Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Popups, Wallpaper Change, Task Mgr Not Avail, Pls Help!


  • This topic is locked This topic is locked
9 replies to this topic

#1 caradoc

caradoc

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 02 January 2008 - 11:21 AM

Performed tasks in prep guide. HJTLog follows...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:42 AM, on 1/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lpcywinp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\AOL\1188262221\ee\AOLSoftware.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isp.netscape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\lpcywinp.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: egmulhxk.msdn_hlp - {477840F3-BA52-44D9-8E41-38D61CAA010F} - C:\WINDOWS\system32\egmulhxk.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {55570d6a-1dd2-11b2-8ffc-80783474ac73} - C:\WINDOWS\ahknoliv.dll
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SnapToolbarHelper Class - {8600AC1E-BE58-4FFC-BD5D-F2A8EC38C838} - C:\Program Files\Snap Visual Search\snapbar.dll
O2 - BHO: BndBlock4 BHO Class - {8F9E2BE3-766D-4831-BB0E-766D5B819995} - C:\Program Files\QdrDrive\QdrDrive9.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {f8e2cb56-1dd1-11b2-a97f-bf2f904a0e7f} - C:\WINDOWS\dglmbahg.dll
O3 - Toolbar: SuperBar - {D0169048-EDCA-4E8F-AFA0-80D750622A29} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Snap Visual Search - {EF56413F-9398-4DF5-BC88-6FC3B227D5C5} - C:\Program Files\Snap Visual Search\snapbar.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [NI.UWFX5] "C:\Documents and Settings\Lisa Ellis\Local Settings\Temporary Internet Files\Content.IE5\4ZXREUZ5\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1188262221\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [repkvmbs] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\repkvmbs.dll"
O4 - HKLM\..\Run: [drmsrv32] C:\DOCUME~1\MEGANE~1\LOCALS~1\Temp\ssmmt.exe
O4 - HKLM\..\Run: [wlizupkl] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\wlizupkl.dll"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKLM\..\Policies\Explorer\Run: [72C1eF42hG] rundll32.exe "C:\WINDOWS\KBOpt\svunuvgl.dll",DllCleanServer
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://playgames.comcast.net/online2/pirat...rs.1.0.0.32.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp...302/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://remoteoffice.citigroup.com/dana-cac...perSetupSP1.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://playgames.comcast.net/online2/mahjo...ameLauncher.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...tupv2.0.0.9.cab?
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: dvdcmd - C:\WINDOWS\repair\dvdcmd.dll (file missing)
O21 - SSODL: AOL Uninstaller - {CC18EA8A-3867-5BA4-31C8-B13DA39932BD} - c:\program files\common files\aol\wcdfc9.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 16317 bytes


Thank you!

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:59 AM

Posted 02 January 2008 - 12:22 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 caradoc

caradoc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 02 January 2008 - 01:21 PM

Hi Sam. Thanks. Here's the Combofix log....


ComboFix 07-12-31.4 - Marc Ellis 2008-01-02 13:08:12.1 - NTFSx86
Running from: C:\Documents and Settings\Marc Ellis\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\repkvmbs.dll
C:\Documents and Settings\All Users\Application Data.\wlizupkl.dll
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip
C:\Documents and Settings\Megan Ellis\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Megan Ellis\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Megan Ellis\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive9.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\dic.gz
C:\Program Files\QdrModule\kwd.gz
C:\Program Files\QdrModule\QdrModule11.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack11.exe
C:\Program Files\QdrPack\trgts.gz
C:\Program Files\security toolbar
C:\Program Files\security toolbar\Uninstall.bat
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\mrofinu11.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\PerfInfo
C:\WINDOWS\PerfInfo\72C1eF42hG.exe
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\din.ip
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\egmulhxk.dll
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\lpcywinp.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\sznf.ascii
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 )))))))))))))))))))))))))))))))
.

