Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winfixer, Xloader10181.exe?


  • Please log in to reply
2 replies to this topic

#1 tazz27

tazz27

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 29 November 2007 - 03:42 PM

I found this site by searching in the google search engine, and found the link to combofix, and did everything that i was supposed to, here is the log that it gave me when it was done>>>>>

mcafee found this ultimate cleaner and siad it has been removed, but it keeps showing back up and alos i found this "xloader10181.exe" that seems like a trojan or something, im not sure, not to much into this technical stuff, glad i found this forum, nice place!!!

any help?

ComboFix 07-11-30.3 - The Write Track 2007-11-29 14:22:27.1 - NTFSx86
Running from: C:\Documents and Settings\The Write Track\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\sMILEY.AMESCOMPUTER\Application Data\Ultimate Cleaner
C:\Documents and Settings\sMILEY.AMESCOMPUTER\Application Data\Ultimate Cleaner\settings.dat
C:\Documents and Settings\The Write Track\Desktop\Find Spyware Remover.lnk
C:\Documents and Settings\The Write Track\Desktop\Free Online Dating.lnk
C:\Documents and Settings\The Write Track\Desktop\Go to Casino.lnk
C:\Program Files\outlook
C:\Program Files\ucleaner_setup.exe
C:\Program Files\Ultimate Cleaner
C:\Program Files\Ultimate Cleaner\program.info
C:\Program Files\Ultimate Cleaner\ucleaner.pkg
C:\Program Files\Ultimate Cleaner\UltimateCleaner.db
C:\Program Files\Ultimate Cleaner\UltimateCleaner.exe
C:\Program Files\Ultimate Cleaner\Uninstall.exe
C:\Program Files\xloader10181.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\mgrs.exe
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NM
-------\LEGACY_NPF
-------\nm


((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 )))))))))))))))))))))))))))))))
.

