Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tons Of Pop-ups, Need To Get Rid Of Them Please Help


  • This topic is locked This topic is locked
19 replies to this topic

#1 MetallicACDC

MetallicACDC

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 30 January 2008 - 05:14 PM

Recently I've been getting tons of pop-ups, please help me get rid of them fast. Hi Jack This log is below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:10:33 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\COMMON~1\MCROSO~1\svchost.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\SGltZXMx\command.exe
C:\Program Files\?ppPatch\n?lookup.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Michael\Desktop\GW Maps\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://64.28.180.123/privacyASP.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Michael\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\COMMON~1\MCROSO~1\svchost.exe" -vt yazb
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.8\webbuying.exe
O4 - HKCU\..\Run: [Loflf] "C:\Program Files\?ppPatch\n?lookup.exe"
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKUS\S-1-5-21-1292428093-362288127-839522115-1006\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe (User '?')
O4 - HKUS\S-1-5-21-1292428093-362288127-839522115-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1292428093-362288127-839522115-1006\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1292428093-362288127-839522115-1006\..\Run: [Aida] "C:\PROGRA~1\COMMON~1\MCROSO~1\svchost.exe" -vt yazb (User '?')
O4 - HKUS\S-1-5-21-1292428093-362288127-839522115-1006\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.8\webbuying.exe (User '?')
O4 - HKUS\S-1-5-21-1292428093-362288127-839522115-1006\..\Run: [Loflf] "C:\Program Files\?ppPatch\n?lookup.exe" (User '?')
O4 - HKUS\S-1-5-21-1292428093-362288127-839522115-1006\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe (User '?')
O4 - S-1-5-21-1292428093-362288127-839522115-1006 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User '?')
O4 - S-1-5-21-1292428093-362288127-839522115-1006 Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User '?')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198717033981
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200001719933
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Documents and Settings\Michael\Desktop\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SGltZXMx\command.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: gusvc - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service usnjsvcNVSvc (usnjsvcNVSvc) - Unknown owner - C:\WINDOWS\system32\accwizv.exe

--
End of file - 10646 bytes

BC AdBot (Login to Remove)

 


#2 MetallicACDC

MetallicACDC
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 01 February 2008 - 03:24 PM

*Bump* Can anyone help me out? :\

#3 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 04 February 2008 - 07:23 AM

Hi,

sorry for the delay. My name is Rosty and I'm going to help you with your log.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Posted Image
Proud member of ASAP since 2007

#4 MetallicACDC

MetallicACDC
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 04 February 2008 - 09:47 AM

Thanks for the reply :thumbsup: And by the way, I was looking through the log, and must add that "Bonjour" looks pretty suspicious since I do not remember creating that. Edit: I must note that I cannot install the Recovery Console because I do not have my Windows XP SP2 installation discs, and everyone I know has either a Mac or Vista. Sorry that I los tthe discs :blink:

Combo Fix log:

ComboFix 08-02.03.1 - Michael 2008-02-04 9:16:20.3 - NTFSx86

Running from: C:\Documents and Settings\Michael\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\byxxyab.dll
C:\WINDOWS\system32\kfgeiaml.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Guest\Application Data\wsnpoem
C:\Documents and Settings\Guest\Application Data\wsnpoem\audio.dll
C:\Documents and Settings\Guest\Application Data\wsnpoem\audio.dll.cla
C:\Documents and Settings\Guest\Application Data\wsnpoem\video.dll
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Michael\Application Data\SSTEM3~1
C:\Documents and Settings\Michael\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Michael\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Michael\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\mcroso~1
C:\Program Files\Common Files\mcroso~1\??pPatch\
C:\Program Files\Common Files\mcroso~1\svchost.exe
C:\Program Files\Common Files\stem32~1
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\pppatc~1
C:\Program Files\pppatc~1\n?lookup.exe
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\Program Files\Temporary\kernInst.exe.lzma
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\assys.dll
C:\WINDOWS\b116.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\bhwin.sys
C:\WINDOWS\ffnsys.dll
C:\WINDOWS\gstcore.dll
C:\WINDOWS\mfnsys.dll
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\rsczsys.dll
C:\WINDOWS\snsys.dll
C:\WINDOWS\system32\agfbglbt.ini
C:\WINDOWS\system32\audjyqth.dll
C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\byxxyab.dll
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
C:\WINDOWS\system32\hubjhbdx.ini
C:\WINDOWS\system32\kfgeiaml.dll
C:\WINDOWS\system32\kfgeiaml.dllbox
C:\WINDOWS\system32\khfpijkw.dll
C:\WINDOWS\system32\kkcmdpem.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qsmxaogs.dll
C:\WINDOWS\system32\qtvwa.ini
C:\WINDOWS\system32\qtvwa.ini2
C:\WINDOWS\system32\rqroonl.dll
C:\WINDOWS\system32\rqrqrpq.dll
C:\WINDOWS\system32\tblgbfga.dll
C:\WINDOWS\system32\xdbhjbuh.dll
C:\WINDOWS\uawin.dll
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\wbun.exe
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService


((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 )))))))))))))))))))))))))))))))
.

