Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cid Infestation Help Needed


  • This topic is locked This topic is locked
7 replies to this topic

#1 pomtuftsgalore

pomtuftsgalore

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 05 January 2008 - 10:18 PM

CiD Popups are a pain! [/size][size="4"]They keep coming up and the problem is is it has got into my files and registry and my computer is as slow as me!!
NOT GOOD!

Ive tried everything Ad-aware all the free stuff plus i have norton..
Turned my pop-up blockers up full you name it ive done it but the bastards just keep coming back!!

Ive run hijack this in safe and found gridbluememo\oncebyte so thats gone but i found sites that i havent been on before...
so hears my log see if any of you guys can tell me which to delete or how to fix etc..plus how to stop processes running and making my puter slow..the list of process running is under this long list lol
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Liz\Desktop\HijackThis_199.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.orange.co.uk/iesearch/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
R3 - URLSearchHook: (no name) - {4FBACD73-F67C-42AE-B46A-03960AFE3DFB} - C:\PROGRA~1\ORANGE~1\TOOLBA~2.DLL
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9B095999-2424-D24D-CE30-F1BF4220207E} - C:\DOCUME~1\Liz\APPLIC~1\LISTEX~1\mp3sixth.exe (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Orange Toolbar - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer192.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [QSearch] c:\windows\system32\qsearch.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cool third bike bat] C:\Documents and Settings\All Users\Application Data\cdrom heart cool third\Poll each.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [OptionBlueNurbAbout] C:\Documents and Settings\All Users\Application Data\Meow Flaw Option Blue\Curb Delete.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [thetrans] C:\DOCUME~1\Liz\APPLIC~1\ACESIG~1\Internet Bags.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm080MMGB
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?2f317a0913bb47a1bcd3de48ab170912
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?2f317a0913bb47a1bcd3de48ab170912
O9 - Extra button: Erotic - {2648BB17-1868-48d3-9A85-7C77F13A2288} - http://www.erotic.co.uk?ref=9999 (file missing)
O9 - Extra 'Tools' menuitem: Erotic... - {2648BB17-1868-48d3-9A85-7C77F13A2288} - http://www.erotic.co.uk?ref=9999 (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: IQ Test - {D9FA68E1-AEE2-48d8-B03D-C37DC602554E} - http://www.personaltest.co.uk (file missing)
O9 - Extra 'Tools' menuitem: IQ Test... - {D9FA68E1-AEE2-48d8-B03D-C37DC602554E} - http://www.personaltest.co.uk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/PPInstaller.exe
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {C56CE781-A6FC-4706-8B32-6EB4622155DF} - http://plugin.euro-infomedia.com/mpv0.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

RUNNING PROCESS IN TASK MANAGER

ALG.EXE
IEXPLORER.EXE
mmc.exe
ccApp.exe
jusched.exe
MWSOEMON.EXE
qttask.exe
ccSvcHst.exe
WLService.exe
AluSchedulerSvc
LEXPPS.EXE
realsched.exe
LEXBCES.EXE
svchost.exe
aawservice.exe
WkCalRem.exe
OSD.exe
Wlancfg4.exe
svchost.exe
svchost.exe
svchost.exe
symlcsv.exe
lsass.exe
services.exe
winlogo.exe
csrss.exe
smss.exe
CTSVCCDA.EXE
explorer.exe
WLLoginProxy.exe
WLanCfgG.exe
devldr32.exe

PLEASE HELP IF YOU CAN THANKS!!!

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:03 PM

Posted 06 January 2008 - 02:22 AM

Hi,

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 pomtuftsgalore

pomtuftsgalore
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 06 January 2008 - 04:13 PM

Thanks for reading my post
heres the list!!