2007-11-27 13:13 . 2007-11-27 13:13 <DIR> d-------- C:\SiteAdvisor
2007-11-27 13:13 . 2007-11-27 13:13 <DIR> d-------- C:\McAfee
2007-11-27 11:05 . 2007-11-27 11:05 41,472 --a------ C:\WINDOWS\SYSTEM32\e404d.dll
2007-11-27 11:04 . 2007-11-29 10:42 10,240 --a------ C:\Program Files\spoolsv.exe
2007-11-11 21:17 . 2007-11-11 21:17 <DIR> d-------- C:\Program Files\rFactor
2007-11-08 17:02 . 2007-11-08 17:10 <DIR> d-------- C:\Program Files\Mindscape
2007-11-08 17:02 . 2007-11-08 17:02 0 --a------ C:\WINDOWS\MSREGUSR.INI
2007-11-08 16:48 . 2007-11-08 16:48 <DIR> d-------- C:\Documents and Settings\sMILEY.AMESCOMPUTER\Application Data\Scrapbook MAX! Trial
2007-11-08 16:46 . 2007-11-08 16:46 <DIR> d-------- C:\Documents and Settings\sMILEY.AMESCOMPUTER\Application Data\IndigoRose
2007-11-08 16:45 . 2007-11-08 16:45 <DIR> d-------- C:\WINDOWS\Scrapbook MAX! Trial
2007-11-08 16:45 . 2007-11-08 16:45 <DIR> d-------- C:\Program Files\Scrapbook MAX! Trial
2007-11-08 16:45 . 2007-11-08 16:48 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-10-28 18:47 . 2007-11-15 18:49 <DIR> d-------- C:\Documents and Settings\sMILEY.AMESCOMPUTER\Application Data\ZoomBrowser EX
2007-10-28 18:26 . 2007-10-28 18:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ZoomBrowser
2007-10-28 18:19 . 2007-10-28 18:24 <DIR> d-------- C:\Program Files\Common Files\Canon
2007-10-21 21:15 . 2007-10-21 21:15 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MGS
2007-10-21 21:14 . 2007-10-21 21:14 <DIR> d-------- C:\MicroGaming
2007-10-17 12:57 . 2007-10-17 12:58 <DIR> d-------- C:\Documents and Settings\sMILEY.AMESCOMPUTER\Application Data\Move Networks
2007-10-16 15:59 . 2007-10-16 15:59 1,440,018 --a------ C:\snap0.tga
2007-10-10 01:22 . 2007-07-09 08:16 582,656 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-29 19:08 --------- d-----w C:\Program Files\McAfee
2007-11-29 19:06 --------- d-----w C:\Documents and Settings\The Write Track\Application Data\SiteAdvisor
2007-11-29 13:32 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SiteAdvisor
2007-11-28 15:22 --------- d-----w C:\Program Files\Yahoo!
2007-11-27 16:33 --------- d-----w C:\Documents and Settings\sMILEY.AMESCOMPUTER\Application Data\SiteAdvisor
2007-11-13 12:42 --------- d-----w C:\Program Files\Common Files\McAfee
2007-10-28 23:27 --------- d-----w C:\Program Files\Canon
2007-10-26 21:00 --------- d-----w C:\Program Files\Java
2007-10-16 17:18 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2007-09-28 16:35 --------- d-----w C:\Program Files\RaceScore 6.0
2007-09-10 20:01 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-06-28 10:35 557,056 -c--a-w C:\Documents and Settings\sMILEY.AMESCOMPUTER\GoToAssist_phone__320_en.exe
2007-06-28 10:35 557,056 -c--a-w C:\Documents and Settings\sMILEY.AMESCOMPUTER\GoToAssist_phone__317_en.exe
2006-08-10 00:59 0 -c--a-w C:\Documents and Settings\sMILEY.AMESCOMPUTER\ignorelist.dat
