Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie7 Redirects From Search Results


  • This topic is locked This topic is locked
9 replies to this topic

#1 Brad71

Brad71

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 07 December 2007 - 08:50 PM

Hello,

I've used Norton Internet Security 2008 and AdAware to remove most of the Trojans/Malware/Spyware on my PC. They both run to completion now without detecting anything. All the popups and bogus infection messages are now gone.

One remaining problem I have besides the PC running sluggish is when I do a search with IE7 from Yahoo or Google, I get the search results fine. However, when I click on a link I am redirected to the wrong site. Usually a website related to the search result that wants to sell me something. As long as I type in the URL manually I'm fine.

I do not have this problem using the Opera browser. I reinstalled IE7 and I've installed all the updates from Microsoft. My PC is running XP SP2.

Any help is really appreciated!

Best Regards,

Brad

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:38 PM, on 12/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EZ-DUB\EZ-DUB.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08C525F4-2EBD-396D-B12A-005661A8CF95} - C:\Program Files\Wiffddnr\tonntfog.dll
O2 - BHO: (no name) - {16975C1E-950B-F58A-B187-08ED8F89A6B0} - C:\Program Files\Jzapnzjv\amnbycnn.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5F422962-A454-409E-B5B7-4CD491E8E50C} - C:\WINDOWS\system32\pmkhe.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B0F7A234-60D9-6F78-DE5C-3DE6768658B2} - C:\WINDOWS\system32\uusbhgf.dll (file missing)
O2 - BHO: {9fff4fb1-1c99-e279-f474-12024b3370cc} - {cc0733b4-2021-474f-972e-99c11bf4fff9} - C:\WINDOWS\system32\wyhslqla.dll (file missing)
O2 - BHO: (no name) - {ED203331-9C33-49D8-8714-D24A366A04EC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [krqhqjsd] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\krqhqjsd.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\utorrent\utorrent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: EZ-DUB Finder.lnk = C:\Program Files\EZ-DUB\EZ-DUB.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Shortcut to utorrent.lnk = C:\Program Files\utorrent\utorrent.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://66.252.20.215:8000/Java/cfs31235.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Go Fish - http://download2.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/033b8f3316344b...ip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195715042421
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: phjtmlxh - phjtmlxh.dll (file missing)
O20 - Winlogon Notify: winlvi32 - winlvi32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10519 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:55 AM

Posted 08 December 2007 - 11:57 AM

Hello Brad,

Welcome to Bleeping Computer :thumbsup:

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Brad71

Brad71
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 09 December 2007 - 02:22 PM

Thanks for the reply! Below are the logs.


Combofix log:

ComboFix 07-12-09.3 - Kaitlyn 2007-12-09 12:56:57.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.197 [GMT -6:00]
Running from: C:\Documents and Settings\Kaitlyn\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\Kaitlyn\Application Data\SMBOLS~1
C:\Documents and Settings\Kaitlyn\Favorites\Online Security Guide.lnk
C:\Program Files\Common Files\curity~1
C:\Program Files\Jzapnzjv
C:\Program Files\Jzapnzjv\amnbycnn.dll
C:\Program Files\mvcfqrmh
C:\Program Files\mvcfqrmh\ozedelqt.dll
C:\Program Files\Wiffddnr
C:\Program Files\Wiffddnr\tonntfog.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\dcmwdoab.dll
C:\WINDOWS\system32\ehkmp.ini
C:\WINDOWS\system32\ehkmp.ini2
C:\WINDOWS\system32\fwttdtuw.dll
C:\WINDOWS\system32\qfovkrbl
C:\WINDOWS\system32\qfovkrbl\bg1.gif
C:\WINDOWS\system32\qfovkrbl\bgtop.gif
C:\WINDOWS\system32\qfovkrbl\bottom1.gif
C:\WINDOWS\system32\qfovkrbl\essentials.gif
C:\WINDOWS\system32\qfovkrbl\icon1.ico
C:\WINDOWS\system32\qfovkrbl\install1.gif
C:\WINDOWS\system32\qfovkrbl\left1.gif
C:\WINDOWS\system32\qfovkrbl\li.gif
C:\WINDOWS\system32\qfovkrbl\logo.gif
C:\WINDOWS\system32\qfovkrbl\main.htm
C:\WINDOWS\system32\qfovkrbl\mainframe.htm
C:\WINDOWS\system32\qfovkrbl\qfovkrbl1.exe
C:\WINDOWS\system32\qfovkrbl\reinstall1.gif
C:\WINDOWS\system32\qfovkrbl\right1.gif
C:\WINDOWS\system32\qfovkrbl\s1.htm
C:\WINDOWS\system32\qfovkrbl\s2.htm
C:\WINDOWS\system32\qfovkrbl\s3.htm
C:\WINDOWS\system32\qfovkrbl\SMTop1.gif
C:\WINDOWS\system32\qfovkrbl\SMTop2.gif
C:\WINDOWS\system32\qfovkrbl\SMTop3.gif
C:\WINDOWS\system32\qfovkrbl\SMTop4.gif
C:\WINDOWS\system32\qfovkrbl\soft1_off.gif
C:\WINDOWS\system32\qfovkrbl\soft1_off_ext.gif
C:\WINDOWS\system32\qfovkrbl\soft1_on.gif
C:\WINDOWS\system32\qfovkrbl\soft1_on_ext.gif
C:\WINDOWS\system32\qfovkrbl\soft2_off.gif
C:\WINDOWS\system32\qfovkrbl\soft2_off_ext.gif
C:\WINDOWS\system32\qfovkrbl\soft2_on.gif
C:\WINDOWS\system32\qfovkrbl\soft2_on_ext.gif
C:\WINDOWS\system32\qfovkrbl\soft3_off.gif
C:\WINDOWS\system32\qfovkrbl\soft3_off_ext.gif
C:\WINDOWS\system32\qfovkrbl\soft3_on.gif
C:\WINDOWS\system32\qfovkrbl\soft3_on_ext.gif
C:\WINDOWS\system32\qfovkrbl\softbottom_off.gif
C:\WINDOWS\system32\qfovkrbl\softbottom_on.gif
C:\WINDOWS\system32\qfovkrbl\softleft_off.gif
C:\WINDOWS\system32\qfovkrbl\softleft_on.gif
C:\WINDOWS\system32\qfovkrbl\top1.gif
C:\WINDOWS\system32\qfovkrbl\top2.gif
C:\WINDOWS\system32\qfovkrbl\turnoff1.gif
C:\WINDOWS\system32\qfovkrbl\turnon1.gif
C:\WINDOWS\system32\scurit~1
C:\WINDOWS\system32\scurit~1\s?curity\
C:\WINDOWS\system32\vgfddwtv
C:\WINDOWS\system32\vgfddwtv\bg1.gif
C:\WINDOWS\system32\vgfddwtv\bgtop.gif
C:\WINDOWS\system32\vgfddwtv\bottom1.gif
C:\WINDOWS\system32\vgfddwtv\essentials.gif
C:\WINDOWS\system32\vgfddwtv\icon1.ico
C:\WINDOWS\system32\vgfddwtv\install1.gif
C:\WINDOWS\system32\vgfddwtv\left1.gif
C:\WINDOWS\system32\vgfddwtv\li.gif
C:\WINDOWS\system32\vgfddwtv\logo.gif
C:\WINDOWS\system32\vgfddwtv\main.htm
C:\WINDOWS\system32\vgfddwtv\mainframe.htm
C:\WINDOWS\system32\vgfddwtv\reinstall1.gif
C:\WINDOWS\system32\vgfddwtv\right1.gif
C:\WINDOWS\system32\vgfddwtv\s1.htm
C:\WINDOWS\system32\vgfddwtv\s2.htm
C:\WINDOWS\system32\vgfddwtv\s3.htm
C:\WINDOWS\system32\vgfddwtv\SMTop1.gif
C:\WINDOWS\system32\vgfddwtv\SMTop2.gif
C:\WINDOWS\system32\vgfddwtv\SMTop3.gif
C:\WINDOWS\system32\vgfddwtv\SMTop4.gif
C:\WINDOWS\system32\vgfddwtv\soft1_off.gif
C:\WINDOWS\system32\vgfddwtv\soft1_off_ext.gif
C:\WINDOWS\system32\vgfddwtv\soft1_on.gif
C:\WINDOWS\system32\vgfddwtv\soft1_on_ext.gif
C:\WINDOWS\system32\vgfddwtv\soft2_off.gif
C:\WINDOWS\system32\vgfddwtv\soft2_off_ext.gif
C:\WINDOWS\system32\vgfddwtv\soft2_on.gif
C:\WINDOWS\system32\vgfddwtv\soft2_on_ext.gif
C:\WINDOWS\system32\vgfddwtv\soft3_off.gif
C:\WINDOWS\system32\vgfddwtv\soft3_off_ext.gif
C:\WINDOWS\system32\vgfddwtv\soft3_on.gif
C:\WINDOWS\system32\vgfddwtv\soft3_on_ext.gif
C:\WINDOWS\system32\vgfddwtv\softbottom_off.gif
C:\WINDOWS\system32\vgfddwtv\softbottom_on.gif
C:\WINDOWS\system32\vgfddwtv\softleft_off.gif
C:\WINDOWS\system32\vgfddwtv\softleft_on.gif
C:\WINDOWS\system32\vgfddwtv\top1.gif
C:\WINDOWS\system32\vgfddwtv\top2.gif
C:\WINDOWS\system32\vgfddwtv\turnoff1.gif
C:\WINDOWS\system32\vgfddwtv\turnon1.gif
C:\WINDOWS\system32\vgfddwtv\vgfddwtv1.exe
C:\WINDOWS\system32\vgopkomq.dllbox
C:\WINDOWS\system32\wtsisvcc32.exe
C:\WINDOWS\system32\ymhogebq.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))
.