Ad-Aware 2007
Adobe Acrobat 4.0, 5.0
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 6.0
AppCore
ATI Display Driver
AV
ccCommon
CE-5330 Digital Camera Driver
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Dell Photo Printer 720
Dell Photo Printer 720 Logger
Dell Solution Center
DellTouch
Google Toolbar for Internet Explorer
Guitar Pro 4
HijackThis 1.99.1
Intel Application Accelerator
J2SE Runtime Environment 5.0 Update 3
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 3.1 (Symantec Corporation)
LRC Editor 4.0 (remove only)
MA111 Configuration Utility
Macromedia Flash Player 8
Macromedia Shockwave Player
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Data Access Components KB870669
Microsoft Works 6.0
Modem Helper
MP3 Player Utilities
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
My Web Search (My Fun Cards)
Network Play System (Patching)
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
nscntrl
OneCare Advisor (Windows Live Toolbar)
Orange Livebox
Orange Toolbar
Popup Blocker (Windows Live Toolbar)
PowerDVD
QuickTime
RealPlayer
Runtime 8.0 Libraries
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Shockwave
Smart Menus (Windows Live Toolbar)
Sound Blaster Live! Value
SPBBC 32bit
SymNet
Tabbed Browsing (Windows Live Toolbar)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Viewpoint Media Player
Weather tool
Window Searching
Window Active
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885295
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086

How many hotfixs does window need lol

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:03 PM

Posted 06 January 2008 - 05:08 PM

Hi,

The reason why I asked this uninstall list is because I was wondering with what program these CID popups appeared. Because in most of the cases, this one is bundled with a program you installed recently.
This is useful information for me, this in order to update a database.

Anyway, uninstall next programs via software > add/remove programs:

My Web Search (My Fun Cards)
nscntrl


Then reboot.

After reboot, * Download ComboFix from here.
**Save it to your desktop**

In case you have used Combofix before, please delete the version you are having and redownload it again, because Combofix is being updated everyday.

In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your scanner and redownload Combofix again. Because some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.


* Doubleclick combofix.exe
Follow the prompts.
Note - Your internet connection will be terminated while ComboFix runs. Do Not attempt to re-enable it. Should ComboFix terminate prematurely, restart the computer to restore connectivity.
Don't click on the window while the fix is running, because that will cause your system to hang.
In case you see a sed.cfexe error with the option to send a report or not, choose "don't send".

When finished and after reboot (in case it rebooted), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt.
Post the contents of this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Normally Combofix is not required to deal with this infection, since this infection is easy to kill, but as I said, I want to know with what program this infection came with, so the Combofix log should show what programs you recently installed, so I can compare the date/time.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:03 PM

Posted 06 January 2008 - 05:11 PM

Extra question..

Open Hijackthis
Click Misc Tools below
Click Open Uninstall Manager
Select each of the following entries - don't do anything with them, only select them one by one:

Weather tool
Window Searching
Window Active


And let me know what is displayed in the Uninstall command field next to it (on the right).
So for each of above three entries, you should have a different uninstall command.
copy and paste these uninstall commands in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 pomtuftsgalore

pomtuftsgalore
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 06 January 2008 - 07:36 PM

heres the Combofix log

Running from: C:\Documents and Settings\Liz\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\002E1ED2.bin
C:\Program Files\MyWebSearch\bar\Cache\002E2366.bin
C:\Program Files\MyWebSearch\bar\Cache\002E252B.bin
C:\Program Files\MyWebSearch\bar\Cache\00387668
C:\Program Files\MyWebSearch\bar\Cache\004F7D6D.bin
C:\Program Files\MyWebSearch\bar\Cache\004F856C.bin
C:\Program Files\MyWebSearch\bar\Cache\004F949E.bin
C:\Program Files\MyWebSearch\bar\Cache\004F9F0E.bin
C:\Program Files\MyWebSearch\bar\Cache\0066DE69.bin
C:\Program Files\MyWebSearch\bar\Cache\0066E723.bin
C:\Program Files\MyWebSearch\bar\Cache\0066F4B0.bin
C:\Program Files\MyWebSearch\bar\Cache\0066F888.bin
C:\Program Files\MyWebSearch\bar\Cache\0066FCCE.bin
C:\Program Files\MyWebSearch\bar\Cache\00670114.bin
C:\Program Files\MyWebSearch\bar\Cache\006704AE.bin
C:\Program Files\MyWebSearch\bar\Cache\00670809.bin
C:\Program Files\MyWebSearch\bar\Cache\00670CCC
C:\Program Files\MyWebSearch\bar\Cache\010C4E18
C:\Program Files\MyWebSearch\bar\Cache\01151E52.bin
C:\Program Files\MyWebSearch\bar\Cache\01152B52.bin
C:\Program Files\MyWebSearch\bar\Cache\01152D46
C:\Program Files\MyWebSearch\bar\Cache\011B5255
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\WINDOWS\Fonts\acrsec.fon
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\f3PSSavr.scr
C:\Program Files\MyWebSearch