2008-01-02 13:14 . 2008-01-02 13:14 <DIR> d-------- C:\WINDOWS\PerfInfo
2008-01-02 13:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 23:05 . 2008-01-02 00:22 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-01 19:06 . 2008-01-01 20:29 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-01 19:06 . 2008-01-01 19:06 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-01 19:06 . 2008-01-01 19:06 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-01 19:06 . 2008-01-01 19:06 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-01 17:45 . 2008-01-01 17:44 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-01 17:44 . 2008-01-01 17:59 <DIR> d-------- C:\Documents and Settings\Marc Ellis\.housecall6.6
2007-12-31 15:40 . 2007-12-31 15:40 <DIR> d-------- C:\WINDOWS\nwkejgms
2007-12-31 15:40 . 2007-12-31 15:40 89,600 --a------ C:\WINDOWS\dglmbahg.dll
2007-12-31 13:59 . 2007-12-31 13:59 <DIR> d-------- C:\WINDOWS\rorudvlu
2007-12-31 13:59 . 2008-01-01 20:27 <DIR> d-------- C:\WINDOWS\KBOpt
2007-12-31 13:59 . 2007-12-31 13:59 67,072 --a------ C:\WINDOWS\ahknoliv.dll
2007-12-31 13:59 . 2007-12-31 13:59 4 --a------ C:\WINDOWS\system32\jpewocmz.ini
2007-12-31 00:34 . 2007-12-31 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-30 23:54 . 2007-12-30 23:54 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2007-12-30 23:54 . 2007-12-30 23:54 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2007-12-29 23:23 . 2007-12-29 23:23 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-29 23:23 . 2006-10-04 09:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-29 23:23 . 2006-10-04 09:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-29 23:23 . 2006-10-04 09:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-12-29 23:21 . 2007-12-29 23:21 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-29 23:21 . 2007-12-29 23:22 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-20 01:54 . 2007-12-20 01:54 <DIR> d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-12-20 01:54 . 2001-11-30 19:05 131,072 --a------ C:\WINDOWS\system32\dzip32.dll
2007-12-20 01:54 . 2001-11-30 19:05 110,592 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-12-16 19:53 . 2007-12-16 19:53 <DIR> d-------- C:\Documents and Settings\Megan Ellis\Application Data\Dealio
2007-12-16 19:20 . 2007-12-16 19:20 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-12-16 19:19 . 2008-01-01 20:16 <DIR> d-------- C:\Program Files\Snap Visual Search
2007-12-16 19:16 . 2007-12-16 19:19 <DIR> d-------- C:\Program Files\Morpheus Photo Animation Suite
2007-12-16 19:16 . 2007-12-16 19:16 <DIR> d-------- C:\Documents and Settings\Marc Ellis\Application Data\Morpheus Software
2007-12-16 18:21 . 2007-12-16 18:21 <DIR> d-------- C:\epson
2007-12-14 09:52 . 2007-12-14 09:52 <DIR> d-------- C:\Documents and Settings\Marc Ellis\Citrix
2007-12-14 09:52 . 2007-12-14 09:52 81 --a------ C:\CTX.DAT
2007-12-05 10:17 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 18:14 --------- d-----w C:\Program Files\Steam
2008-01-02 01:15 --------- d-----w C:\Program Files\QuickTime
2008-01-02 01:10 --------- d-----w C:\Program Files\Google
2008-01-02 00:01 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-31 02:07 --------- d-----w C:\Program Files\LimeWire
2007-12-28 14:38 86,016 ----a-w C:\Documents and Settings\Marc Ellis\IDHWTSS1.dll
2007-12-28 14:38 81,920 ----a-w C:\Documents and Settings\Marc Ellis\hobjni.dll
2007-12-16 23:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-14 14:49 --------- d-----w C:\Program Files\Juniper Networks
2007-12-12 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-05 15:17 --------- d-----w C:\Program Files\Java
2007-11-30 05:11 --------- d-----w C:\Documents and Settings\Marc Ellis\Application Data\Juniper Networks
2007-11-22 21:09 --------- d-----w C:\Program Files\America Online 9.0
2007-11-18 23:21 --------- d-----w C:\Program Files\Comcast Play Games
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-25 15:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2005-10-22 05:37 36,868 ----a-w C:\Documents and Settings\Marc Ellis\PrtDLL.dll
2005-07-01 05:06 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-08-31 14:47 178,623 --sha-w C:\WINDOWS\repair\dmcdvd.bak1
2005-09-07 19:18 182,817 --sha-w C:\WINDOWS\repair\dmcdvd.bak2
2005-09-07 05:39 181,900 --sha-w C:\WINDOWS\repair\dmcdvd.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{55570d6a-1dd2-11b2-8ffc-80783474ac73}]
2007-12-31 13:59 67072 --a------ C:\WINDOWS\ahknoliv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8600AC1E-BE58-4FFC-BD5D-F2A8EC38C838}]
2007-12-16 19:19 311296 --a------ C:\Program Files\Snap Visual Search\snapbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f8e2cb56-1dd1-11b2-a97f-bf2f904a0e7f}]
2007-12-31 15:40 89600 --a------ C:\WINDOWS\dglmbahg.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2007-11-29 21:09 1266936]
"LDM"="\Program\BackWeb-8876480.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 08:10 68856]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 10:06 118784 C:\WINDOWS\system32\ptipbmf.dll]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 08:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-07-02 13:03 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 04:00 45056]
"CTHelper"="CTHELPER.EXE" [2003-10-06 17:57 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 21:06 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 04:00 90112]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 21:44 65536]
"Disk Monitor"="C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe" [2003-06-18 05:57 466944]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 04:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-23 19:29 180269]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-19 10:06 110592]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 10:06 11776]
"NI.UWFX5"="C:\Documents and Settings\Lisa Ellis\Local Settings\Temporary Internet Files\Content.IE5\4ZXREUZ5\WinFixer2005ScannerInstall[1].exe" [ ]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 17:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 11:49 163840]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 21:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-19 00:09 98304]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 12:26 7700480]
"nwiz"="nwiz.exe" [2007-04-19 12:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 12:26 86016]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 10:24 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18 241664]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 02:14 188416]
"HostManager"="C:\Program Files\Common Files\AOL\1188262221\ee\AOLSoftware.exe" [2006-09-25 19:52 50736]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"drmsrv32"="C:\DOCUME~1\MEGANE~1\LOCALS~1\Temp\ssmmt.exe" [ ]