2006-06-13 21:11 0 -c--a-w C:\Documents and Settings\The Write Track\ignorelist.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"HideJump"="C:\DOCUME~1\THEWRI~1\APPLIC~1\16DUPE~1\KeepShow.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-10-19 07:59]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-10-19 07:59]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2004-01-30 08:44]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2005-03-14 11:38]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 05:43]
"EPSON Stylus CX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.exe" [2007-06-08 09:06]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 11:43]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" []
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-03-30 10:42]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DriveConfiguration"= 8b2ca3dd420652568a5d05567cf149c8a824ca39b70b168e4fc5a4f2370c1513bc09b98e536d55a77fbd243ef5ed1bfefe3171d81e105fb0f3ba24565f9b4db7e9303355611ac5f4c3718896c65e5adbaa36dc8081a6ef58014ad66e9d1baf3784dc491819b63529a41f203947ff5f123316ccfe1b98d18ae91bc289b1b3705ce35cfb71c498e70a1f587240372025470167aaf3903cdd7bd1c030257d786f05433a30ee453d5058efcd3910a45009d4027cf01d68c7da3cb51f4fa853dc979775f321cb9c6c25af601689a26d790293cc0c7bce63a8ba15c03d41f312c3724d7874f73a7f39e26114e5620fcfa399528a2b19ce64ef1b24912291cdadc2174950d6277ae2f48c4ab1071994404f9a42e2a90bb38811085fd86585bd7f6cbf64c71672716c064d2aab4da3e09d79631ac3ce4af5efe2d357b4111080d81017a30bdbc1bfa67fba64472d4068bb8d27dc2254213e4d193cf06b64ace9e509cbab86b45e75dfc41ab9ea5d66d0edb863eda1be2a5094d654bcccfbc02aad1190bf9d1c7975fce5e32d345a634a443dc7347ee12871e68bc024a11efbd4aaf8d16fc717528fbc8083fbbee168712a7562a37728bb7f69fc80b388ab8f71d18df06fabbd69331c774c8d3dc59465ecbf5b30b6c0bf9fdb42adbd0a5ab9dd1e073617995357e3e98794e7ea9b4f0eadf0b8da7741eefb0dd766202ffd910d63b4b9eef3a82ceb39629dfc1abec7ffd1a05307eee3fcf89e92f1512c5bb77b48c840df1c889086a7ac165b322690758e5962f660228c33bd15da15f7095abeb6d613704a5df4ab3fc90b963215f7a0e4cea0678d1b25d973fa1699bacce4a47e1496341f7cbde4dc18a9a216a4efdd9228b8c16f35e1973741d6b046437fe073c80a2ff344ecd179a62259a22fbd2991839d2dd6017dc995502f0fe43a293674be41477460b51ab2c46e81047b86c3e61d074c6498f6a2973bc7909b3b47d3cdef864047801ce07ed75f858a02315293d91d7d86e1a2540c70cf7ebc1210848f2c488f95df2073e72f9eeddd65f92981b1ac884314c99fee7d9083da32404463722db79ba75913793c03aa30e0f47a1475b8f1afebc6b3e02faa31265d647d1b310b5c3fbfb59df7659baad5fd795d1a5734157ae6bf081fb93fdbf0ad6e6f12e23dfeaf6bbd68f74a3fc7659bba49440fc36e3f719cc771627384b5673318c0305c513b9006371980d33729672281e79985ae981d75a696b345c1e815552c157e888f3a69f8ec5b9be8caf763f994df21a13c4705da231e19173d9b827caa7019024e3e24c2a9a4d44f714259e28abbd8e44c5f75b13108b19dd141f73411ae71c697a7202381272ca456e5796b3cc07aeb6c604aaae41bf9455b1523b57aacc8d249135715e83c0ca27fcdfc7c86776a6f3deb87ed7759259b1b9e01488d2133c42c4ec8f11f46ad1c52d4ce8dbba3805ce2af1c87a0faed4227804d