.
((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 )))))))))))))))))))))))))))))))
.

2008-01-06 23:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 16:08 . 2008-01-06 16:08 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\AdobeUM
2008-01-06 15:41 . 2008-01-06 15:41 <DIR> d-------- C:\WINDOWS\Cache
2008-01-06 14:31 . 2008-01-06 15:51 <DIR> d-------- C:\Program Files\CE-5330
2008-01-06 14:31 . 2004-03-17 07:00 114,688 --a------ C:\WINDOWS\SYSTEM32\JpegCode.dll
2008-01-06 14:31 . 2004-03-17 06:59 46,944 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\CoachUsb.sys
2008-01-06 14:31 . 2004-03-17 07:00 44,256 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\CoachVc.sys
2008-01-06 14:31 . 2004-03-17 06:59 16,896 --a------ C:\WINDOWS\SYSTEM32\CoachDlg.dll
2008-01-06 14:31 . 2004-03-17 07:00 8,192 --a------ C:\WINDOWS\SYSTEM32\CoachWrp.dll
2008-01-06 14:31 . 2004-03-17 06:59 5,632 --a------ C:\WINDOWS\SYSTEM32\CoachSti.dll
2008-01-06 13:26 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\SYSTEM32\ptpusd.dll
2008-01-06 13:26 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
2008-01-06 13:26 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\usbscan.sys
2008-01-06 13:26 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\SYSTEM32\ptpusb.dll
2008-01-06 00:41 . 2008-01-06 00:41 10,624 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxark.sys
2008-01-06 00:33 . 2008-01-06 00:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-06 00:28 . 2008-01-06 00:41 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\PrevxCSI
2008-01-05 17:36 . 2002-04-30 19:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-30 18:20 . 2008-01-06 15:01 <DIR> d-------- C:\Program Files\Orange Toolbar UK
2007-12-30 18:20 . 2007-02-05 14:16 583,774 --a------ C:\WINDOWS\Orange_Vista.ico
2007-12-30 18:20 . 2007-02-05 12:49 25,214 --a------ C:\WINDOWS\Orange.ico
2007-12-30 18:20 . 2007-03-01 11:23 15,086 --a------ C:\WINDOWS\uninstall_livebox.ico
2007-12-30 18:20 . 2007-03-01 11:23 15,086 --a------ C:\WINDOWS\livebox.ico
2007-12-30 18:19 . 2007-12-30 18:19 <DIR> d-------- C:\Program Files\Orange
2007-12-29 16:45 . 2007-12-29 16:45 4,095 --a------ C:\WINDOWS\~VS4B.tmp
2007-12-11 03:37 . 2007-12-11 03:37 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-11 03:37 . 2007-12-11 03:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-11 02:49 . 2008-01-05 20:33 4,086 --a------ C:\WINDOWS\Active Setup Log.BAK
2007-12-11 02:03 . 2004-08-04 12:00 1,875,968 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2007-12-11 02:02 . 2004-08-04 12:00 13,463,552 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2007-12-11 02:01 . 2004-08-04 12:00 1,677,824 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2007-12-11 02:00 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\fp4awel.dll
2007-12-11 01:58 . 2007-12-11 01:58 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2007-12-11 01:58 . 2007-12-11 01:58 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
2007-12-11 01:58 . 2007-12-11 01:58 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2007-12-11 01:58 . 2007-12-11 01:58 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2007-12-11 01:58 . 2007-12-11 01:58 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2007-12-11 01:56 . 2004-08-04 12:00 81,920 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msado27.tlb
2007-12-11 01:56 . 2004-08-04 12:00 18,432 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2007-12-11 01:53 . 2004-08-04 12:00 259,072 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\snmpcl.dll
2007-12-11 01:53 . 2004-08-04 12:00 40,448 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\snmpthrd.dll
2007-12-11 00:12 . 2007-12-11 02:20 1,596 --a------ C:\WINDOWS\SYSTEM32\wpa.bak
2007-12-10 23:49 . 2004-08-04 12:00 2,479,616 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msoeres.dll
2007-12-10 23:40 . 2001-08-18 12:00 1,085,913 -ra------ C:\WINDOWS\SETE5.tmp
2007-12-10 23:40 . 2001-08-18 12:00 13,608 -ra------ C:\WINDOWS\SETF1.tmp
2007-12-10 23:40 . 2001-08-18 12:00 7,046 -ra------ C:\WINDOWS\SET103.tmp
2007-12-10 23:27 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\splitter.sys
2007-12-10 23:26 . 2004-08-03 22:59 57,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys
2007-12-10 23:25 . 2004-08-04 00:56 130,048 --a------ C:\WINDOWS\SYSTEM32\ksproxy.ax
2007-12-10 23:25 . 2004-08-04 00:56 4,096 --a------ C:\WINDOWS\SYSTEM32\ksuser.dll
2007-12-10 23:24 . 2004-08-04 01:01 40,840 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys
2007-12-10 23:21 . 2004-08-04 12:00 146,432 --a------ C:\WINDOWS\SYSTEM\WINSPOOL.DRV
2007-12-10 23:21 . 2004-08-04 00:56 74,752 --a------ C:\WINDOWS\SYSTEM32\storprop.dll
2007-12-10 23:21 . 2007-12-11 01:46 34 --a------ C:\WINDOWS\SYSTEM\oeminfo.ini
2007-12-10 23:20 . 2001-08-18 12:00 1,085,913 -ra------ C:\WINDOWS\SETE7.tmp
2007-12-10 23:20 . 2001-08-18 12:00 13,608 -ra------ C:\WINDOWS\SETF3.tmp
2007-12-10 23:20 . 2001-08-18 12:00 7,046 -ra------ C:\WINDOWS\SET105.tmp
2007-12-08 12:27 . 2007-12-08 12:28 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\VideoEgg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-07 23:59 --------- d-----w C:\Program Files\MSN Messenger
2008-01-07 23:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-06 20:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-11 03:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-06 12:42 --------- d-----w C:\Program Files\Image Converter EXE
2007-12-06 12:39 --------- d-----w C:\Program Files\Jasc Software Inc
2007-12-05 21:28 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-05 21:27 --------- d-----w C:\Program Files\Windows Live Favorites
2007-12-04 01:44 --------- d-----w C:\Program Files\Norton Internet Security
2007-12-04 01:24 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-04 01:24 60,800 ----a-w C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2007-12-04 01:24 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-04 01:24 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-04 01:24 --------- d-----w C:\Program Files\Symantec
2007-11-09 00:04 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-08 19:35 --------- d-----w C:\Documents and Settings\Liz\Application Data\Ace Sign Roam
2007-11-08 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Meow Flaw Option Blue
2007-11-08 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-08 17:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-08 16:46 --------- d-----w C:\Program Files\Belkin
2004-11-29 16:43 36 -c--a-w C:\Documents and Settings\Liz\klextlock.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B095999-2424-D24D-CE30-F1BF4220207E}]
C:\DOCUME~1\Liz\APPLIC~1\LISTEX~1\mp3sixth.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{5FF05CC5-06FF-4F28-A6F1-12D8796817CC}"= C:\PROGRA~1\LISTEX~1\Safe scr.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{5ff05cc5-06ff-4f28-a6f1-12d8796817cc}]
[HKEY_CLASSES_ROOT\send.InsideSettings.1]
[HKEY_CLASSES_ROOT\send.InsideSettings]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"thetrans"="C:\DOCUME~1\Liz\APPLIC~1\ACESIG~1\Internet Bags.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellTouch"="C:\WINDOWS\DELLMMKB.EXE" [2001-09-23 06:14 163840]
"UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 00:00 90112]
"AHQInit"="C:\Program Files\Creative\SBLive\Program\AHQInit.exe" [2001-03-28 00:00 102400]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-07-13 19:00 24576]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-13 19:00 311350]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 19:00 28739]
"QSearch"="c:\windows\system32\qsearch.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-06-24 18:56 180269]
"Cool third bike bat"="C:\Documents and Settings\All Users\Application Data\cdrom heart cool third\Poll each.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-03-10 17:19 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48 36975]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 07:04 84640]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-06 01:22 26248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 12:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-07-06 20:41:35]
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [2007-07-03 12:46:28]
MA111 Configuration Utility.lnk - C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe [2004-11-21 15:50:12]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-13 19:00:00]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli

R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2001-08-30 23:40]
R3 Msikbd2k;DellTouch;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-10-03 14:18]
S3 ati2mpaa;ati2mpaa;C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys [2001-08-17 11:48]
S3 NETGEAR_MA111;NETGEAR 802.11b MA111 Driver;C:\WINDOWS\system32\DRIVERS\MA111nd5.sys [2004-02-26 10:25]
S3 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-01-06 00:41]
S3 VM650FVM11;UMAX AstraSlim Scanner ProdID x0104;C:\WINDOWS\system32\Drivers\USB650C.sys []
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-18 12:00]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-08 00:00:02 C:\WINDOWS\Tasks\AC43697C91851BEC.job"
- c:\docume~1\liz\applic~1\acesig~1\Thatbait16.exe
"2008-01-08 00:14:05 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-04 20:03:57 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Liz.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-08 00:12:37
Windows 5.1.2600 Service Pack 2 NTFS


AGAIN thanks soooo much for helping me out

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:03 PM

Posted 07 January 2008 - 03:47 AM

Hi,

It is unclear here what version of Combofix you used.. because the Combofix log is not complete. I am missing parts of the header and missing parts of the bottom of the log. Please make sure, next time, after the next instructions that you copy and paste the complete log.

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\Tasks\AC43697C91851BEC.job

Folder::
C:\Documents and Settings\All Users\Application Data\cdrom heart cool third
C:\Documents and Settings\Liz\Application Data\Ace Sign Roam
C:\Documents and Settings\All Users\Application Data\Meow Flaw Option Blue
C:\PROGRA~1\LISTEX~1
C:\DOCUME~1\Liz\APPLIC~1\LISTEX~1

Suspect::[8]
C:\WINDOWS\system32\drivers\pxark.sys
C:\WINDOWS\SET103.tmp
C:\WINDOWS\SETF1.tmp

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B095999-2424-D24D-CE30-F1BF4220207E}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{5FF05CC5-06FF-4F28-A6F1-12D8796817CC}"=-
[-HKEY_CLASSES_ROOT\clsid\{5ff05cc5-06ff-4f28-a6f1-12d8796817cc}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"thetrans"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QSearch"=-
"Cool third bike bat"=-


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.
* it will create a zipped file on your Desktop - [8]-Submit_Date_Time.zip
* another file will be present on your desktop: CF-Submit.htm which will open after you ran Combofix.
* Where it says: "Submit files for further analysis", click OK and a browser Window will open. There you'll see: "copy/paste filepath into the box & click OK". You'll find the filepath below, so copy and paste this in the above field and click OK.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

Edited by miekiemoes, 07 January 2008 - 04:15 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:03 PM

Posted 17 January 2008 - 01:28 PM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users