2007-12-07 19:35 . 2007-12-07 19:37 <DIR> d-------- C:\HJT
2007-12-07 18:52 . 2007-12-07 18:53 <DIR> d-------- C:\Program Files\Opera
2007-12-03 23:36 . 2007-12-03 23:36 <DIR> d-------- C:\Program Files\Windows Sidebar
2007-12-03 23:32 . 2007-12-03 23:42 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-12-03 23:25 . 2007-12-05 17:47 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-03 23:25 . 2007-12-05 17:47 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-03 23:25 . 2007-12-05 17:47 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-03 23:25 . 2007-12-05 17:47 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-03 21:41 . 2007-12-03 23:15 844,045 --ahs---- C:\WINDOWS\system32\gynnpvtv.ini
2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-29 13:10 . 2007-12-03 21:36 855,411 --ahs---- C:\WINDOWS\system32\aoypuhnc.ini
2007-11-28 16:04 . 2007-11-29 12:07 855,231 --ahs---- C:\WINDOWS\system32\otjpyuns.ini
2007-11-25 11:51 . 2007-11-25 12:10 2,450 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-25 01:02 . 2007-11-28 16:01 675,742 --ahs---- C:\WINDOWS\system32\ryimcijr.ini
2007-11-24 00:59 . 2007-11-25 00:59 675,613 --ahs---- C:\WINDOWS\system32\csefblfh.ini
2007-11-23 03:04 . 2007-11-23 03:04 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-23 01:02 . 2007-11-23 09:58 751,763 --ahs---- C:\WINDOWS\system32\byqjhxcv.ini
2007-11-22 18:33 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-22 18:33 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-11-22 00:57 . 2007-11-22 23:02 743,312 --ahs---- C:\WINDOWS\system32\qvfhjqhm.ini
2007-11-22 00:33 . 2007-11-22 00:33 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-22 00:33 . 2007-11-22 00:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-22 00:31 . 2007-11-22 00:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-21 23:59 . 2007-11-22 00:53 716,939 --ahs---- C:\WINDOWS\system32\ahwnuent.ini
2007-11-21 01:01 . 2007-11-21 01:01 131,072 --a------ C:\Documents and Settings\All Users\Application Data\krqhqjsd.dll
2007-11-20 23:34 . 2007-11-22 00:28 2,238 --a------ C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico
2007-11-20 22:17 . 2007-11-20 22:17 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-20 22:11 . 2007-11-21 00:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-20 21:51 . 2007-11-21 23:55 67,645 --a------ C:\WINDOWS\system32\drivers\pshook11.sys
2007-11-20 21:44 . 2007-11-22 08:00 <DIR> d-------- C:\Program Files\RegClean
2007-11-20 21:44 . 2007-11-22 03:30 <DIR> d-------- C:\Documents and Settings\Kaitlyn\Application Data\RegClean
2007-11-20 12:41 . 2007-11-21 23:53 689,283 --ahs---- C:\WINDOWS\system32\ekfjeggb.ini
2007-11-19 18:58 . 2007-11-19 18:58 1,147,424 --a------ C:\Install
2007-11-19 18:58 . 2007-11-19 18:58 104,448 --a------ C:\WINDOWS\system32\drvzan.dll
2007-11-19 18:54 . 2007-11-19 18:54 <DIR> d-------- C:\Documents and Settings\Kaitlyn\Application Data\CyberLink
2007-11-19 18:50 . 2007-11-19 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-11-19 18:47 . 2007-11-19 18:47 <DIR> d-------- C:\Program Files\CyberLink
2007-11-19 18:02 . 2007-11-19 18:02 <DIR> d-------- C:\Documents and Settings\Kaitlyn\Application Data\dvdcss
2007-11-15 21:50 . 2007-11-15 21:50 <DIR> d-------- C:\Program Files\PENTAX
2007-11-13 00:10 . 2007-12-07 15:00 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-11-12 23:49 . 2007-11-24 19:45 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
2007-11-12 23:38 . 2006-10-04 08:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-11-12 23:38 . 2006-10-04 08:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-11-12 23:38 . 2006-10-04 08:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-11-12 22:52 . 2007-12-08 18:57 870,128 --a------ C:\WINDOWS\system32\mcs.rma
2007-11-12 22:52 . 2007-12-08 18:57 4 --a------ C:\WINDOWS\system32\AB9756
2007-11-12 22:50 . 2007-11-12 22:50 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-09 19:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-09 18:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-09 18:47 --------- d-----w C:\Documents and Settings\Kaitlyn\Application Data\uTorrent
2007-12-08 01:13 --------- d-----w C:\Documents and Settings\Kaitlyn\Application Data\SolidWorks
2007-12-05 23:47 --------- d-----w C:\Program Files\Symantec
2007-11-22 13:55 --------- d-----w C:\Program Files\Motorola Phone Tools
2007-11-20 00:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-16 01:17 --------- d-----w C:\Program Files\utorrent
2007-11-13 05:51 --------- d-----w C:\Program Files\Rhapsody
2007-11-13 05:38 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-13 04:50 --------- d-----w C:\Program Files\Common Files\Real
2007-11-13 04:27 --------- d-----w C:\Program Files\Google
2007-11-02 00:34 --------- d-----w C:\Documents and Settings\Kaitlyn\Application Data\Ahead