C:\Documents and Settings\Lisa Ellis\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]

C:\Documents and Settings\Megan Ellis\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2005-10-07 14:54:38]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]

C:\Documents and Settings\Marc Ellis\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-04-26 13:32:00]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-08-29 22:30:05]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-01-01 20:12:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"72C1eF42hG"= rundll32.exe "C:\WINDOWS\KBOpt\svunuvgl.dll",DllCleanServer

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"AOL Uninstaller"= {CC18EA8A-3867-5BA4-31C8-B13DA39932BD} - c:\program files\common files\aol\wcdfc9.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dvdcmd]
C:\WINDOWS\repair\dvdcmd.dll

R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-06-22 14:03]

.
**************************************************************************

disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk not found C:\

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\KBOpt\svunuvgl.dll
-> C:\Program Files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
.
Completion time: 2008-01-02 13:17:43 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-02 18:16:52
.
2007-12-31 02:02:45 --- E O F ---

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:59 AM

Posted 03 January 2008 - 09:03 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.


Folder::
C:\WINDOWS\nwkejgms
C:\WINDOWS\rorudvlu
C:\WINDOWS\KBOpt
C:\Program Files\Snap Visual Search

File::
C:\WINDOWS\dglmbahg.dll
C:\WINDOWS\ahknoliv.dll
C:\WINDOWS\system32\jpewocmz.ini
C:\WINDOWS\repair\dmcdvd.bak1
C:\WINDOWS\repair\dmcdvd.bak2
C:\WINDOWS\repair\dmcdvd.ini2

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{55570d6a-1dd2-11b2-8ffc-80783474ac73}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8600AC1E-BE58-4FFC-BD5D-F2A8EC38C838}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f8e2cb56-1dd1-11b2-a97f-bf2f904a0e7f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NI.UWFX5"=-
"drmsrv32"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"72C1eF42hG"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dvdcmd]

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


================



Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



===============


Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

So in your next post I need to see the log from combofix and the log from SuperAntispyware.
Let me know how your computer is running. Any difference yet?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 caradoc

caradoc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 03 January 2008 - 11:26 PM

OK! First, things were running better after the first round and much better now! Here are the latest logs...