2008-02-04 09:34 . 2008-02-04 09:34 <DIR> d-------- C:\Temp\tn3
2008-02-04 09:28 . 2008-02-04 09:28 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-30 17:01 . 2008-01-30 17:01 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-30 16:57 . 2008-01-30 16:57 <DIR> d-------- C:\WINDOWS\system32\tps5
2008-01-30 16:57 . 2008-02-01 16:01 <DIR> d-------- C:\WINDOWS\system32\rip4
2008-01-30 16:57 . 2008-01-30 16:57 <DIR> d-------- C:\WINDOWS\system32\nGpxx01
2008-01-30 16:57 . 2008-02-01 16:01 <DIR> d-------- C:\WINDOWS\system32\gis6
2008-01-30 16:57 . 2008-01-31 17:15 <DIR> d-------- C:\WINDOWS\system32\dom1
2008-01-30 16:57 . 2008-02-01 16:03 <DIR> d--hs---- C:\WINDOWS\SGltZXMx
2008-01-30 16:57 . 2008-01-30 16:57 <DIR> d-------- C:\Temp\gTiis19
2008-01-30 16:57 . 2008-01-30 16:57 <DIR> d-------- C:\Temp\cXzz9
2008-01-30 16:57 . 2008-01-30 16:57 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-30 16:57 . 2008-01-30 16:57 86,016 --a------ C:\WINDOWS\system32\drivers\uagp355.sys
2008-01-30 16:57 . 2008-01-30 16:57 36,864 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2008-01-26 11:07 . 2008-01-26 11:08 <DIR> d-------- C:\Program Files\iTunes
2008-01-26 11:07 . 2008-01-26 11:07 <DIR> d-------- C:\Program Files\iPod
2008-01-26 10:32 . 2008-01-26 10:32 <DIR> d-------- C:\Data Files
2008-01-26 10:31 . 2008-01-26 10:31 <DIR> d-------- C:\Program Files\Red Chair Software
2008-01-26 10:31 . 2008-01-26 10:31 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Red Chair Software
2008-01-16 17:36 . 2008-01-16 17:36 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Grisoft
2008-01-16 17:35 . 2008-01-16 17:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-16 17:35 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-12 15:22 . 2008-01-12 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-10 19:29 . 2008-01-10 19:29 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-08 07:05 . 2008-01-08 07:05 0 --a------ C:\6E.tmp
2008-01-08 07:05 . 2008-01-08 07:05 0 --a------ C:\6D.tmp
2008-01-08 07:03 . 2008-01-08 07:03 0 --a------ C:\60.tmp
2008-01-08 07:02 . 2008-01-08 07:02 0 --a------ C:\4D.tmp
2008-01-07 21:57 . 2008-01-07 21:57 0 --a------ C:\46.tmp
2008-01-07 21:56 . 2008-01-07 21:56 0 --a------ C:\3A.tmp
2008-01-07 21:55 . 2008-01-07 21:55 0 --a------ C:\24.tmp
2008-01-07 21:54 . 2008-01-07 21:54 0 --a------ C:\F.tmp
2008-01-07 17:13 . 2008-01-07 17:14 506,940 --a------ C:\WINDOWS\system32\w32sys15.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 22:36 --------- d-----w C:\Program Files\EphPod
2008-02-01 21:46 --------- d-----w C:\Program Files\Bonjour
2008-02-01 21:40 --------- d-----w C:\Documents and Settings\Michael\Application Data\Xfire
2008-01-30 21:49 --------- d-----w C:\Program Files\Omerta Script
2008-01-27 23:04 --------- d-----w C:\Documents and Settings\Michael\Application Data\uTorrent
2008-01-26 16:05 --------- d-----w C:\Program Files\QuickTime
2008-01-24 22:36 --------- d-s---w C:\Program Files\Xfire
2008-01-04 00:17 --------- d-----w C:\Documents and Settings\Michael\Application Data\teamspeak2
2008-01-01 02:57 22,584 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-31 23:43 --------- d-----w C:\Program Files\Common Files\Real
2007-12-29 20:54 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-12-27 01:11 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-27 01:11 --------- d-----w C:\Program Files\Windows Live
2007-12-27 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-24 17:19 --------- d-----w C:\Program Files\Ventrilo
2007-12-24 17:19 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-12-24 17:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-24 17:19 --------- d-----w C:\Documents and Settings\Michael\Application Data\SUPERAntiSpyware.com
2007-12-23 16:52 53,760 ----a-w C:\Documents and Settings\Michael\xXx.exe
2007-12-22 23:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-22 22:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-21 23:23 --------- d-----w C:\Program Files\Sun
2007-12-21 23:23 --------- d-----w C:\Program Files\Java
2007-12-21 23:17 --------- d-----w C:\Program Files\Common Files\Java
2007-12-21 02:56 --------- d-----w C:\Documents and Settings\Dad\Application Data\Apple Computer
2007-09-24 21:21 51,422,520 ----a-w C:\Program Files\iTunes742Setup.exe
2006-11-16 13:05 0 ----a-w C:\Program Files\Common Files\err.log
2006-08-23 21:41 1,033,879 ----a-w C:\Program Files\wrar360.exe
2006-08-09 14:17 29,853,358 ----a-w C:\Program Files\DBViewer.rar
2006-08-09 14:08 23,510,720 ----a-w C:\Program Files\dotnetfx.exe
2006-02-05 06:15 2,010,624 ----a-w C:\Program Files\ventrilo-2.3.0-Windows-i386.exe
2005-08-28 03:59 3,266,519 ----a-w C:\Program Files\Teamspeak2_RC2.exe
2005-08-20 21:46 254 ----a-w C:\Program Files\Hey_Jude.asx
2005-07-05 05:18 7,290,120 ----a-w C:\Program Files\setup.exe
2005-07-05 05:18 1,002,752 ----a-w C:\Program Files\JournalViewer1.5_KB886179_ENU.exe
2005-05-04 10:31 1,103,367 ----a-w C:\Documents and Settings\Dad\s-t-i-n-g-e-r.exe
2005-05-01 02:16 2,636,408 ----a-w C:\Documents and Settings\All Users\aawsepersonal.exe
2005-05-01 02:10 49,152 ----a-w C:\Documents and Settings\All Users\pcOrionInstaller.exe
2005-05-01 01:57 876,492 ----a-w C:\Documents and Settings\All Users\noadware.exe
2005-05-01 01:33 534,104 ----a-w C:\Documents and Settings\All Users\psa2011_ytb01_DLM_enu_full.exe
2005-04-27 17:43 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2005-04-25 21:55 36,769,215 ----a-w C:\Program Files\dx90b_redist.exe
2004-08-04 07:56 755,200 ----a-r C:\Documents and Settings\Guest\Application Data\ntos.exe
2005-07-29 21:24 472 --sha-r C:\WINDOWS\SGltZXMx\m35QtrgU.vbs
2007-04-21 16:51 32,636 --sha-r C:\WINDOWS\system32\accwizv.exe
2007-05-08 23:06 32,660 --sha-r C:\WINDOWS\system32\appendv.exe
2007-04-10 13:15 32,108 --sha-r C:\WINDOWS\system32\arpr.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 21:27 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Loflf"="C:\Program Files\?ppPatch\n?lookup.exe" [ ]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [2008-01-30 17:01 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 10:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 10:51 118784]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-01-05 02:27 176128]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 16:28 49152]
"DXDllRegExe"="dxdllreg.exe" []
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-03-23 14:47 1111040]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 08:32 5537792]
"nwiz"="nwiz.exe" [2005-02-24 08:32 1495040 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 08:32 86016]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [ ]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 07:10 81990]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 03:11 135251]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 16:30 45632]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38 241664]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"!AVG Anti-Spyware"="C:\Documents and Settings\Michael\Desktop\AVG Anti-Spyware 7.5\avgas.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

