18 16:13 <DIR> d-------- C:\Program Files\Actebflb
2007-11-13 14:29 8,460,288 --------- C:\WINDOWS\system32\dllcache\shell32.dll
2007-11-10 07:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-09 23:05 <DIR> d-------- C:\Documents and Settings\Todd\Application Data\ActiveState
2007-11-06 08:37 227,592 --a------ C:\WINDOWS\system32\PDBoot.exe
2007-11-03 09:52 <DIR> d-------- C:\Documents and Settings\Todd\Application Data\dvdcss
2007-11-03 09:49 <DIR> d-------- C:\Program Files\Super Clone DVD 5.0
2007-11-03 09:49 47,360 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2007-10-31 13:06 <DIR> d-------- C:\WINDOWS\vtigerCRMBackup
2007-10-30 15:06 <DIR> d-------- C:\WINDOWS\vtigerCRMlogs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 20:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-27 18:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2007-11-25 03:03 --------- d-----w C:\Program Files\CoffeeCup Software
2007-11-22 15:06 --------- d-----w C:\Program Files\Barbie™
2007-11-21 20:33 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-21 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-12 00:59 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-11-10 14:48 --------- d-----w C:\Program Files\Common Files\Real
2007-11-10 14:30 --------- d-----w C:\Program Files\Zend
2007-11-10 12:59 --------- d-----w C:\Program Files\Java
2007-11-03 17:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-03 15:36 --------- d-----w C:\Program Files\Sirius
2007-11-03 15:34 --------- d-----w C:\Program Files\Wimpy Audio Encoder
2007-11-01 23:43 --------- d-----w C:\Program Files\VertrigoServ
2007-10-25 19:35 --------- d-----w C:\Program Files\Picasa2
2007-10-22 18:04 --------- d-----w C:\Program Files\gs
2007-10-22 17:45 --------- d-----w C:\Program Files\PlotSoft
2007-10-22 10:33 68,624 ----a-w C:\WINDOWS\system32\drivers\DefragFs.sys
2007-10-19 21:18 --------- d-----w C:\Program Files\Video Piggy
2007-10-12 21:29 --------- d-----w C:\Program Files\Shareaza
2007-10-12 21:29 --------- d-----w C:\Documents and Settings\Todd\Application Data\Shareaza
2007-10-12 21:28 --------- d-----w C:\Program Files\Fisher-Price
2007-10-11 21:50 --------- d-----w C:\Program Files\WeBuilder 2007
2007-10-06 22:53 --------- d-----w C:\Documents and Settings\Todd\Application Data\InstallShield
2007-10-06 15:07 --------- d-----w C:\Program Files\Support Tools
2007-10-06 15:07 --------- d-----w C:\Program Files\Security Task Manager
2007-10-06 15:07 --------- d-----w C:\Program Files\QuickTime
2007-10-06 15:07 --------- d-----w C:\Program Files\Opera(2)
2007-10-06 15:07 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2007-10-06 15:07 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-06 15:07 --------- d-----w C:\Program Files\MediaCoder
2007-10-06 15:07 --------- d-----w C:\Program Files\DAMN NFO Viewer
2007-10-06 15:07 --------- d-----w C:\Program Files\Cobian Backup 6
2007-10-06 15:07 --------- d-----w C:\Program Files\Cablenut
2007-10-06 15:07 --------- d-----w C:\Program Files\BitLord
2007-10-06 15:06 --------- d-----w C:\Program Files\7-Zip
2007-10-06 15:06 --------- d-----w C:\Documents and Settings\Todd\Application Data\uTorrent
2007-10-06 14:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-10-06 01:26 --------- d-----w C:\Program Files\TechSmith
2007-10-06 01:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2007-10-02 00:07 4,767,744 ----a-w C:\WINDOWS\system32\php5.dll
2007-09-29 01:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-17 18:23 823,296 -c--a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23 823,296 -c--a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22 802,816 -c--a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 18:22 739,840 -c--a-w C:\WINDOWS\system32\DivX.dll
2007-09-11 23:14 156,992 -c--a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-08-07 14:02 0 -c--a-w C:\Documents and Settings\Todd\GoToAssist_chat2way__317_en.exe
2006-10-18 01:35 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-09-18 22:04 13 -c-h--w C:\Documents and Settings\All Users\Application Data\3113›.sys
2006-09-03 01:13 888 -c--a-w C:\Program Files\Digital Media Converter 2.4.lnk
2006-06-13 11:51 64,976 -c----w C:\Documents and Settings\Todd\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2007-11-26_18.14.59.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-26 23:13:04 233,428 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2007-11-28 21:13:57 233,427 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2007-03-15 16:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
+ 2007-03-15 16:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
+ 2007-11-28 21:10:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_270.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08C525F4-2EBD-396D-B12A-005661A8CF95}]
2007-11-18 16:13 102400 --a------ C:\PROGRAM FILES\ACTEBFLB\IZWZQKPR.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C80EAD3-74CD-4700-83A4-AA878CD1C03C}]
C:\WINDOWS\SYSTEM32\IIFDCYY.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63eeb902-83e5-40df-9cb6-7678f5e2a1f3}]
2007-11-25 13:29 79936 --a------ C:\WINDOWS\system32\guphjbfh.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 19:40 C:\WINDOWS\MIDIDEF.EXE]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
"MCW Startup"="C:\Program Files\Monitor Calibration Wizard\MCW.exe" [2002-12-20 16:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 10:47]
"MBMon"="Rundll32 CTMBHA.DLL" []
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 05:20 C:\WINDOWS\stsystra.exe]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