8e426c0a0dde8c0f15ca034003bb3ea5d29329cbece3a2673fae2dda3d9470ea401c5ec5fb4cf0ed2feb9d87be6ae5a3c773956f13c447aab03e285cdb39fec5231b6993cc296857729c203aeef8d9ec7d994ade1f8f16b13eac96ee90dad9f73eb2e93e464b50b4a41e50db849a569e020f6c38deb9f3589e5ab0804b241f0a6ad90a682d315bafeb7c2e57ce882b3ccbc513e9d8a79816594c726fdb5faf98043c4b6dca55008ee4d45f1b7e8120bc31e7b7e532a2b22758ca5c1beb0609338bafaf9c817c79e3f4876e0baffe4ddd251bbc7fb256a24824d9d2d37a34e952eb5279252bab67abe9bc91599cb4b4097f718d94daaa3fa2846ef5c1a6cdc8b5c1d499e30ff3bfe501766b8671690a7e4cd31aa21de59851de7f710e0ef6396e03141f35826121bc8da17c967c9e67724f2800434359879fa31dca65e1f2e0a3e5ed1ab7a5fe37b4f674d706a2c432dd5aba860ab82ec0def29a67614263232a2f0353adb0a1516a94e5f764210a62d5fc35f5204805a107126b641eedbc1080d9044ec06a9de2232601310c2edd00b720667e2a3df08569c7bd1deacfad1342486a91e63b2bc23ac830f32ab57442264090f82810dd19f36cd93898abcc903fecab5124073c38e0c27b62ea493c625dd81391fcbb71a573780f86df4b905c91d261ed0f0ae5265c7acbcff77aaece642ce770da001140bf8df5324cfab0429fbf64570cb02d6db53757f35ae1ce72721cd5707a3efb948dca4b0a35efc42980520854570d581e0cf8c0b132278f70b1b40adb19be62e3b337b1e35fe6c86d8f28d1281f7630743e54271fcf2755db0f4b7cef7961872ce6e6cb23f90a8d95babfc42b8110216716b44ddb16e371999968fcea11f8a04375c29e74a0474423f36cb4799642cde61bee55f15c4e0b86b0542fbd646d86148da8f2b43f1b45f7ff8257287a2a5689760e5e9b0a3f4a990a89c946c653b4e8f4c79f95ea33adad10afa9a89600531262bdf8d34db046b48e957f5d1f768c29265e19f0c7deb0276f40c28abc358e6b87c6444b228d6ba7de248014d1dee08ed6b5e70ed4845a5a44760221edbf9a47f28aeb7e0f32361620b4d216e365168bfee07920444395f8ef349bb997c29ced8f5a95fab923a4da3b8126be8add72f8c7a8c7174f9d82548e47952d13c4344feac8d1b926e44b1fbd09638c99486f4cebdb5209c369ab34dd864da6be79ef880043259570ebdc8fcc44c051846aaac3db9ea06996a32f256187f8ab6ec06b365f7ad379663093d9ab7aafd9ee268ed66d89fef408177858a332a598cc40226f9d0080b6e41e908f8205dde311f4791095ca54fddba549cbacc18796fa076625040a3953c232dc5b1b1a8d525836fdf5d9b9a6a506b65eb089852dd2ba685cfc5b6ece538698937ce33bbb171ea56889990327ff5e8281af57b5cc61c19537472fde916789ea5e6b7b51ac36331fa65ebeb8708112c953d8517e1a0e4cf6bc5246f33baafbd7cb8be1cc37a7ae4281071a9ec859e6306f8b1d667c999a403ea3ca043342b333281c36bb95a2b6916e7d8a27b3d35a847c1fc39c78a31553890762437842d5b9e7bd450088b60ae38de3106d605929f393aba8541a562b80b85db837b7300c13dcd22fc99a3b4cac86fbc0730b21713b5f955b61cfb55f8228b589cd3029c58ecbf9af021859f923f4410dc3c11df4d865c6771795b284c45367d2c8b536c804e9259ce5762db838c4a66140dfff9a0678b246f12c778e9609b882d14f46990315734ae0006a7e3f33239d3f605617dba47c0a11181e6e44a2538fe01284c13c6a734fc47c7cb457bb1a0eee4baccf7f5a7ab620b3f3fd709038d433b0df0f3caaf01c90813437c878b0e195b7286c8e4dcf789ebbeb318ed808c170c4d6e598cb7ef3998c361b6f5a13edfee21f1bbb0eac81aa2ae8628845b1f549dbaa20c5b08e83aeffc4b8c5d434d94db75a43c08a989ac2b4d10d53958033dc48bf5417fcb581a8433352939f00827db77dfe6b04893ccdcea3cebb574e377e55bafd52a6a0ff6a406e093567a4a6e0227e361cefd34021