C:\Documents and Settings\Michael\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-05-20 18:42:47 3450608]
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2008-01-10 19:29:50 2872144]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 04:19:24 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ :\WINDOWS\syste

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2002-12-17 11:28 684032 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hp Update 3300C]
--a------ 2002-01-31 09:38 32768 C:\sj650\hpupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
--a------ 2002-06-13 14:01 49152 C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\MSMSGS.exe


.
Contents of the 'Scheduled Tasks' folder
"2007-11-23 15:28:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-16 12:56:00 C:\WINDOWS\Tasks\WebReg 20060124075639.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exeX/TaskName 20060124075639 /N
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 09:34:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-04 9:39:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-04 14:39:53
ComboFix2.txt 2008-01-13 16:51:43



Hi Jack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:11 AM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Documents and Settings\Michael\Desktop\GW Maps\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://64.28.180.123/privacyASP.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Michael\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Loflf] "C:\Program Files\?ppPatch\n?lookup.exe"
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKUS\S-1-5-21-1292428093-362288127-839522115-1006\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe (User '?')
O4 - HKUS\S-1-5-21-1292428093-362288127-839522115-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1292428093-362288127-839522115-1006\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1292428093-362288127-839522115-1006\..\Run: [Loflf] "C:\Program Files\?ppPatch\n?lookup.exe" (User '?')
O4 - HKUS\S-1-5-21-1292428093-362288127-839522115-1006\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe (User '?')
O4 - S-1-5-21-1292428093-362288127-839522115-1006 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User '?')
O4 - S-1-5-21-1292428093-362288127-839522115-1006 Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User '?')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198717033981
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200001719933
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Documents and Settings\Michael\Desktop\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: gusvc - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service usnjsvcNVSvc (usnjsvcNVSvc) - Unknown owner - C:\WINDOWS\system32\accwizv.exe

--
End of file - 10085 bytes

Edited by MetallicACDC, 04 February 2008 - 09:48 AM.


