Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Registrydefender Platinum Infection


  • This topic is locked This topic is locked
14 replies to this topic

#1 Daimeion

Daimeion

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 07 August 2008 - 06:34 PM

Cleaning up a customer's PC. Got rid of most of it using MalwareBytes Anti-Malware and SmitfraudFix.
Looks like there is a remnant that won't let go, some I'm here asking the experts to help clean up the rest!

Deckard's System Scanner v20071014.68
Run by Carolyn V Craig on 2008-08-07 16:27:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Carolyn V Craig.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:27:18, on 8/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Carolyn V Craig\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\CAROLY~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
O4 - HKLM\..\Run: [KPDrv4XP] C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} - http://aolsvc.aol.com/onlinegames/free-tri...mesLauncher.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://roxypalace.microgaming.com/freeplay/FlashAX.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 8231 bytes

-- Files created between 2008-07-07 and 2008-08-07 -----------------------------

2008-08-06 17:40:00 0 dr-h----- C:\Documents and Settings\Carolyn V Craig\Recent
2008-08-05 09:46:03 0 d-------- C:\Program Files\Trend Micro
2008-08-05 09:37:16 0 d-------- C:\Program Files\Common Files\Java
2008-08-05 08:46:25 4116 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-04 16:39:14 0 d-------- C:\Program Files\Windows Defender
2008-08-04 16:22:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-04 15:19:28 2048 --a------ C:\WINDOWS\system32\uaasshpy.exe
2008-08-04 15:09:12 0 d-------- C:\Documents and Settings\Carolyn V Craig\Application Data\Malwarebytes
2008-08-04 15:09:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes


-- Find3M Report ---------------------------------------------------------------

2008-08-06 17:51:30 0 d-------- C:\Program Files\Common Files
2008-08-05 15:45:29 0 d-------- C:\Program Files\Enigma Software Group
2008-08-05 09:37:50 0 d-------- C:\Program Files\Java
2008-08-05 08:41:38 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-01 17:57:41 0 d-------- C:\Program Files\Dl_cats
2008-07-02 23:40:10 1160 --a------ C:\WINDOWS\mozver.dat
2008-07-02 00:44:22 0 d-------- C:\Program Files\Online Services
2008-07-02 00:36:39 0 d-------- C:\Documents and Settings\Carolyn V Craig\Application Data\InstallShield
2008-06-29 21:56:10 0 d-------- C:\Program Files\McAfee
2008-06-29 19:48:59 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-29 19:47:02 0 d-------- C:\Program Files\McAfee.com
2008-06-28 11:46:14 0 d-------- C:\Program Files\Arcade and Puzzle Games
2008-06-23 20:32:09 0 d-------- C:\Program Files\Common Files\mmrm
2008-06-23 20:22:27 0 d-------- C:\Program Files\Ascentive
2008-06-23 20:12:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-17 22:35:45 0 d-------- C:\Documents and Settings\Carolyn V Craig\Application Data\U3
2008-06-10 19:25:28 2780 --a------ C:\Documents and Settings\Carolyn V Craig\Application Data\update.log


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 12:01]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 18:49]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 18:46]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 18:50]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [10/05/2005 01:12]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 08:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 08:44]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 03:20]
"DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [09/13/2005 22:51]
"dlcdmon.exe"="C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe" [10/07/2005 01:01]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 944\memcard.exe" [09/06/2005 22:37]
"KEMailKb"="C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE" [08/09/2005 01:27]
"KPDrv4XP"="C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE" [02/21/2005 04:15]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [08/12/2005 16:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/16/2006 12:23]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [04/07/2004 10:07]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 22:16]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/09/2008 21:47]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 19:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [05/30/2007 21:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 03:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/30/2007 23:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [5/16/2006 12:20:06 PM]
LaunchU3.exe.lnk - C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [6/14/2008 6:29:18 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/12/2001 11:01:04 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-08-07 16:27:46 ------------

BC AdBot (Login to Remove)

 


m

#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:39 PM

Posted 07 August 2008 - 07:12 PM

Hello Daimeion,

Welcome to Bleeping Computer :)

Can you please tell me what sort of remnants you're talking about? There's nothing showing in HijackThis, but it isn't a tell all so I need a description from you. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Daimeion

Daimeion
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 08 August 2008 - 09:18 AM

Ah, you're right, it does look clean. I noticed the remnants in a combofix log. Want me to run and post that?