b63d09f3fc7a65e45912cd5a2c3ab2d28dd8f911258389480a770027dde92f4b9f62cba73daaca64153a10ebb6f44b40e7121c91eb5d770e049f4cfc365a67054dba94d321c908dd19e2fc80ee689b51b2b71eb2105b36a3d580aadbafaa95411735a7e2b328c1fa77f9371eb38beff18e3965499b1be78dad850461edd14286295f0ffb6fd9fa69dbbc23bdad14f0179e8602e374946845d51d12bb592388fee2d1db2830bddc1cb06a8dee239511d5d32aa1783567044526c2a491fe472ee570eb95f4b11e5ad0dd9f0c5d96940a05eeda90ad879af2e8f81d226b73e178c1a5ecb340de603b3c7250a87a5fd288e830555d8b2135e6b895838da087624c8b85668c31a9f71fe58aa46a49cec67612e6604410f84a61681d8fbb24cd13b3ef97797319164382e2203b95f44012a93167484eafde4b46017fe34eb925cd3c2a61a64a736f950bb2b868ff7bb3b88d926cd3ae1c44246c0b384648ef6477da0fc64ab7b9459b97d6f2c8b8c18d1e7d5a4b925b55d6b2f5d896db86462fab80554bb9726799842f1715aa2d128b5b2b28560c9517a26e702ed7a2a465fa21a908363f18a1fd76111b9dab752714b355df2516aaa9ab13465f2ee40aadb4425abad92cce0a22e52aa28f3c916e6f0ff5e17812d2db17cd1ccf05e475251b9ba495dd679943767fecb70e154e65cacca723784ad2ed738fa4dac7852b4e96d83370bb070fdfacbc96a0a5586b5b03d381c8edc3df643abaa1688fd540fbc89213a79ae2150a7680e8ceb0801adab1e02ba7ca880ac09df841cbae6f1eabe683f2412fc320332c9a73ec2776b5e44b2a7d21139148fd0275cb2b95af88f5758fa0c7f27ee8f1ade13ea994411e4f14a970f58950a41ffa7801c70395963aa512b343add61262d8f5138927fe57e3e59e25ad2d160d47adeccb8ba9e16d5d4324b883f9c5c9b76f6cf8fb6f4b012d2e5166dbd1a10f582f423410d9187c1857136709b5a6e90f3e7bda573d88658724b19533a3e7129f002e637c385d8e0b946a47867de861bb91ce88faf67a3231eff6d356ad7950056731b76bad3f2d62f90327dd879bde8766a6fca7cf4e9c47b6857195a08e459589b4c0a6c81487dcc96eab1d36cdd50495b64f4027700b8910a3e7d9b9242fd8731063985d183b82871be99157fa9ebd2ca84fbb4280b9e3d5dca3718ae363f10aa2a3f5f05e6509e52945e9aa09b4fef1956430d4bfa86191de8941a3cf823278979307254a910c582bc0478e14a3fe86191379f5688f097b73d349d652aca455620a189033573957a10778e84071a565feddb38503debc8995dce24472d907c271b3305c9f7258f3ee8e275f5f55c3fc768ce965eb593c7fa360ddbade2d3b93b2d22d5db8d13e42053c47855c1a4409a10d60179132525cb149ec318416f11f010628a3449516ae2e84f19070455899d6cfc76952de56c75a9bdd3833cb5bd16f479949b4ac0a52c053f62aaa84d76d6be6032d9c3a8c44814965e9471bc6828a6ad1b91a5675d2ff5a933cbb7f5f66ced09509d3800d9d71daa42827f6dc1dad7854f7a05dac1fd6f4820fee29a0b82c0973218483bf52f56c927019c67629f942eb52250315cf05a5b1b46a7e4da96824b993682fb9717940fc83e7415295b20fef192c7196f84f071cd0c8d541f0fcc22589a6a60b61c2a45ccbaabaefd6809687c5cbac9ebf658561c8945afbf077e116caa4679f200f1fcae52dba576b5a3713d678fda1d1da277a7f95601f33b5e36efe66d3d2745f1e919234540e017a099a9a367b8c2996759471df744c71a70710e6447c101184b8a3ba9e67de7569566624cc1c82bd7600754ecf170a3e2ead70d54ce648fef8dca5fd4c0dad543ca20644ba80a307e6d941711736928120b29b35d3665ba3c424ad464f686f96dd8be4db623a57422a270231d6fe2dd8a19b9a08e97a2149ea6f9827cc97f5cce08eb7d426e295825c14c8095c920e3037495172911d708161f8402d47ca82871fce1246d60e606a7c29241e9b544ee3c89f3ceb777930c3137701354f51116db62d7e5a8a219d57cbf3a40b