COMBOFIX:

ComboFix 07-12-31.4 - Marc Ellis 2008-01-03 20:48:46.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.592 [GMT -5:00]
Running from: C:\Documents and Settings\Marc Ellis\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Marc Ellis\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\ahknoliv.dll
C:\WINDOWS\dglmbahg.dll
C:\WINDOWS\repair\dmcdvd.bak1
C:\WINDOWS\repair\dmcdvd.bak2
C:\WINDOWS\repair\dmcdvd.ini2
C:\WINDOWS\system32\jpewocmz.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Snap Visual Search
C:\Program Files\Snap Visual Search\firefox\chrome.manifest
C:\Program Files\Snap Visual Search\firefox\chrome\snaptoolbar.jar
C:\Program Files\Snap Visual Search\firefox\install.rdf
C:\Program Files\Snap Visual Search\snapbar.dll
C:\Program Files\Snap Visual Search\uninstall.exe
C:\WINDOWS\ahknoliv.dll
C:\WINDOWS\dglmbahg.dll
C:\WINDOWS\KBOpt
C:\WINDOWS\KBOpt\krkfivgh.dll
C:\WINDOWS\KBOpt\svunuvgl.dll
C:\WINDOWS\nwkejgms
C:\WINDOWS\nwkejgms\1.png
C:\WINDOWS\nwkejgms\2.png
C:\WINDOWS\nwkejgms\3.png
C:\WINDOWS\nwkejgms\4.png
C:\WINDOWS\nwkejgms\5.png
C:\WINDOWS\nwkejgms\6.png
C:\WINDOWS\nwkejgms\7.png
C:\WINDOWS\nwkejgms\8.png
C:\WINDOWS\nwkejgms\9.png
C:\WINDOWS\nwkejgms\bottom-rc.gif
C:\WINDOWS\nwkejgms\config.png
C:\WINDOWS\nwkejgms\content.png
C:\WINDOWS\nwkejgms\download.gif
C:\WINDOWS\nwkejgms\frame-bg.gif
C:\WINDOWS\nwkejgms\frame-bottom-left.gif
C:\WINDOWS\nwkejgms\frame-h1bg.gif
C:\WINDOWS\nwkejgms\head.png
C:\WINDOWS\nwkejgms\icon.png
C:\WINDOWS\nwkejgms\index.html
C:\WINDOWS\nwkejgms\main.css
C:\WINDOWS\nwkejgms\memory-prots.png
C:\WINDOWS\nwkejgms\net.png
C:\WINDOWS\nwkejgms\pc-mag.gif
C:\WINDOWS\nwkejgms\pc.gif
C:\WINDOWS\nwkejgms\poloska1.png
C:\WINDOWS\nwkejgms\poloska2.png
C:\WINDOWS\nwkejgms\poloska3.png
C:\WINDOWS\nwkejgms\promo1.html
C:\WINDOWS\nwkejgms\promo10.html
C:\WINDOWS\nwkejgms\promo11.html
C:\WINDOWS\nwkejgms\promo12.html
C:\WINDOWS\nwkejgms\promo13.html
C:\WINDOWS\nwkejgms\promo14.html
C:\WINDOWS\nwkejgms\promo15.html
C:\WINDOWS\nwkejgms\promo16.html
C:\WINDOWS\nwkejgms\promo17.html
C:\WINDOWS\nwkejgms\promo18.html
C:\WINDOWS\nwkejgms\promo2.html
C:\WINDOWS\nwkejgms\promo3.html
C:\WINDOWS\nwkejgms\promo4.html
C:\WINDOWS\nwkejgms\promo5.html
C:\WINDOWS\nwkejgms\promo6.html