2007-11-02 00:31 --------- d-----w C:\Program Files\Ahead
2007-11-02 00:28 --------- d-----w C:\Program Files\Common Files\Nero
2007-11-02 00:24 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-02 00:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-11-02 00:09 --------- d-----w C:\Program Files\ImTOO
2007-10-27 01:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-10-27 01:02 --------- d-----w C:\Program Files\Common Files\WinMain
2007-10-27 00:58 --------- d-----w C:\Program Files\infragistics
2007-10-27 00:58 --------- d-----w C:\Program Files\codejock software
2007-10-26 22:27 --------- d-----w C:\Documents and Settings\Kaitlyn\Application Data\SolidWorksNewsReader
2007-10-26 22:22 --------- d-----w C:\Program Files\SolidWorks
2007-10-26 22:16 --------- d-----w C:\Program Files\Common Files\SolidWorks Shared
2007-10-26 22:14 --------- d-----w C:\Documents and Settings\Kaitlyn\Application Data\DWGeditor
2007-10-26 22:13 --------- d-----w C:\Program Files\DWGeditor
2007-10-26 22:12 --------- d-----w C:\Program Files\SolidWorks Installation Manager
2007-10-26 22:11 --------- d-----w C:\Program Files\Common Files\eDrawings2007
2007-10-26 21:45 --------- d-----w C:\Program Files\Common Files\Solidworks Data
2007-10-26 21:44 --------- d-----w C:\Program Files\Windows Desktop Search
2007-10-26 17:22 --------- d-----w C:\Program Files\CarveWright
2007-10-26 17:19 --------- d-----w C:\Program Files\Auction Sentry
2007-10-26 17:15 --------- d-----w C:\Program Files\Vonage
2007-10-26 15:49 --------- d-----w C:\Program Files\PowerISO
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-17 18:09 --------- d-----w C:\Program Files\NETGEAR
2007-10-17 17:51 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-10-11 23:54 --------- d-----w C:\Program Files\InterActual
2007-03-15 21:31 92,064 ----a-w C:\Documents and Settings\Kaitlyn\mqdmmdm.sys
2007-03-15 21:31 9,232 ----a-w C:\Documents and Settings\Kaitlyn\mqdmmdfl.sys
2007-03-15 21:31 79,328 ----a-w C:\Documents and Settings\Kaitlyn\mqdmserd.sys
2007-03-15 21:31 66,656 ----a-w C:\Documents and Settings\Kaitlyn\mqdmbus.sys
2007-03-15 21:31 6,208 ----a-w C:\Documents and Settings\Kaitlyn\mqdmcmnt.sys
2007-03-15 21:31 5,936 ----a-w C:\Documents and Settings\Kaitlyn\mqdmwhnt.sys
2007-03-15 21:31 4,048 ----a-w C:\Documents and Settings\Kaitlyn\mqdmcr.sys
2007-03-15 21:31 25,600 ----a-w C:\Documents and Settings\Kaitlyn\usbsermptxp.sys
2007-03-15 21:31 22,768 ----a-w C:\Documents and Settings\Kaitlyn\usbsermpt.sys
2005-05-12 04:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F422962-A454-409E-B5B7-4CD491E8E50C}]
C:\WINDOWS\system32\pmkhe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 21:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-12-03 23:35 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0F7A234-60D9-6F78-DE5C-3DE6768658B2}]
C:\WINDOWS\system32\uusbhgf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc0733b4-2021-474f-972e-99c11bf4fff9}]
C:\WINDOWS\system32\wyhslqla.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Program Files\utorrent\utorrent.exe" [2007-10-14 17:42]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-04 01:56 C:\WINDOWS\system32\irprops.cpl]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 17:36]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-04-26 16:01]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2006-05-22 12:26]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 23:07]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 22:53]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EZ-DUB Finder.lnk - C:\Program Files\EZ-DUB\EZ-DUB.exe [2005-09-13 18:47:52]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04]
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2007-10-17 12:09:57]
Quicken Startup.lnk - C:\QUICKENW\QWDLLS.EXE [2006-08-31 19:41:28]
Shortcut to utorrent.lnk - C:\Program Files\utorrent\utorrent.exe [2007-01-15 00:16:58]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 21:44:08]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\phjtmlxh]
phjtmlxh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winlvi32]
winlvi32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
R2 mrtRate;mrtRate;C:\WINDOWS\system32\drivers\mrtRate.sys
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys
S2 NMSSvc;Intel® NMS;C:\WINDOWS\System32\NMSSvc.exe
S3 COH_Mon;COH_Mon;\??\C:\WINDOWS\system32\Drivers\COH_Mon.sys
S3 mqdmbus;Motorola DM Composite Driver (WDM);C:\WINDOWS\system32\DRIVERS\mqdmbus.sys
S3 mqdmmdfl;Motorola USB Modem (Filter);C:\WINDOWS\system32\DRIVERS\mqdmmdfl.sys
S3 mqdmmdm;Motorola USB Modem;C:\WINDOWS\system32\DRIVERS\mqdmmdm.sys
S3 mqdmserd;Motorola USB Diag;C:\WINDOWS\system32\DRIVERS\mqdmserd.sys
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys
S3 YMIDUSB;YAMAHA Corporation USB MIDI Driver;C:\WINDOWS\system32\Drivers\ymidusb.sys