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:39 PM

Posted 08 August 2008 - 03:06 PM

Yes, please. :thumbsup:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Daimeion

Daimeion
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 10 August 2008 - 04:15 PM

Here you go.

ComboFix 08-08-04.06 - Carolyn V Craig 2008-08-08 17:38:06.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.389 [GMT -7:00]
Running from: C:\Documents and Settings\Carolyn V Craig\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 )))))))))))))))))))))))))))))))
.

C:\ComboFix\CreateC00.bat .
2008-08-07 16:27 . 2008-08-07 16:27 <DIR> d-------- C:\Deckard
2008-08-07 13:43 . 2008-08-07 13:44 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-08-07 13:37 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-07 13:37 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-05 09:46 . 2008-08-05 09:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-05 09:37 . 2008-08-05 09:37 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-05 09:37 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-05 08:46 . 2008-08-05 08:46 4,116 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-04 16:39 . 2008-08-04 16:39 <DIR> d-------- C:\Program Files\Windows Defender
2008-08-04 16:22 . 2008-08-06 17:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-04 16:22 . 2008-08-06 17:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-04 15:19 . 2008-08-04 15:19 2,048 --a------ C:\WINDOWS\system32\uaasshpy.exe
2008-08-04 15:09 . 2008-08-04 15:09 <DIR> d-------- C:\Documents and Settings\Carolyn V Craig\Application Data\Malwarebytes
2008-08-04 15:09 . 2008-08-04 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-29 22:41 . 2008-07-29 22:41 1,625,390 --ahs---- C:\WINDOWS\system32\bfivjgqt.tmp
2008-07-27 13:49 . 2008-07-27 13:49 1,637,473 --ahs---- C:\WINDOWS\system32\tebgsdah.tmp
2008-07-24 07:07 . 2008-07-24 07:07 1,402,489 --ahs---- C:\WINDOWS\system32\vovwihtv.tmp
2008-07-21 18:20 . 2008-07-21 18:21 709,247 --ahs---- C:\WINDOWS\system32\hnodidxs.tmp
2008-07-18 17:52 . 2008-07-18 17:52 294 --ahs---- C:\WINDOWS\system32\hqyboful.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-05 22:45 --------- d-----w C:\Program Files\Enigma Software Group
2008-08-05 16:37 --------- d-----w C:\Program Files\Java
2008-08-05 15:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-05 15:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-02 00:57 --------- d-----w C:\Program Files\Dl_cats
2008-07-06 21:49 1,619,229 --sha-w C:\WINDOWS\system32\qastrnxf.tmp
2008-07-05 21:48 1,704,055 --sha-w C:\WINDOWS\system32\nlevvrdt.tmp
2008-07-04 21:47 1,711,832 --sha-w C:\WINDOWS\system32\dhsctxxd.tmp
2008-07-03 09:04 1,712,716 --sha-w C:\WINDOWS\system32\oygsvjvf.tmp
2008-07-02 07:36 --------- d-----w C:\Documents and Settings\Carolyn V Craig\Application Data\InstallShield
2008-06-30 04:56 --------- d-----w C:\Program Files\McAfee
2008-06-30 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-30 02:48 --------- d-----w C:\Program Files\Common Files\McAfee
2008-06-30 02:47 --------- d-----w C:\Program Files\McAfee.com
2008-06-29 07:44 1,733,692 --sha-w C:\WINDOWS\system32\hkmmvwmg.tmp
2008-06-28 18:46 --------- d-----w C:\Program Files\Arcade and Puzzle Games
2008-06-26 06:20 1,639,690 --sha-w C:\WINDOWS\system32\ifqonxcv.tmp
2008-06-25 05:36 1,696,260 --sha-w C:\WINDOWS\system32\edilienf.tmp
2008-06-24 03:32 --------- d-----w C:\Program Files\Common Files\mmrm
2008-06-24 03:22 --------- d-----w C:\Program Files\Ascentive
2008-06-24 03:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 06:08 1,668,869 --sha-w C:\WINDOWS\system32\sqpcxpxu.tmp
2008-06-19 05:39 1,634,631 --sha-w C:\WINDOWS\system32\tljqrofy.tmp
2008-06-19 05:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ascentive
2008-06-18 05:35 --------- d-----w C:\Documents and Settings\Carolyn V Craig\Application Data\U3
2008-06-15 04:58 1,659,721 --sha-w C:\WINDOWS\system32\gveibalm.tmp
2008-06-15 01:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\U3
2008-06-14 21:46 1,659,679 --sha-w C:\WINDOWS\system32\rqqcnkfn.tmp
2008-06-13 08:26 1,635,294 --sha-w C:\WINDOWS\system32\nuykvxnj.tmp
2008-05-10 04:47 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-02-11 02:07 190 ----a-w C:\Documents and Settings\Carolyn V Craig\Application Data\wklnhst.dat
2007-08-15 20:00 0 ----a-w C:\Documents and Settings\Ralph Craig\Application Data\wklnhst.dat
2007-05-27 19:54 88 --sh--r C:\WINDOWS\system32\159902C359.sys
2008-04-20 19:43 56 --sh--r C:\WINDOWS\system32\59C3029915.sys
2008-04-20 19:46 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 23:50 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 12:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 18:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 18:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 18:50 114688]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 01:12 94208]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 03:20 122940]
"DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-09-13 22:51 73728]
"dlcdmon.exe"="C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-10-07 01:01 430080]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 944\memcard.exe" [2005-09-06 22:37 290816]
"KEMailKb"="C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE" [2005-08-09 01:27 401408]
"KPDrv4XP"="C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE" [2005-02-21 04:15 40960]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-16 12:23 98304]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 10:07 496752]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-09 21:47 185896]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-30 21:26 810576]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-16 12:20:06 24576]
LaunchU3.exe.lnk - C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2008-06-14 18:29:18 22486]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 23:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R3 dlcd_device;dlcd_device;C:\WINDOWS\system32\dlcdcoms.exe [2005-10-27 21:41]
S3 Winacusb;Winacusb;C:\WINDOWS\system32\DRIVERS\winacusb.sys [2004-07-14 12:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-08 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Carolyn V Craig\Application Data\Mozilla\Firefox\Profiles\g1heuf3x.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-08 17:41:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCDCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-08 17:42:56
ComboFix-quarantined-files.txt 2008-08-09 00:42:44