C:\WINDOWS\nwkejgms\promo7.html
C:\WINDOWS\nwkejgms\promo8.html
C:\WINDOWS\nwkejgms\promo9.html
C:\WINDOWS\nwkejgms\reg.png
C:\WINDOWS\nwkejgms\repair.png
C:\WINDOWS\nwkejgms\scr-1.png
C:\WINDOWS\nwkejgms\scr-2.png
C:\WINDOWS\nwkejgms\start.png
C:\WINDOWS\nwkejgms\styles.css
C:\WINDOWS\nwkejgms\top-rc.gif
C:\WINDOWS\nwkejgms\vline.gif
C:\WINDOWS\nwkejgms\wp.png
C:\WINDOWS\PerfInfo
C:\WINDOWS\PerfInfo\72C1eF42hG.exe
C:\WINDOWS\repair\dmcdvd.bak1
C:\WINDOWS\repair\dmcdvd.bak2
C:\WINDOWS\repair\dmcdvd.ini2
C:\WINDOWS\rorudvlu
C:\WINDOWS\rorudvlu\1.png
C:\WINDOWS\rorudvlu\2.png
C:\WINDOWS\rorudvlu\3.png
C:\WINDOWS\rorudvlu\4.png
C:\WINDOWS\rorudvlu\5.png
C:\WINDOWS\rorudvlu\6.png
C:\WINDOWS\rorudvlu\7.png
C:\WINDOWS\rorudvlu\8.png
C:\WINDOWS\rorudvlu\9.png
C:\WINDOWS\rorudvlu\bottom-rc.gif
C:\WINDOWS\rorudvlu\config.png
C:\WINDOWS\rorudvlu\content.png
C:\WINDOWS\rorudvlu\download.gif
C:\WINDOWS\rorudvlu\frame-bg.gif
C:\WINDOWS\rorudvlu\frame-bottom-left.gif
C:\WINDOWS\rorudvlu\frame-h1bg.gif
C:\WINDOWS\rorudvlu\head.png
C:\WINDOWS\rorudvlu\icon.png
C:\WINDOWS\rorudvlu\index.html
C:\WINDOWS\rorudvlu\main.css
C:\WINDOWS\rorudvlu\memory-prots.png
C:\WINDOWS\rorudvlu\net.png
C:\WINDOWS\rorudvlu\pc-mag.gif
C:\WINDOWS\rorudvlu\pc.gif
C:\WINDOWS\rorudvlu\poloska1.png
C:\WINDOWS\rorudvlu\poloska2.png
C:\WINDOWS\rorudvlu\poloska3.png
C:\WINDOWS\rorudvlu\promo1.html
C:\WINDOWS\rorudvlu\promo10.html
C:\WINDOWS\rorudvlu\promo11.html
C:\WINDOWS\rorudvlu\promo12.html
C:\WINDOWS\rorudvlu\promo13.html
C:\WINDOWS\rorudvlu\promo14.html
C:\WINDOWS\rorudvlu\promo15.html
C:\WINDOWS\rorudvlu\promo16.html
C:\WINDOWS\rorudvlu\promo17.html
C:\WINDOWS\rorudvlu\promo18.html
C:\WINDOWS\rorudvlu\promo2.html
C:\WINDOWS\rorudvlu\promo3.html
C:\WINDOWS\rorudvlu\promo4.html
C:\WINDOWS\rorudvlu\promo5.html
C:\WINDOWS\rorudvlu\promo6.html
C:\WINDOWS\rorudvlu\promo7.html
C:\WINDOWS\rorudvlu\promo8.html
C:\WINDOWS\rorudvlu\promo9.html
C:\WINDOWS\rorudvlu\reg.png
C:\WINDOWS\rorudvlu\repair.png
C:\WINDOWS\rorudvlu\scr-1.png
C:\WINDOWS\rorudvlu\scr-2.png
C:\WINDOWS\rorudvlu\start.png
C:\WINDOWS\rorudvlu\styles.css
C:\WINDOWS\rorudvlu\top-rc.gif
C:\WINDOWS\rorudvlu\vline.gif
C:\WINDOWS\rorudvlu\wp.png
C:\WINDOWS\system32\jpewocmz.ini