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-12-08 14:06:18 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Kaitlyn.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
"2007-12-08 00:37:01 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-12-08 09:30:01 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\RtlGina2.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\DOCUME~1\Kaitlyn\LOCALS~1\Temp\awgkvkyv.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 13:02:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-09 13:04:29
.
--- E O F ---

HJT LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:00 PM, on 12/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EZ-DUB\EZ-DUB.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\HJT\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5F422962-A454-409E-B5B7-4CD491E8E50C} - C:\WINDOWS\system32\pmkhe.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B0F7A234-60D9-6F78-DE5C-3DE6768658B2} - C:\WINDOWS\system32\uusbhgf.dll (file missing)
O2 - BHO: {9fff4fb1-1c99-e279-f474-12024b3370cc} - {cc0733b4-2021-474f-972e-99c11bf4fff9} - C:\WINDOWS\system32\wyhslqla.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\utorrent\utorrent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: EZ-DUB Finder.lnk = C:\Program Files\EZ-DUB\EZ-DUB.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Shortcut to utorrent.lnk = C:\Program Files\utorrent\utorrent.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://66.252.20.215:8000/Java/cfs31235.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Go Fish - http://download2.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/033b8f3316344b...ip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195715042421
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: phjtmlxh - phjtmlxh.dll (file missing)
O20 - Winlogon Notify: winlvi32 - winlvi32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10150 bytes