9623a68eb02bc595cd6305a22f89ee1979e66a2ceebb883cbb97677f9371f9ae97f407fe781a7552dffcc8af0de8e5f0beb51bbb545364b331a6e8ef6595c3ab895e083eea2c064ceaebca3da45be4eecf636ea6d1e5a84b4b845fadd6145fda04aa7b2f4e2c0e651cb6d713363d08747b73996bd5eae2c46c7b69bd1ae9f9c51fc2f4831786e91a280b69ac8020171cff71ff1930aa29587ee06d20a52c880c669599700c7f40e5aedab1499c0595b165e2923c80a06fa38de97912df5d25373840f698d36fa129a8996f1eebabe4fed68c9ef9a80b7f7bee150f01012c1b2bd014a213dfd0f2de90cc0f90a15cfb5425f7655ddd9a5a23d7006b69e18ef9588f5c4c668a39887c2befdd5749c7ff2e4f50d696915d76a3e04d51515b8fab2289644f08a5e78184394b3310ee657bbba36a4513bcf94547bd5c30958d170b2cc2417185500bf3a155302f36022a81ba404acc1c9a0777b15796b571e6bc0a6380e10a56086564d23637204ef4a325a3086bfec1f41adea11a95e17a24f39438a38eb82af65a43fb956e76a8e3af01581e5a2f899ee99c36fdd9e067b50f63b29375720269e493970346164e5dfced23137dbdf419403587acdc9fcf896eb56b5c3cb5707b98b868d4063f9a24a10f8c6aba3fc79c95c38fda986bfba25d0b90c87b417f8ac8da70bf55f61815a1660e9e0c59da8b8e384f36a8ce1b669bac9dcfd9ccf6d9b97463a36e5dca463a15925edfa2b8c7566820a4c44c29a6aa1a838a5c952445e4b42c3a1c07857cb6587445d6ccdc01035e1ba82bd42f4ae7f21deb01ed93923322cc9d3208b457eb644dcd0dbc51ddc70d188fd3c0bda8b3db7c7d3b755f064f6c1a33ee5a33836fc49566d20b9547729ccb297ea4713f6b91cd01e040dad1c8bff8dfa557e34a27cae287fdd94007eb0900141da7cdfcbb0a3072bd180631010b30e29a758c406b82247af57ea6d96e9714a213e3bd953ebea56c98bbccdfc7d8bc7bedbb513d5f7921f4066302ae0423cc709b09602a4b9feae93b83624fda765940c6b0f2dfed762fb9f2ef6e3fd234337ac7a627fa6d84611023bce53cb4026ae99536206158338d32db0740c94389c6519bee933f17e9969347170f5a909ba578dd05b3a49279e4b4c10dff1ba17204b03cd777b0670afc07f7e124cb32d8870a84fb13c57307a33cd5ccd36c4195d513d7c34bfb83d417de458947a23f0ab3cfa846e0e5cbe524f3537e0b65c50bfa1e4e9a12c7bf445766d6631232bf0073a5da8b7bd4bfcf19fc7f24945d2de7284b9e27f4826ca113ba41ef950a7b52fc623329bb9585a8192fe54b2f2d62adbda9c24ed4b9d493d294020e93f62600e6c69e1c3ef6a38eaaabd63c089f1c4c75c3ace60728663bbf1f67c6b99fdad1a6e8113c7c66d47a6ca8d8f9dc15b13412f7bf31ee2a0ae06c50ff10f0c8ce40ce2410b20fdeadc07246fd73b2bf2d52072be578efa427ea2e6d7a2714284900fe4986a91fca92118120616f466fd91d34fa7caa71dd95472a8afedad1ba41d8c16afb911ff4a9df6cace34d13218b7f3ea04aceeefa3d324b87eb65386b7b452b18237a3c14e45a7bfd750987ca7ce55d5304216d142caff32e1c6484ae3e57e712aad48a2709e1cce67bbfddf4c9abd4205611be4f461288cb867a1edd0cf2d59d607606095b0afc552ea91182a77f1332b057edbb1857837a97ebdd690cff88f40871390990c6b46f1f1cec58eb5f956c3969c0f5d9136369a86958e75336cd389514826a50327cbadc55feb79f1db5a5de8a3320d2be9e01ff05aa86c112c4ac288b90e005c996d745d838bb7ec6e887c81a98b4cea271152472c7b4ffdc294dae547685e451db7bd352b1b33d1e6d60daa021d6faf445426bc2b8999dcb02ce04c1dc48be5cf29376aae75688a69a85660da8d73a6d317bcd7fe006a7b625b07718c5c1b64d9546e688f68208e33fd5bff2b8b582bc60ee820103f0f864c71b5ccf013ad8144d4dfcd0dd8bb39511a776484853bfc7f602c1cff7f3561d246b39d42341751f83a01d1708093ee74397122e66877695a457