#5 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 04 February 2008 - 12:05 PM

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\mrofinu572.exe.tmp
C:\6E.tmp
C:\6D.tmp
C:\60.tmp
C:\4D.tmp
C:\46.tmp
C:\3A.tmp
C:\24.tmp
C:\F.tmp

Folder::
C:\Temp\tn3
C:\WINDOWS\system32\nGpxx01
C:\Temp\gTiis19
C:\Temp\cXzz9



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Posted Image
Proud member of ASAP since 2007

#6 MetallicACDC

MetallicACDC
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 04 February 2008 - 12:55 PM

Alright, it asked to reboot so I did, and here is the Combo Fix log, then the Hijack This log.

Combo Fix log:

ComboFix 08-02.03.1 - Michael 2008-02-04 12:41:10.4 - NTFSx86

Running from: C:\Documents and Settings\Michael\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michael\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\24.tmp
C:\3A.tmp
C:\46.tmp
C:\4D.tmp
C:\60.tmp
C:\6D.tmp
C:\6E.tmp
C:\F.tmp
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\system32\drivers\core.cache.dsk
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\24.tmp
C:\3A.tmp
C:\46.tmp
C:\4D.tmp
C:\60.tmp
C:\6D.tmp
C:\6E.tmp
C:\F.tmp
C:\Temp\cXzz9
C:\Temp\gTiis19
C:\Temp\gTiis19\lTig.log
C:\temp\tn3
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 )))))))))))))))))))))))))))))))
.