#4 Brad71

Brad71
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 09 December 2007 - 04:38 PM

I think that may have fixed the problem. The redirects are no longer happening in IE. Please let me know if there is anything you see in the logs that needs fixed.

Thanks!

Brad

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:55 AM

Posted 09 December 2007 - 06:54 PM

Hi Brad,

Glad it's better. :blink:

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: (no name) - {5F422962-A454-409E-B5B7-4CD491E8E50C} - C:\WINDOWS\system32\pmkhe.dll (file missing)
O2 - BHO: (no name) - {B0F7A234-60D9-6F78-DE5C-3DE6768658B2} - C:\WINDOWS\system32\uusbhgf.dll (file missing)
O2 - BHO: {9fff4fb1-1c99-e279-f474-12024b3370cc} - {cc0733b4-2021-474f-972e-99c11bf4fff9} - C:\WINDOWS\system32\wyhslqla.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/033b8f3316344b...ip/RdxIE601.cab
O20 - Winlogon Notify: phjtmlxh - phjtmlxh.dll (file missing)
O20 - Winlogon Notify: winlvi32 - winlvi32.dll (file missing)


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer.

Your Java is way out of date, which leaves your computer vulnerable.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6u3.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
In your reply, please post a new HijackThis log and let me know how it's running. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 Brad71

Brad71
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 09 December 2007 - 08:05 PM

Items removed and latest version of Java installed. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:14 PM, on 12/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\EZ-DUB\EZ-DUB.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\HJT\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?

LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?

LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?

LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!

\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!

\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows

Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32

\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common

Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1

\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03

\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!

\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common

Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\utorrent\utorrent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: EZ-DUB Finder.lnk = C:\Program Files\EZ-DUB\EZ-DUB.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Shortcut to utorrent.lnk = C:\Program Files\utorrent\utorrent.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop

Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10

\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://66.252.20.215:8000/Java/cfs31235.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Go Fish - http://download2.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://www.update.microsoft.com/microsoftu...b?1195715042421
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware

2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop

Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks

Shared\Service\SolidWorksLicensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. -

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common

Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9335 bytes

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:55 AM

Posted 09 December 2007 - 08:33 PM

Hi Brad,

How is it running? Looks good from my end. :thumbsup:

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

If there are no further problems:

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

You should definitely maintain a firewall. Some good free firewalls are Kerio, or Outpost. I use Comodo on my own system and really like it. http://comodo.com
A tutorial on understanding and using firewalls may be found here.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 Brad71

Brad71
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 09 December 2007 - 10:27 PM

:thumbsup:

Everything is running great! Thanks for the help and recommendations.

Brad

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:55 AM

Posted 09 December 2007 - 11:14 PM

You're most welcome. :thumbsup:

Posted Image
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:55 AM

Posted 17 December 2007 - 04:59 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users