f79e0103ee081bf59dae4e27e58020181811251e049121fe2efb6dba5b8f9caa55835dceebf6a3633a2504b42be15f333d40c2c885948b69f299cdebd6f2f518a2d7ad01f1080095c90595bf731d8024fd9613b6ae922f6cad6d5415a20088f7c86802b743092678b5d2b6470cc246b79dabf0c877364a0ef127950f86e237ece32e6b443d3a3855e8dd9f642622195f3c0441c2cc76cd95b75ea7c2814083e81a907d7c1b978c26dd58732ade6946e266022a6c6a545ca0b01c75453477ec84caf8dc9c06f807d8592d1bbe7c7e358a1216a4db89b8efab41521984f0d423f14542d33395cb08b436108f5ec3070df7f7aca1faf4e69f37d6b1281be97cff3219d097eaaa33719a294ca4c3a248bd95137bcab5214bb23d0a4ac804dba29f20e2b61faa6706d8c1975397d2c1043716c595c9ba5cc87e98082d52575cc1285cf6363d019ad30ce832696f8e1389062382f4dc99775348faa0291200a905d7dfbbfcaf6643560c46f488e5b10f621528e28afe8e8e2971800ee4d2e9750eeb77d0771c52752b59d09d0fda002a4db5f8ee3d6e74c12ab2c1d15948da3a4744d0d7337e6f57dc421e938c49071e55e8781e9b88895bd2560096893b711ca80fa99af60a4d33de7bbfd072bc9541b8b0655d6004c084840f7df576a7a7e0b61fd7ccc4c8a83632b76a7bfdc91bf71de5926f5b81feac63688f691aba7370323404fffbb140707cf17919c29a4d72787cd975b8192a4b2165f495242aca8766b56ffe0be7baba4438130f63c6ec3cf7effea1391ed52ca7e58e15ee4de0cb0d6a592db832eafefa8ea6931fb2c7cfd1aaf2518136bbec08d86c588f2b0227ac7679facd814af4a6daa8316f162d33ee46d2e05316a8d653b8228626ce6d3b838a0457cb147fe0842cab3c0a10e03981a08f500ec01b2b47feea64e874bb90c7f03a7c0a53d1b69737c250ccd573e0702508cbea954637c4b121588f0449bc0bdb26406f1d5322d4134413f41d2c8d31a41e66d84f72a6a87a6a958ee41519b3a7743fb86edc1840e29bc6b065ded63203d2d000a50a0ddf8821c9e9eea079901495225fe063b65b04ea84040c0cb4f7ed768b6fca54d71772c58e1c298cb285ab0877c76e66a894281547f5917a73986ae68f6bbec5a1696817f8b4d52512e50b6cbca0eade7b6bb24a2bc0c61895e660b03928eb645e30aec968a9bc75208940b8293a11dd32f787ac70798d334cd4f8c7599b1745884b8c9d9fe75a92e7df3ebb253643cecce4911d717a86617f0408b72c3319e8acbcabeda495fbb6b3e1dc891b4afb5d45130a300e3473d1d71a3f37889c3716d53049b4c05f2df9607647c6e07fd088ca6f310d86a1af961d834d2d438fee39957ebb4f1fb8c44b210eeaa013abfcece648f320cf8da075febc24f693f0efa1a7affcd92311970ad37f118bbdbbb8c8b02006a01f2b190c303b63021195a3998bab146dd99ee445ba01e7f3c5e08d7cfd011279a569f4bd5522aa384e3c93951b0b122d3d18ce87be2730f9ea618a1260fa10d273084e19d095fa6061f3eca7724f6bae1389aa68bd4392ad3839c22fbbd0d5af55f1e3718d174aed45a7aec7e5803e01b5d4396f8936b16c95a4f48fccd7a6d811e9072fe23b049ab8ac1389dbbbc6148deba084856c27159ff73afad1faa5a261f5f33a552483732b5ede85cb3d4873ba7f959190ac3f44acf9b50a266df5ba05425c0cb3d28ebd5bad22b1aa7fb32fe6f0375d6a7a92a5c8fd720ac7b378bda86798ebaee2c2dadca7c23401e065a2f297dd9d1729668129f82ae439616225f5eebf4827cc08017e7f040e91d49aca21179537009e8770fded07e9e96916755728017e1a7f57a75ac89eb1e862449bcffad80e2b097af73f9e9176c15ebbf778c90a9e09be6de90e426c91697d19b1d8054329c960ec456fc3fd9a152039a531b36070e8bfedf5144574516b3ae939220dcbbe5280a9c4a0b6e5b51d8db8766b2d769b21e114d77126e7b60802ae8e3698d3b24ff8eeea513c8b20c7d02d5ced1192f2141a39fa48da2201f1316ad5fe379ea588e9db3646a