Pre-Run: 86,582,366,208 bytes free
Post-Run: 86,568,914,944 bytes free

159 --- E O F --- 2008-08-08 14:15:24

Seems like alot of hidden .tmp files are suspicious to me. What do you think?

Daimeion

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:39 PM

Posted 10 August 2008 - 04:36 PM

Hello,

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

File::
C:\WINDOWS\system32\bfivjgqt.tmp
C:\WINDOWS\system32\tebgsdah.tmp
C:\WINDOWS\system32\vovwihtv.tmp
C:\WINDOWS\system32\hnodidxs.tmp
C:\WINDOWS\system32\hqyboful.ini
C:\WINDOWS\system32\uaasshpy.exe
C:\WINDOWS\system32\qastrnxf.tmp
C:\WINDOWS\system32\nlevvrdt.tmp
C:\WINDOWS\system32\dhsctxxd.tmp
C:\WINDOWS\system32\oygsvjvf.tmp
C:\WINDOWS\system32\hkmmvwmg.tmp
C:\WINDOWS\system32\ifqonxcv.tmp
C:\WINDOWS\system32\edilienf.tmp
C:\Program Files\Common Files\mmrm
C:\WINDOWS\system32\gveibalm.tmp
C:\WINDOWS\system32\rqqcnkfn.tmp
C:\WINDOWS\system32\nuykvxnj.tmp


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 Daimeion

Daimeion
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 10 August 2008 - 06:11 PM

ComboFix 08-08-04.06 - Carolyn V Craig 2008-08-10 15:36:57.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.426 [GMT -7:00]
Running from: C:\Documents and Settings\Carolyn V Craig\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Carolyn V Craig\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.