2008-02-04 12:47 . 2008-02-04 12:47 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-04 12:47 . 2008-02-04 12:47 <DIR> d-------- C:\Temp\tn3
2008-01-30 17:01 . 2008-01-30 17:01 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-30 16:57 . 2008-01-30 16:57 <DIR> d-------- C:\WINDOWS\system32\tps5
2008-01-30 16:57 . 2008-02-01 16:01 <DIR> d-------- C:\WINDOWS\system32\rip4
2008-01-30 16:57 . 2008-02-01 16:01 <DIR> d-------- C:\WINDOWS\system32\gis6
2008-01-30 16:57 . 2008-01-31 17:15 <DIR> d-------- C:\WINDOWS\system32\dom1
2008-01-30 16:57 . 2008-02-01 16:03 <DIR> d--hs---- C:\WINDOWS\SGltZXMx
2008-01-30 16:57 . 2008-01-30 16:57 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-30 16:57 . 2008-01-30 16:57 86,016 --a------ C:\WINDOWS\system32\drivers\uagp355.sys
2008-01-26 11:07 . 2008-01-26 11:08 <DIR> d-------- C:\Program Files\iTunes
2008-01-26 11:07 . 2008-01-26 11:07 <DIR> d-------- C:\Program Files\iPod
2008-01-26 10:32 . 2008-01-26 10:32 <DIR> d-------- C:\Data Files
2008-01-26 10:31 . 2008-01-26 10:31 <DIR> d-------- C:\Program Files\Red Chair Software
2008-01-26 10:31 . 2008-01-26 10:31 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Red Chair Software
2008-01-16 17:36 . 2008-01-16 17:36 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Grisoft
2008-01-16 17:35 . 2008-01-16 17:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-16 17:35 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-12 15:22 . 2008-01-12 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-10 19:29 . 2008-01-10 19:29 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-08 07:03 . 2008-01-08 07:03 0 --a------ C:\5F.tmp
2008-01-08 07:02 . 2008-01-08 07:02 0 --a------ C:\4C.tmp
2008-01-08 07:02 . 2008-01-08 07:02 0 --a------ C:\4B.tmp
2008-01-08 07:02 . 2008-01-08 07:02 0 --a------ C:\4A.tmp
2008-01-08 07:02 . 2008-01-08 07:02 0 --a------ C:\49.tmp
2008-01-08 07:02 . 2008-01-08 07:02 0 --a------ C:\48.tmp
2008-01-08 07:02 . 2008-01-08 07:02 0 --a------ C:\47.tmp
2008-01-08 07:02 . 2008-01-08 07:02 0 --a------ C:\30.tmp
2008-01-08 07:02 . 2008-01-08 07:02 0 --a------ C:\2F.tmp
2008-01-08 07:02 . 2008-01-08 07:02 0 --a------ C:\2E.tmp
2008-01-08 07:02 . 2008-01-08 07:02 0 --a------ C:\2D.tmp
2008-01-08 07:02 . 2008-01-08 07:02 0 --a------ C:\15.tmp
2008-01-07 21:56 . 2008-01-07 21:56 0 --a------ C:\39.tmp
2008-01-07 21:55 . 2008-01-07 21:55 0 --a------ C:\21.tmp
2008-01-07 21:54 . 2008-01-07 21:54 0 --a------ C:\E.tmp
2008-01-07 17:13 . 2008-01-07 17:14 506,940 --a------ C:\WINDOWS\system32\w32sys15.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 17:48 --------- d-----w C:\Documents and Settings\Michael\Application Data\Xfire
2008-02-01 22:36 --------- d-----w C:\Program Files\EphPod
2008-02-01 21:46 --------- d-----w C:\Program Files\Bonjour
2008-01-30 21:49 --------- d-----w C:\Program Files\Omerta Script
2008-01-27 23:04 --------- d-----w C:\Documents and Settings\Michael\Application Data\uTorrent
2008-01-26 16:05 --------- d-----w C:\Program Files\QuickTime
2008-01-24 22:36 --------- d-s---w C:\Program Files\Xfire
2008-01-04 00:17 --------- d-----w C:\Documents and Settings\Michael\Application Data\teamspeak2
2008-01-01 02:57 22,584 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-31 23:43 --------- d-----w C:\Program Files\Common Files\Real
2007-12-29 20:54 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-12-27 01:11 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-27 01:11 --------- d-----w C:\Program Files\Windows Live
2007-12-27 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-24 17:19 --------- d-----w C:\Program Files\Ventrilo
2007-12-24 17:19 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-12-24 17:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-24 17:19 --------- d-----w C:\Documents and Settings\Michael\Application Data\SUPERAntiSpyware.com
2007-12-23 16:52 53,760 ----a-w C:\Documents and Settings\Michael\xXx.exe
2007-12-22 23:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-22 22:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-21 23:23 --------- d-----w C:\Program Files\Sun
2007-12-21 23:23 --------- d-----w C:\Program Files\Java
2007-12-21 23:17 --------- d-----w C:\Program Files\Common Files\Java
2007-12-21 02:56 --------- d-----w C:\Documents and Settings\Dad\Application Data\Apple Computer
2007-09-24 21:21 51,422,520 ----a-w C:\Program Files\iTunes742Setup.exe
2006-11-16 13:05 0 ----a-w C:\Program Files\Common Files\err.log
2006-08-23 21:41 1,033,879 ----a-w C:\Program Files\wrar360.exe
2006-08-09 14:17 29,853,358 ----a-w C:\Program Files\DBViewer.rar
2006-08-09 14:08 23,510,720 ----a-w C:\Program Files\dotnetfx.exe
2006-02-05 06:15 2,010,624 ----a-w C:\Program Files\ventrilo-2.3.0-Windows-i386.exe
2005-08-28 03:59 3,266,519 ----a-w C:\Program Files\Teamspeak2_RC2.exe
2005-08-20 21:46 254 ----a-w C:\Program Files\Hey_Jude.asx
2005-07-05 05:18 7,290,120 ----a-w C:\Program Files\setup.exe
2005-07-05 05:18 1,002,752 ----a-w C:\Program Files\JournalViewer1.5_KB886179_ENU.exe
2005-05-04 10:31 1,103,367 ----a-w C:\Documents and Settings\Dad\s-t-i-n-g-e-r.exe
2005-05-01 02:16 2,636,408 ----a-w C:\Documents and Settings\All Users\aawsepersonal.exe
2005-05-01 02:10 49,152 ----a-w C:\Documents and Settings\All Users\pcOrionInstaller.exe
2005-05-01 01:57 876,492 ----a-w C:\Documents and Settings\All Users\noadware.exe
2005-05-01 01:33 534,104 ----a-w C:\Documents and Settings\All Users\psa2011_ytb01_DLM_enu_full.exe
2005-04-27 17:43 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2005-04-25 21:55 36,769,215 ----a-w C:\Program Files\dx90b_redist.exe
2004-08-04 07:56 755,200 ----a-r C:\Documents and Settings\Guest\Application Data\ntos.exe
2005-07-29 21:24 472 --sha-r C:\WINDOWS\SGltZXMx\m35QtrgU.vbs
2007-04-21 16:51 32,636 --sha-r C:\WINDOWS\system32\accwizv.exe
2007-05-08 23:06 32,660 --sha-r C:\WINDOWS\system32\appendv.exe
2007-04-10 13:15 32,108 --sha-r C:\WINDOWS\system32\arpr.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 21:27 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Loflf"="C:\Program Files\?ppPatch\n?lookup.exe" [ ]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [2008-01-30 17:01 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 10:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 10:51 118784]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-01-05 02:27 176128]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 16:28 49152]
"DXDllRegExe"="dxdllreg.exe" []
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-03-23 14:47 1111040]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 08:32 5537792]
"nwiz"="nwiz.exe" [2005-02-24 08:32 1495040 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 08:32 86016]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [ ]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 07:10 81990]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 03:11 135251]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 16:30 45632]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38 241664]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"!AVG Anti-Spyware"="C:\Documents and Settings\Michael\Desktop\AVG Anti-Spyware 7.5\avgas.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

C:\Documents and Settings\Michael\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-05-20 18:42:47 3450608]
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2008-01-10 19:29:50 2872144]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 04:19:24 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ :\WINDOWS\syste

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2002-12-17 11:28 684032 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hp Update 3300C]
--a------ 2002-01-31 09:38 32768 C:\sj650\hpupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
--a------ 2002-06-13 14:01 49152 C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\MSMSGS.exe


.
Contents of the 'Scheduled Tasks' folder
"2007-11-23 15:28:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-16 12:56:00 C:\WINDOWS\Tasks\WebReg 20060124075639.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exeX/TaskName 20060124075639 /N
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 12:47:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-04 12:52:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-04 17:52:21
ComboFix2.txt 2008-02-04 14:39:57
ComboFix3.txt 2008-01-13 16:51:43




Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:03 PM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Michael\Desktop\GW Maps\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://64.28.180.123/privacyASP.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Michael\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Loflf] "C:\Program Files\?ppPatch\n?lookup.exe"
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKUS\S-1-5-21-1292428093-362288127-839522115-1006\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe (User '?')
O4 - HKUS\S-1-5-21-1292428093-362288127-839522115-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1292428093-362288127-839522115-1006\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1292428093-362288127-839522115-1006\..\Run: [Loflf] "C:\Program Files\?ppPatch\n?lookup.exe" (User '?')
O4 - HKUS\S-1-5-21-1292428093-362288127-839522115-1006\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe (User '?')
O4 - S-1-5-21-1292428093-362288127-839522115-1006 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User '?')
O4 - S-1-5-21-1292428093-362288127-839522115-1006 Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User '?')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198717033981
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200001719933
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Documents and Settings\Michael\Desktop\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: gusvc - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service usnjsvcNVSvc (usnjsvcNVSvc) - Unknown owner - C:\WINDOWS\system32\accwizv.exe

--
End of file - 10119 bytes

#7 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 04 February 2008 - 01:56 PM

Hi,

open HijackThis, click do a scan only and place a check next to the following entrie:

O4 - HKCU\..\Run: [Loflf] "C:\Program Files\?ppPatch\n?lookup.exe"
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe

Close all other windows and browsers, except HijackThis, and click Fix Checked. Close HijackThis.
Next,
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\5F.tmp
C:\4C.tmp
C:\4B.tmp
C:\4A.tmp
C:\49.tmp
C:\48.tmp
C:\47.tmp
C:\30.tmp
C:\2F.tmp
C:\2E.tmp
C:\2D.tmp
C:\15.tmp
C:\39.tmp
C:\21.tmp
C:\E.tmp
C:\WINDOWS\system32\drivers\uagp355.sys
C:\WINDOWS\system32\w32sys15.exe
C:\Documents and Settings\Michael\xXx.exe

Folder::
C:\Temp\tn3
C:\Program Files\Dot1XCfg

Driver::
uagp355.sys

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dot1XCfg"=-
"Loflf"=-



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Posted Image
Proud member of ASAP since 2007

#8 MetallicACDC

MetallicACDC
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 04 February 2008 - 03:01 PM

Alright, finished with that! I must say thank you for the help you given me thus far. Like before, CF log first, then HjT.

Combo Fix log:

ComboFix 08-02.03.1 - Michael 2008-02-04 14:44:40.5 - NTFSx86

Running from: C:\Documents and Settings\Michael\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michael\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\15.tmp
C:\21.tmp
C:\2D.tmp
C:\2E.tmp
C:\2F.tmp
C:\30.tmp
C:\39.tmp
C:\47.tmp
C:\48.tmp
C:\49.tmp
C:\4A.tmp
C:\4B.tmp
C:\4C.tmp
C:\5F.tmp
C:\Documents and Settings\Michael\xXx.exe
C:\E.tmp
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\uagp355.sys
C:\WINDOWS\system32\w32sys15.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\uagp355.sys
C:\15.tmp
C:\21.tmp
C:\2D.tmp
C:\2E.tmp
C:\2F.tmp
C:\30.tmp
C:\39.tmp
C:\47.tmp
C:\48.tmp
C:\49.tmp
C:\4A.tmp
C:\4B.tmp
C:\4C.tmp
C:\5F.tmp
C:\Documents and Settings\Michael\xXx.exe
C:\E.tmp
C:\Program Files\Dot1XCfg
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe.lzma
C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\uagp355.sys
C:\WINDOWS\system32\w32sys15.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 )))))))))))))))))))))))))))))))
.