0283da65f8787d2fe853ddf88106648e189ad9cac1a65736b4acaa6e8ce8ac0d4a284afaf59cfbfe7b1feca446ba2a8835a11ed41b966d41cc1c976147bf140c337d4e6a37def0c0df1bf5d1911d4f6027875d55ebaf0e109902e2a5f358a73ae0fe3edea92f046a361d4e235b7f3683f06038156de66dcfa0fb776c812a318f2a5fa21edb6058569821b1686e9fe6f0345762c9e3c74c4628fe384341b746ce9f4413f0912b0d6d2479bb98074aef0ccfd1017b37a45b178b053beecbf2390ed9c2bda2dc24a0a3425f3d9a9688e20cd4f1bed487719d62845c6a68d271ce7b52cd3aaf415664a4ab4ebd3a117c867a50d24e1d5e59bb7da793625186b9a8884af7f07b54a64793d5981833954fe01279462a8f8134ee966746b188843a1cda47d8a8b445326f29f8c2bd04bcae870244f6bf3b97d59f875221fccc70434997fbd9eda7bcab81284de32be737c598898c499bd5c8d400124b5844279b5c8ea66791b59226e0292efdc7734427631ac242f26aaeed8504fd1bec8abb377c386fc4a7efbedc759b80daa2d011b01e1f74692381ba077ed0ed10b029a080a55f637f3744680b1b262ea7b7bd859f9e434bda8867f897f8d0567d30c5b2a7893a104e9290405f929a288932b6b05d86fa86f792fc25a4c3957bdfcdd8df6ff09a70ec9b3d63f407751b36f82a78f7eae5430e2ee93b4d1ed74bdf9f22e717107b6c5f05a91fc3de3e66ae647d77e359cfd110060afa29600e30b8dc4da97d667b8eb4fdfe6dd44d8b58a366044a2dbe4a307655b389707c16245b6c75d6f2dc9666b33001f6320f934649e453fb1ad72e95de93b521910fcb34abf68c3425f7c7e5761f9b9cccb9788a99d2afd01acfcc9173c1468c5d0b8991f413011530ecd70d3f32a74b7bdb26d5c5c62f1523ad0d075cb6d4a59650780ec5392295624278624494d98a6e07890cc95cacf87f903326f4a337c4ad680059962a76b18144b93a8918cea8d62dcf1d99c0ef828c0b0298ee09bc9ce03c8bbcdcb664646552917be61e48abbb35a2531b851653d6de9be157d2cdd3fb1a9e630026db7a81be166beb0dd78b48a60021d7e33bb9f2cc955f8ec6a0e3f0690826c2192c31bff7fab8d6700

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"= {00b6025e-fad3-4647-ba8d-a309ca831337} - e404d.dll [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOWS\syste

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

.
Contents of the 'Scheduled Tasks' folder
"2007-06-16 20:28:40 C:\WINDOWS\Tasks\McAfee Cleanup.job"
- C:\DOCUME~1\SMILEY~1.AME\LOCALS~1\Temp\MCPR.tmp\mccleanup.exe
"2007-10-15 05:00:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-06-29 00:53:24 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 15:23:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-30 15:28:16 - machine was rebooted
.
--- E O F ---

BC AdBot (Login to Remove)

 


#2 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:06:09 AM

Posted 14 December 2007 - 12:59 PM

Hello tazz27 and welcome to BleepingComputer!

Apollogies for the delay. The forum has been very busy lately. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log.

Please also post the problems you are having.

Thanks,

Johannes

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#3 tazz27

tazz27
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 13 January 2008 - 06:12 PM

Well, it has been awhile since i have been on here, so i will do this and get back to you,


THANKS IN ADVANCE!!!!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users