2008-08-07 16:27 . 2008-08-07 16:27 <DIR> d-------- C:\Deckard
2008-08-07 13:43 . 2008-08-07 13:44 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-08-07 13:37 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-07 13:37 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-05 09:46 . 2008-08-05 09:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-05 09:37 . 2008-08-05 09:37 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-05 09:37 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-05 08:46 . 2008-08-05 08:46 4,116 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-04 16:39 . 2008-08-04 16:39 <DIR> d-------- C:\Program Files\Windows Defender
2008-08-04 16:22 . 2008-08-06 17:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-04 16:22 . 2008-08-06 17:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-04 15:19 . 2008-08-04 15:19 2,048 --a------ C:\WINDOWS\system32\uaasshpy.exe
2008-08-04 15:09 . 2008-08-04 15:09 <DIR> d-------- C:\Documents and Settings\Carolyn V Craig\Application Data\Malwarebytes
2008-08-04 15:09 . 2008-08-04 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-29 22:41 . 2008-07-29 22:41 1,625,390 --ahs---- C:\WINDOWS\system32\bfivjgqt.tmp
2008-07-27 13:49 . 2008-07-27 13:49 1,637,473 --ahs---- C:\WINDOWS\system32\tebgsdah.tmp
2008-07-24 07:07 . 2008-07-24 07:07 1,402,489 --ahs---- C:\WINDOWS\system32\vovwihtv.tmp
2008-07-21 18:20 . 2008-07-21 18:21 709,247 --ahs---- C:\WINDOWS\system32\hnodidxs.tmp
2008-07-18 17:52 . 2008-07-18 17:52 294 --ahs---- C:\WINDOWS\system32\hqyboful.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-05 22:45 --------- d-----w C:\Program Files\Enigma Software Group
2008-08-05 16:37 --------- d-----w C:\Program Files\Java
2008-08-05 15:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-05 15:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-02 00:57 --------- d-----w C:\Program Files\Dl_cats
2008-07-06 21:49 1,619,229 --sha-w C:\WINDOWS\system32\qastrnxf.tmp
2008-07-05 21:48 1,704,055 --sha-w C:\WINDOWS\system32\nlevvrdt.tmp
2008-07-04 21:47 1,711,832 --sha-w C:\WINDOWS\system32\dhsctxxd.tmp
2008-07-03 09:04 1,712,716 --sha-w C:\WINDOWS\system32\oygsvjvf.tmp
2008-07-02 07:36 --------- d-----w C:\Documents and Settings\Carolyn V Craig\Application Data\InstallShield
2008-06-30 04:56 --------- d-----w C:\Program Files\McAfee
2008-06-30 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-30 02:48 --------- d-----w C:\Program Files\Common Files\McAfee
2008-06-30 02:47 --------- d-----w C:\Program Files\McAfee.com
2008-06-29 07:44 1,733,692 --sha-w C:\WINDOWS\system32\hkmmvwmg.tmp
2008-06-28 18:46 --------- d-----w C:\Program Files\Arcade and Puzzle Games
2008-06-26 06:20 1,639,690 --sha-w C:\WINDOWS\system32\ifqonxcv.tmp
2008-06-25 05:36 1,696,260 --sha-w C:\WINDOWS\system32\edilienf.tmp
2008-06-24 03:32 --------- d-----w C:\Program Files\Common Files\mmrm
2008-06-24 03:22 --------- d-----w C:\Program Files\Ascentive
2008-06-24 03:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 06:08 1,668,869 --sha-w C:\WINDOWS\system32\sqpcxpxu.tmp
2008-06-19 05:39 1,634,631 --sha-w C:\WINDOWS\system32\tljqrofy.tmp
2008-06-19 05:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ascentive
2008-06-18 05:35 --------- d-----w C:\Documents and Settings\Carolyn V Craig\Application Data\U3
2008-06-15 04:58 1,659,721 --sha-w C:\WINDOWS\system32\gveibalm.tmp
2008-06-15 01:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\U3
2008-06-14 21:46 1,659,679 --sha-w C:\WINDOWS\system32\rqqcnkfn.tmp
2008-06-13 08:26 1,635,294 --sha-w C:\WINDOWS\system32\nuykvxnj.tmp
2008-05-10 04:47 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-02-11 02:07 190 ----a-w C:\Documents and Settings\Carolyn V Craig\Application Data\wklnhst.dat
2007-08-15 20:00 0 ----a-w C:\Documents and Settings\Ralph Craig\Application Data\wklnhst.dat
2007-05-27 19:54 88 --sh--r C:\WINDOWS\system32\159902C359.sys
2008-04-20 19:43 56 --sh--r C:\WINDOWS\system32\59C3029915.sys
2008-04-20 19:46 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-08_17.42.14.52 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-08 22:50:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-10 20:03:04 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-08 22:50:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-10 20:03:04 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 23:50 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 12:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 18:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 18:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 18:50 114688]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 01:12 94208]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 03:20 122940]
"DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-09-13 22:51 73728]
"dlcdmon.exe"="C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-10-07 01:01 430080]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 944\memcard.exe" [2005-09-06 22:37 290816]
"KEMailKb"="C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE" [2005-08-09 01:27 401408]
"KPDrv4XP"="C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE" [2005-02-21 04:15 40960]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-16 12:23 98304]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 10:07 496752]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-09 21:47 185896]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-30 21:26 810576]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-16 12:20:06 24576]
LaunchU3.exe.lnk - C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2008-06-14 18:29:18 22486]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 23:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R3 dlcd_device;dlcd_device;C:\WINDOWS\system32\dlcdcoms.exe [2005-10-27 21:41]
S3 Winacusb;Winacusb;C:\WINDOWS\system32\DRIVERS\winacusb.sys [2004-07-14 12:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-10 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-10 15:40:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCDCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-10 15:42:35
ComboFix-quarantined-files.txt 2008-08-10 22:42:27
ComboFix2.txt 2008-08-09 00:42:58