2008-02-04 14:50 . 2008-02-04 14:50 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-30 16:57 . 2008-01-30 16:57 <DIR> d-------- C:\WINDOWS\system32\tps5
2008-01-30 16:57 . 2008-02-01 16:01 <DIR> d-------- C:\WINDOWS\system32\rip4
2008-01-30 16:57 . 2008-02-01 16:01 <DIR> d-------- C:\WINDOWS\system32\gis6
2008-01-30 16:57 . 2008-01-31 17:15 <DIR> d-------- C:\WINDOWS\system32\dom1
2008-01-30 16:57 . 2008-02-01 16:03 <DIR> d--hs---- C:\WINDOWS\SGltZXMx
2008-01-26 11:07 . 2008-01-26 11:08 <DIR> d-------- C:\Program Files\iTunes
2008-01-26 11:07 . 2008-01-26 11:07 <DIR> d-------- C:\Program Files\iPod
2008-01-26 10:32 . 2008-01-26 10:32 <DIR> d-------- C:\Data Files
2008-01-26 10:31 . 2008-01-26 10:31 <DIR> d-------- C:\Program Files\Red Chair Software
2008-01-26 10:31 . 2008-01-26 10:31 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Red Chair Software
2008-01-16 17:36 . 2008-01-16 17:36 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Grisoft
2008-01-16 17:35 . 2008-01-16 17:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-16 17:35 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-12 15:22 . 2008-01-12 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-10 19:29 . 2008-01-10 19:29 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-08 07:03 . 2008-01-08 07:03 0 --a------ C:\5E.tmp
2008-01-07 21:57 . 2008-01-07 21:57 0 --a------ C:\45.tmp
2008-01-07 21:57 . 2008-01-07 21:57 0 --a------ C:\44.tmp
2008-01-07 21:57 . 2008-01-07 21:57 0 --a------ C:\43.tmp
2008-01-07 21:57 . 2008-01-07 21:57 0 --a------ C:\42.tmp
2008-01-07 21:57 . 2008-01-07 21:57 0 --a------ C:\41.tmp
2008-01-07 21:57 . 2008-01-07 21:57 0 --a------ C:\40.tmp
2008-01-07 21:57 . 2008-01-07 21:57 0 --a------ C:\3F.tmp
2008-01-07 21:57 . 2008-01-07 21:57 0 --a------ C:\3E.tmp
2008-01-07 21:57 . 2008-01-07 21:57 0 --a------ C:\3D.tmp
2008-01-07 21:57 . 2008-01-07 21:57 0 --a------ C:\3C.tmp
2008-01-07 21:57 . 2008-01-07 21:57 0 --a------ C:\3B.tmp
2008-01-07 21:55 . 2008-01-07 21:55 0 --a------ C:\20.tmp
2008-01-07 21:54 . 2008-01-07 21:54 0 --a------ C:\D.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 19:51 --------- d-----w C:\Documents and Settings\Michael\Application Data\Xfire
2008-02-01 22:36 --------- d-----w C:\Program Files\EphPod
2008-02-01 21:46 --------- d-----w C:\Program Files\Bonjour
2008-01-30 21:49 --------- d-----w C:\Program Files\Omerta Script
2008-01-27 23:04 --------- d-----w C:\Documents and Settings\Michael\Application Data\uTorrent
2008-01-26 16:05 --------- d-----w C:\Program Files\QuickTime
2008-01-24 22:36 --------- d-s---w C:\Program Files\Xfire
2008-01-04 00:17 --------- d-----w C:\Documents and Settings\Michael\Application Data\teamspeak2
2008-01-01 02:57 22,584 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-31 23:43 --------- d-----w C:\Program Files\Common Files\Real
2007-12-29 20:54 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-12-27 01:11 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-27 01:11 --------- d-----w C:\Program Files\Windows Live
2007-12-27 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-24 17:19 --------- d-----w C:\Program Files\Ventrilo
2007-12-24 17:19 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-12-24 17:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-24 17:19 --------- d-----w C:\Documents and Settings\Michael\Application Data\SUPERAntiSpyware.com
2007-12-22 23:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-22 22:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-21 23:23 --------- d-----w C:\Program Files\Sun
2007-12-21 23:23 --------- d-----w C:\Program Files\Java
2007-12-21 23:17 --------- d-----w C:\Program Files\Common Files\Java
2007-12-21 02:56 --------- d-----w C:\Documents and Settings\Dad\Application Data\Apple Computer
2007-09-24 21:21 51,422,520 ----a-w C:\Program Files\iTunes742Setup.exe
2006-11-16 13:05 0 ----a-w C:\Program Files\Common Files\err.log
2006-08-23 21:41 1,033,879 ----a-w C:\Program Files\wrar360.exe
2006-08-09 14:17 29,853,358 ----a-w C:\Program Files\DBViewer.rar
2006-08-09 14:08 23,510,720 ----a-w C:\Program Files\dotnetfx.exe
2006-02-05 06:15 2,010,624 ----a-w C:\Program Files\ventrilo-2.3.0-Windows-i386.exe
2005-08-28 03:59 3,266,519 ----a-w C:\Program Files\Teamspeak2_RC2.exe
2005-08-20 21:46 254 ----a-w C:\Program Files\Hey_Jude.asx
2005-07-05 05:18 7,290,120 ----a-w C:\Program Files\setup.exe
2005-07-05 05:18 1,002,752 ----a-w C:\Program Files\JournalViewer1.5_KB886179_ENU.exe
2005-05-04 10:31 1,103,367 ----a-w C:\Documents and Settings\Dad\s-t-i-n-g-e-r.exe
2005-05-01 02:16 2,636,408 ----a-w C:\Documents and Settings\All Users\aawsepersonal.exe
2005-05-01 02:10 49,152 ----a-w C:\Documents and Settings\All Users\pcOrionInstaller.exe
2005-05-01 01:57 876,492 ----a-w C:\Documents and Settings\All Users\noadware.exe
2005-05-01 01:33 534,104 ----a-w C:\Documents and Settings\All Users\psa2011_ytb01_DLM_enu_full.exe
2005-04-27 17:43 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2005-04-25 21:55 36,769,215 ----a-w C:\Program Files\dx90b_redist.exe
2004-08-04 07:56 755,200 ----a-r C:\Documents and Settings\Guest\Application Data\ntos.exe
2005-07-29 21:24 472 --sha-r C:\WINDOWS\SGltZXMx\m35QtrgU.vbs
2007-04-21 16:51 32,636 --sha-r C:\WINDOWS\system32\accwizv.exe
2007-05-08 23:06 32,660 --sha-r C:\WINDOWS\system32\appendv.exe
2007-04-10 13:15 32,108 --sha-r C:\WINDOWS\system32\arpr.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 21:27 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 10:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 10:51 118784]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-01-05 02:27 176128]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 16:28 49152]
"DXDllRegExe"="dxdllreg.exe" []
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-03-23 14:47 1111040]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 08:32 5537792]
"nwiz"="nwiz.exe" [2005-02-24 08:32 1495040 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 08:32 86016]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [ ]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 07:10 81990]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 03:11 135251]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 16:30 45632]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38 241664]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"!AVG Anti-Spyware"="C:\Documents and Settings\Michael\Desktop\AVG Anti-Spyware 7.5\avgas.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