C:\Documents and Settings\Krista\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 21:24:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ExSearchOptions"= 169815 (0x29757)
"nousernameinstartmenu"= 0 (0x0)
"nosimplestartmenu"= 0 (0x0)
"nostartmenumfuprogramslist"= 0 (0x0)
"nostartmenumoreprograms"= 0 (0x0)
"norecentdochistory"= 1 (0x1)
"maxrecentdocs"= 0 (0x0)

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-10-19 14:53 293888]
"{2C80EAD3-74CD-4700-83A4-AA878CD1C03C}"= C:\WINDOWS\SYSTEM32\IIFDCYY.DLL [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
iifdcyy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"XAMPP"=2 (0x2)
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"MSSQLSERVER"=2 (0x2)
"MSSQL$SQLEXPRESS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Corel Photo Downloader"=C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
S3 ATICDSDr;ATICDSDr;\??\C:\Program Files\ATI Technologies\ATI Control Panel\atiicdxx.sys
S3 AVZ;AVZ Kernel Driver;\??\C:\WINDOWS\system32\Drivers\uti3nzg0.sys
S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);C:\WINDOWS\system32\DRIVERS\webc3vid.sys
S3 ICAM3NT5;Intel USB Video Camera III;C:\WINDOWS\system32\Drivers\Icam3.sys
S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys
S3 Vertrigo_Apache;Vertrigo_Apache;"C:\Program Files\VertrigoServ\apache\bin\v_apache.exe" -k runservice
S3 Vertrigo_MySQL;Vertrigo_MySQL;"C:\Program Files\VertrigoServ\mysql\bin\v_mysqld.exe" "--defaults-file=C:\Program Files\VertrigoServ\mysql\my.ini" Vertrigo_MySQL
S3 WmaCDriverV32;WmaCDriverV32;C:\WINDOWS\system32\drivers\WmaCDriverV32.sys
S4 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
S4 XAMPP;XAMPP Service;C:\apachefriends\xampp\service.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autorun.exe
\Shell\readme\command - notepad readme.txt
\Shell\Setup\command - D:\install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\V]
\Shell\AutoRun\command - V:\autorun.exe
\Shell\readme\command - notepad readme.txt
\Shell\Setup\command - V:\install.exe

*Newly Created Service* - WINDEFEND
.
Contents of the 'Scheduled Tasks' folder
"2007-11-24 02:58:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-28 21:24:28 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-11-28 05:00:00 C:\WINDOWS\Tasks\{34491C1F-3300-4919-ADBD-D994B055FC41}_ELYGEN_Todd.job"
- C:\WINDOWS\system32\mobsync.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 16:29:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-28 16:31:13
C:\ComboFix2.txt ... 2007-11-26 18:16
.
--- E O F ---


and this is the hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:27 PM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\DOCUME~1\Todd\LOCALS~1\Temp\clclean.0001
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...ouse/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {08C525F4-2EBD-396D-B12A-005661A8CF95} - C:\PROGRAM FILES\ACTEBFLB\IZWZQKPR.DLL
O2 - BHO: (no name) - {2C80EAD3-74CD-4700-83A4-AA878CD1C03C} - C:\WINDOWS\SYSTEM32\IIFDCYY.DLL (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: {3f1a2e5f-8767-6bc9-fd04-5e38209bee36} - {63eeb902-83e5-40df-9cb6-7678f5e2a1f3} - C:\WINDOWS\system32\guphjbfh.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MCW Startup] "C:\Program Files\Monitor Calibration Wizard\MCW.exe" /s
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{07F0EE63-131F-4964-869D-18DF614FBF71}: NameServer = 167.206.245.72,167.206.245.8,167.206.245.73
O17 - HKLM\System\CS1\Services\Tcpip\..\{07F0EE63-131F-4964-869D-18DF614FBF71}: NameServer = 167.206.245.72,167.206.245.8,167.206.245.73
O17 - HKLM\System\CS2\Services\Tcpip\..\{07F0EE63-131F-4964-869D-18DF614FBF71}: NameServer = 167.206.245.72,167.206.245.8,167.206.245.73
O17 - HKLM\System\CS3\Services\Tcpip\..\{07F0EE63-131F-4964-869D-18DF614FBF71}: NameServer = 167.206.245.72,167.206.245.8,167.206.245.73
O17 - HKLM\System\CS4\Services\Tcpip\..\{07F0EE63-131F-4964-869D-18DF614FBF71}: NameServer = 167.206.245.72,167.206.245.8,167.206.245.73
O17 - HKLM\System\CS5\Services\Tcpip\..\{07F0EE63-131F-4964-869D-18DF614FBF71}: NameServer = 167.206.245.72,167.206.245.8,167.206.245.73
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Vertrigo_Apache - Apache Software Foundation - C:\Program Files\VertrigoServ\apache\bin\v_apache.exe
O23 - Service: Vertrigo_MySQL - Unknown owner - C:\Program Files\VertrigoServ\mysql\bin\v_mysqld.exe

--
End of file - 9848 bytes




Thanks all!!

Todd

Edited by Todd Mc B, 28 November 2007 - 04:40 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:30 PM

Posted 13 December 2007 - 04:48 PM

Hello Todd Mc B,

Welcome to Bleeping Computer :thumbsup:

Sorry about the delay.:blink: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:30 PM

Posted 12 January 2008 - 11:07 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users