Pre-Run: 86,493,949,952 bytes free
Post-Run: 86,477,463,552 bytes free

163 --- E O F --- 2008-08-10 10:00:53
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10:33, on 8/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
O4 - HKLM\..\Run: [KPDrv4XP] C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} - http://aolsvc.aol.com/onlinegames/free-tri...mesLauncher.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://roxypalace.microgaming.com/freeplay/FlashAX.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 8300 bytes

Doesn't look like combofix removed anything. I created the script as you indicated. What next?

Daimeion

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:39 PM

Posted 12 August 2008 - 02:34 AM

Hello,

Go offline and disable everything you have for protection and try it again, please. Of course, re enable it before you come back online to post the report. :thumbsup:

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 Daimeion

Daimeion
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 12 August 2008 - 01:50 PM

I had to uninstall and re-install combofix, then it worked. Here's the log (still a few left I think):

ComboFix 08-08-11.01 - Carolyn V Craig 2008-08-12 11:22:31.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.598 [GMT -7:00]
Running from: C:\Documents and Settings\Carolyn V Craig\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Carolyn V Craig\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\Common Files\mmrm
C:\WINDOWS\system32\bfivjgqt.tmp
C:\WINDOWS\system32\dhsctxxd.tmp
C:\WINDOWS\system32\edilienf.tmp
C:\WINDOWS\system32\gveibalm.tmp
C:\WINDOWS\system32\hkmmvwmg.tmp
C:\WINDOWS\system32\hnodidxs.tmp
C:\WINDOWS\system32\hqyboful.ini
C:\WINDOWS\system32\ifqonxcv.tmp
C:\WINDOWS\system32\nlevvrdt.tmp
C:\WINDOWS\system32\nuykvxnj.tmp
C:\WINDOWS\system32\oygsvjvf.tmp
C:\WINDOWS\system32\qastrnxf.tmp
C:\WINDOWS\system32\rqqcnkfn.tmp
C:\WINDOWS\system32\tebgsdah.tmp
C:\WINDOWS\system32\uaasshpy.exe
C:\WINDOWS\system32\vovwihtv.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bfivjgqt.tmp
C:\WINDOWS\system32\dhsctxxd.tmp
C:\WINDOWS\system32\edilienf.tmp
C:\WINDOWS\system32\gveibalm.tmp
C:\WINDOWS\system32\hkmmvwmg.tmp
C:\WINDOWS\system32\hnodidxs.tmp
C:\WINDOWS\system32\hqyboful.ini
C:\WINDOWS\system32\ifqonxcv.tmp
C:\WINDOWS\system32\nlevvrdt.tmp
C:\WINDOWS\system32\nuykvxnj.tmp
C:\WINDOWS\system32\oygsvjvf.tmp
C:\WINDOWS\system32\qastrnxf.tmp
C:\WINDOWS\system32\rqqcnkfn.tmp
C:\WINDOWS\system32\tebgsdah.tmp
C:\WINDOWS\system32\vovwihtv.tmp

.
((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.