.
((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))
.

2008-01-02 13:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 23:05 . 2008-01-02 00:22 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-01 19:06 . 2008-01-01 20:29 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-01 19:06 . 2008-01-01 19:06 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-01 19:06 . 2008-01-01 19:06 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-01 19:06 . 2008-01-01 19:06 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-01 17:45 . 2008-01-01 17:44 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-01 17:44 . 2008-01-01 17:59 <DIR> d-------- C:\Documents and Settings\Marc Ellis\.housecall6.6
2007-12-31 00:34 . 2007-12-31 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-30 23:54 . 2007-12-30 23:54 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2007-12-30 23:54 . 2007-12-30 23:54 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2007-12-29 23:23 . 2007-12-29 23:23 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-29 23:23 . 2006-10-04 09:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-29 23:23 . 2006-10-04 09:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-29 23:23 . 2006-10-04 09:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-12-29 23:21 . 2007-12-29 23:21 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-29 23:21 . 2007-12-29 23:22 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-20 01:54 . 2007-12-20 01:54 <DIR> d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-12-20 01:54 . 2001-11-30 19:05 131,072 --a------ C:\WINDOWS\system32\dzip32.dll
2007-12-20 01:54 . 2001-11-30 19:05 110,592 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-12-16 19:53 . 2007-12-16 19:53 <DIR> d-------- C:\Documents and Settings\Megan Ellis\Application Data\Dealio
2007-12-16 19:20 . 2007-12-16 19:20 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-12-16 19:16 . 2007-12-16 19:19 <DIR> d-------- C:\Program Files\Morpheus Photo Animation Suite
2007-12-16 19:16 . 2007-12-16 19:16 <DIR> d-------- C:\Documents and Settings\Marc Ellis\Application Data\Morpheus Software
2007-12-16 18:21 . 2007-12-16 18:21 <DIR> d-------- C:\epson
2007-12-14 09:52 . 2007-12-14 09:52 <DIR> d-------- C:\Documents and Settings\Marc Ellis\Citrix
2007-12-14 09:52 . 2007-12-14 09:52 81 --a------ C:\CTX.DAT
2007-12-05 10:17 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 23:54 --------- d-----w C:\Program Files\Steam
2008-01-02 01:15 --------- d-----w C:\Program Files\QuickTime
2008-01-02 01:10 --------- d-----w C:\Program Files\Google
2008-01-02 00:01 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-31 02:07 --------- d-----w C:\Program Files\LimeWire
2007-12-30 06:46 10,646 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-28 14:38 86,016 ----a-w C:\Documents and Settings\Marc Ellis\IDHWTSS1.dll
2007-12-28 14:38 81,920 ----a-w C:\Documents and Settings\Marc Ellis\hobjni.dll
2007-12-16 23:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-14 14:49 --------- d-----w C:\Program Files\Juniper Networks
2007-12-12 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-05 15:17 --------- d-----w C:\Program Files\Java
2007-11-30 05:11 --------- d-----w C:\Documents and Settings\Marc Ellis\Application Data\Juniper Networks
2007-11-22 21:09 --------- d-----w C:\Program Files\America Online 9.0
2007-11-18 23:21 --------- d-----w C:\Program Files\Comcast Play Games
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 15:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2005-10-22 05:37 36,868 ----a-w C:\Documents and Settings\Marc Ellis\PrtDLL.dll
2005-07-01 05:06 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2007-11-29 21:09 1266936]
"LDM"="\Program\BackWeb-8876480.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 08:10 68856]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 10:06 118784 C:\WINDOWS\system32\ptipbmf.dll]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 08:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-07-02 13:03 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 04:00 45056]
"CTHelper"="CTHELPER.EXE" [2003-10-06 17:57 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 21:06 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 04:00 90112]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 21:44 65536]
"Disk Monitor"="C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe" [2003-06-18 05:57 466944]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 04:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-23 19:29 180269]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-19 10:06 110592]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 10:06 11776]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 17:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 11:49 163840]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 21:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-19 00:09 98304]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 12:26 7700480]
"nwiz"="nwiz.exe" [2007-04-19 12:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 12:26 86016]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 10:24 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18 241664]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 02:14 188416]
"HostManager"="C:\Program Files\Common Files\AOL\1188262221\ee\AOLSoftware.exe" [2006-09-25 19:52 50736]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

C:\Documents and Settings\Lisa Ellis\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]

C:\Documents and Settings\Megan Ellis\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2005-10-07 14:54:38]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]

C:\Documents and Settings\Marc Ellis\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-04-26 13:32:00]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-08-29 22:30:05]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-01-01 20:12:47]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"AOL Uninstaller"= {CC18EA8A-3867-5BA4-31C8-B13DA39932BD} - c:\program files\common files\aol\wcdfc9.dll [ ]


.
**************************************************************************

disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk not found C:\

**************************************************************************
.
Completion time: 2008-01-03 20:53:10
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-04 01:52:19
C:\qoobox\ComboFix2.txt 2008-01-02 18:17:43
.
2007-12-31 02:02:45 --- E O F ---