C:\Documents and Settings\Michael\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-05-20 18:42:47 3450608]
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2008-01-10 19:29:50 2872144]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 04:19:24 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ :\WINDOWS\syste

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2002-12-17 11:28 684032 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hp Update 3300C]
--a------ 2002-01-31 09:38 32768 C:\sj650\hpupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
--a------ 2002-06-13 14:01 49152 C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\MSMSGS.exe


.
Contents of the 'Scheduled Tasks' folder
"2007-11-23 15:28:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-16 12:56:00 C:\WINDOWS\Tasks\WebReg 20060124075639.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exeX/TaskName 20060124075639 /N
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 14:51:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-04 14:56:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-04 19:56:42
ComboFix2.txt 2008-02-04 17:52:24
ComboFix3.txt 2008-02-04 14:39:57
ComboFix4.txt 2008-01-13 16:51:43





Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:59:04 PM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Documents and Settings\Michael\Desktop\GW Maps\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://64.28.180.123/privacyASP.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Michael\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-1292428093-362288127-839522115-1006\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe (User '?')
O4 - HKUS\S-1-5-21-1292428093-362288127-839522115-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1292428093-362288127-839522115-1006\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - S-1-5-21-1292428093-362288127-839522115-1006 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User '?')
O4 - S-1-5-21-1292428093-362288127-839522115-1006 Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User '?')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198717033981
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200001719933
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Documents and Settings\Michael\Desktop\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: gusvc - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service usnjsvcNVSvc (usnjsvcNVSvc) - Unknown owner - C:\WINDOWS\system32\accwizv.exe

--
End of file - 9659 bytes

#9 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 04 February 2008 - 03:43 PM

Looks good.
How are things running?
Posted Image
Proud member of ASAP since 2007

#10 MetallicACDC

MetallicACDC
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 04 February 2008 - 04:03 PM

It's clean? That's great! :thumbsup: Thanks for all the help :) :)

It's running great, no pop-ups anymore, so I think you solved it :D

Just 1 problem. You know that bar at the bottom of the internet window that shows the site that's loading and the bar shows how much has loaded? That's missing :\ Do you know how to get it back?

And btw, you have 666 posts :blink: POST SOMETHING QUICK lol :wacko:

Edited by MetallicACDC, 04 February 2008 - 04:03 PM.


#11 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 04 February 2008 - 04:12 PM

It's clean? That's great! :thumbsup: Thanks for all the help :) :)

It's running great, no pop-ups anymore, so I think you solved it :D

Just 1 problem. You know that bar at the bottom of the internet window that shows the site that's loading and the bar shows how much has loaded? That's missing :\ Do you know how to get it back?

And btw, you have 666 posts :blink: POST SOMETHING QUICK lol :wacko:


I'll take a look for that problem!!
In the meantime do this plaease:

Please remove Combofix in this way:

Click Start >> Run, and then type ComboFix /u and hit enter.
Posted Image
Proud member of ASAP since 2007

#12 MetallicACDC

MetallicACDC
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 04 February 2008 - 04:21 PM

Ok, I've done that, and await your reply.

#13 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 04 February 2008 - 04:30 PM

Ok, I've done that, and await your reply.


Good, for your problem:

right click in the top bar and put a check next to status bar.
That should do it.
Posted Image
Proud member of ASAP since 2007

#14 MetallicACDC

MetallicACDC
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 04 February 2008 - 04:32 PM

Ahha! I had to search around and found it was View>Status Bar.

Thanks for all your help! God bless!

#15 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 04 February 2008 - 04:41 PM

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we at BC are to help you, for your sake we would rather not have repeat customers. :thumbsup:

1) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

AVG-AntiSpyware
Install it,update it to the latest definitions, and perform a full system scan.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.


Please also read Tony Klein's excellent article: So how I got Infected in the First Place

Hopefully this should take care of your problems! Good luck. :D (prevention speech by Swandog46)

With friendly regards,

Rosty.
Posted Image
Proud member of ASAP since 2007




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users