2008-08-07 13:43 . 2008-08-07 13:44 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-08-07 13:37 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-07 13:37 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-05 09:46 . 2008-08-05 09:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-05 09:37 . 2008-08-05 09:37 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-05 09:37 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-05 08:46 . 2008-08-05 08:46 4,116 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-04 16:39 . 2008-08-04 16:39 <DIR> d-------- C:\Program Files\Windows Defender
2008-08-04 16:22 . 2008-08-06 17:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-04 16:22 . 2008-08-06 17:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-04 15:09 . 2008-08-04 15:09 <DIR> d-------- C:\Documents and Settings\Carolyn V Craig\Application Data\Malwarebytes
2008-08-04 15:09 . 2008-08-04 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 16:37 --------- d-----w C:\Program Files\Dl_cats
2008-08-05 22:45 --------- d-----w C:\Program Files\Enigma Software Group
2008-08-05 16:37 --------- d-----w C:\Program Files\Java
2008-08-05 15:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-05 15:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-02 07:36 --------- d-----w C:\Documents and Settings\Carolyn V Craig\Application Data\InstallShield
2008-06-30 04:56 --------- d-----w C:\Program Files\McAfee
2008-06-30 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-30 02:48 --------- d-----w C:\Program Files\Common Files\McAfee
2008-06-30 02:47 --------- d-----w C:\Program Files\McAfee.com
2008-06-28 18:46 --------- d-----w C:\Program Files\Arcade and Puzzle Games
2008-06-24 03:32 --------- d-----w C:\Program Files\Common Files\mmrm
2008-06-24 03:22 --------- d-----w C:\Program Files\Ascentive
2008-06-24 03:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 06:08 1,668,869 --sha-w C:\WINDOWS\system32\sqpcxpxu.tmp
2008-06-19 05:39 1,634,631 --sha-w C:\WINDOWS\system32\tljqrofy.tmp
2008-06-19 05:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ascentive
2008-06-18 05:35 --------- d-----w C:\Documents and Settings\Carolyn V Craig\Application Data\U3
2008-06-15 01:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\U3
2008-02-11 02:07 190 ----a-w C:\Documents and Settings\Carolyn V Craig\Application Data\wklnhst.dat
2007-08-15 20:00 0 ----a-w C:\Documents and Settings\Ralph Craig\Application Data\wklnhst.dat
2007-05-27 19:54 88 --sh--r C:\WINDOWS\system32\159902C359.sys
2008-04-20 19:43 56 --sh--r C:\WINDOWS\system32\59C3029915.sys
2008-04-20 19:46 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 23:50 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 12:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 18:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 18:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 18:50 114688]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 01:12 94208]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 03:20 122940]
"DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-09-13 22:51 73728]
"dlcdmon.exe"="C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-10-07 01:01 430080]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 944\memcard.exe" [2005-09-06 22:37 290816]
"KEMailKb"="C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE" [2005-08-09 01:27 401408]
"KPDrv4XP"="C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE" [2005-02-21 04:15 40960]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-16 12:23 98304]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 10:07 496752]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-09 21:47 185896]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-16 12:20:06 24576]
LaunchU3.exe.lnk - C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2008-06-14 18:29:18 22486]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 23:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R3 dlcd_device;dlcd_device;C:\WINDOWS\system32\dlcdcoms.exe [2005-10-27 21:41]
S3 Winacusb;Winacusb;C:\WINDOWS\system32\DRIVERS\winacusb.sys [2004-07-14 12:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-12 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 11:24:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCDCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-12 11:24:54
ComboFix-quarantined-files.txt 2008-08-12 18:24:41
ComboFix2.txt 2008-08-12 17:07:15
ComboFix3.txt 2008-08-12 15:12:00

Pre-Run: 86,677,483,520 bytes free
Post-Run: 86,659,821,568 bytes free

173 --- E O F --- 2008-08-12 10:01:49

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:07, on 8/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
O4 - HKLM\..\Run: [KPDrv4XP] C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} - http://aolsvc.aol.com/onlinegames/free-tri...mesLauncher.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://roxypalace.microgaming.com/freeplay/FlashAX.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 8123 bytes

Thanks again,

Daimeion

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:39 PM

Posted 13 August 2008 - 11:17 PM

Hello,

You're welcome. :thumbsup:

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

File::
C:\WINDOWS\system32\sqpcxpxu.tmp
C:\WINDOWS\system32\tljqrofy.tmp


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

How is it running now please? :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 Daimeion

Daimeion
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 14 August 2008 - 01:17 PM

It's working much better, and looking cleaner i the logs too! Here you go:

ComboFix 08-08-11.01 - Carolyn V Craig 2008-08-14 10:48:00.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.613 [GMT -7:00]
Running from: C:\Documents and Settings\Carolyn V Craig\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Carolyn V Craig\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\sqpcxpxu.tmp
C:\WINDOWS\system32\tljqrofy.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\sqpcxpxu.tmp
C:\WINDOWS\system32\tljqrofy.tmp

.
((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))
.