And the SUPERAntispyware log:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/03/2008 at 11:03 PM

Application Version : 3.9.1008

Core Rules Database Version : 3373
Trace Rules Database Version: 1368

Scan type : Complete Scan
Total Scan Time : 01:58:18

Memory items scanned : 537
Memory threats detected : 0
Registry items scanned : 7284
Registry threats detected : 0
File items scanned : 98489
File threats detected : 18

Adware.Tracking Cookie
C:\Documents and Settings\Marc Ellis\Cookies\marc_ellis@2o7[2].txt

Trojan.Security Toolbar
C:\Documents and Settings\Marc Ellis\Favorites\Antivirus Test Online.url

Adware.AdSponsor/ISM
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QDRDRIVE\QDRDRIVE9.DLL.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QDRPACK\QDRPACK11.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96B654D3-A29F-4E54-BF5C-AA8374A606E4}\RP1262\A0128056.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96B654D3-A29F-4E54-BF5C-AA8374A606E4}\RP1262\A0128058.EXE

Rogue.WinPerformance
C:\QOOBOX\QUARANTINE\C\WINDOWS\PERFINFO\72C1EF42HG.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96B654D3-A29F-4E54-BF5C-AA8374A606E4}\RP1262\A0128052.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96B654D3-A29F-4E54-BF5C-AA8374A606E4}\RP1264\A0128188.EXE

Trojan.Downloader-FakeRX
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\EGMULHXK.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96B654D3-A29F-4E54-BF5C-AA8374A606E4}\RP1262\A0128127.DLL

Trojan.Unclassified/LPCYWINP
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LPCYWINP.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96B654D3-A29F-4E54-BF5C-AA8374A606E4}\RP1262\A0128126.EXE

Trojan.Unclassified/Out-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96B654D3-A29F-4E54-BF5C-AA8374A606E4}\RP1262\A0128050.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96B654D3-A29F-4E54-BF5C-AA8374A606E4}\RP1264\A0128194.DLL

Trojan.Downloader-Gen/MobRules
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96B654D3-A29F-4E54-BF5C-AA8374A606E4}\RP1262\A0128051.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96B654D3-A29F-4E54-BF5C-AA8374A606E4}\RP1264\A0128195.DLL

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\OT.ICO



Thanks!

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:59 AM

Posted 04 January 2008 - 06:28 PM

Looks good!
Let's get one more look at your hijackthis log just to be sure and then I'll post some security recommendations for you.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 caradoc

caradoc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 05 January 2008 - 03:47 AM

OK Sam, here ya go...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:41:56 AM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\AOL\1188262221\ee\AOLSoftware.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isp.netscape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: SuperBar - {D0169048-EDCA-4E8F-AFA0-80D750622A29} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Snap Visual Search - {EF56413F-9398-4DF5-BC88-6FC3B227D5C5} - C:\Program Files\Snap Visual Search\snapbar.dll (file missing)
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1188262221\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://playgames.comcast.net/online2/pirat...rs.1.0.0.32.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp...302/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://remoteoffice.citigroup.com/dana-cac...perSetupSP1.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://playgames.comcast.net/online2/mahjo...ameLauncher.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...tupv2.0.0.9.cab?
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: AOL Uninstaller - {CC18EA8A-3867-5BA4-31C8-B13DA39932BD} - c:\program files\common files\aol\wcdfc9.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13240 bytes


Thanks again!

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:59 AM

Posted 05 January 2008 - 07:25 AM

Looks good. Just a little cleaning up to do.

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: SuperBar - {D0169048-EDCA-4E8F-AFA0-80D750622A29} - (no file)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp...302/Coupons.cab
O21 - SSODL: AOL Uninstaller - {CC18EA8A-3867-5BA4-31C8-B13DA39932BD} - c:\program files\common files\aol\wcdfc9.dll (file missing)



And finally, let's get rid of Combofix now that we're done with it.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

    • Posted Image
  • When shown the disclaimer, Select "2"
The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.


==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:blink: :thumbsup:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 caradoc

caradoc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 05 January 2008 - 01:07 PM

Thank you very much Buckeye_Sam. Another excellent experience with bleepingcomputer!

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:59 AM

Posted 06 January 2008 - 08:39 AM

I'm glad I could help you out! :thumbsup:

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users