2008-08-13 12:55 . 2008-05-01 07:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-07 13:43 . 2008-08-14 03:02 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-07 13:37 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-07 13:37 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-05 09:46 . 2008-08-05 09:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-05 09:37 . 2008-08-05 09:37 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-05 09:37 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-05 08:46 . 2008-08-05 08:46 4,116 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-04 16:39 . 2008-08-04 16:39 <DIR> d-------- C:\Program Files\Windows Defender
2008-08-04 16:22 . 2008-08-06 17:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-04 16:22 . 2008-08-06 17:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-04 15:09 . 2008-08-04 15:09 <DIR> d-------- C:\Documents and Settings\Carolyn V Craig\Application Data\Malwarebytes
2008-08-04 15:09 . 2008-08-04 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 16:37 --------- d-----w C:\Program Files\Dl_cats
2008-08-05 22:45 --------- d-----w C:\Program Files\Enigma Software Group
2008-08-05 16:37 --------- d-----w C:\Program Files\Java
2008-08-05 15:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-05 15:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-07-02 07:36 --------- d-----w C:\Documents and Settings\Carolyn V Craig\Application Data\InstallShield
2008-06-30 04:56 --------- d-----w C:\Program Files\McAfee
2008-06-30 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-30 02:48 --------- d-----w C:\Program Files\Common Files\McAfee
2008-06-30 02:47 --------- d-----w C:\Program Files\McAfee.com
2008-06-28 18:46 --------- d-----w C:\Program Files\Arcade and Puzzle Games
2008-06-24 17:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 03:32 --------- d-----w C:\Program Files\Common Files\mmrm
2008-06-24 03:22 --------- d-----w C:\Program Files\Ascentive
2008-06-24 03:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-19 05:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ascentive
2008-06-18 05:35 --------- d-----w C:\Documents and Settings\Carolyn V Craig\Application Data\U3
2008-06-15 01:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\U3
2008-02-11 02:07 190 ----a-w C:\Documents and Settings\Carolyn V Craig\Application Data\wklnhst.dat
2007-08-15 20:00 0 ----a-w C:\Documents and Settings\Ralph Craig\Application Data\wklnhst.dat
2007-05-27 19:54 88 --sh--r C:\WINDOWS\system32\159902C359.sys
2008-04-20 19:43 56 --sh--r C:\WINDOWS\system32\59C3029915.sys
2008-04-20 19:46 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-12_10.06.52.74 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-07 20:06:43 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:23:18 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-06-24 16:28:00 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:10 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-04-23 04:16:28 124,928 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll
+ 2008-04-23 04:16:28 347,136 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll
+ 2008-04-23 04:16:28 214,528 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll
+ 2008-04-23 04:16:28 133,120 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll
+ 2008-04-23 04:16:28 63,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll
+ 2008-04-22 07:39:58 70,656 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe
+ 2008-04-23 04:16:28 153,088 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll
+ 2008-04-23 04:16:28 230,400 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll
+ 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll
+ 2008-04-23 04:16:28 383,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll
+ 2008-04-23 04:16:28 384,512 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll
+ 2008-04-23 04:16:28 6,066,176 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll
+ 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll
+ 2008-04-23 04:16:28 267,776 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll
+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe
+ 2008-04-22 07:40:18 625,664 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
+ 2008-04-23 04:16:28 27,648 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll
+ 2008-04-23 04:16:28 459,264 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll
+ 2008-04-23 04:16:28 52,224 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll
+ 2008-04-24 05:16:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll
+ 2008-04-23 04:16:28 478,208 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll
+ 2008-04-23 04:16:28 193,024 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll
+ 2008-04-23 04:16:28 671,232 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll
+ 2008-04-23 04:16:28 102,912 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll
+ 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll
+ 2008-04-23 04:16:28 105,984 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll
+ 2008-04-23 04:16:29 1,159,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll
+ 2008-04-23 04:16:29 233,472 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll
+ 2008-04-23 04:16:29 826,368 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
- 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-06-23 16:57:27 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-08-12 14:43:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-14 13:52:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-12 14:43:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-14 13:52:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-23 04:16:28 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-06-23 16:57:27 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-06-23 16:57:27 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-06-23 16:57:27 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-06-23 16:57:27 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-04-23 04:16:28 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-06-23 16:57:28 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-04-23 04:16:28 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-06-23 16:57:29 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-04-23 04:16:28 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-06-23 16:57:29 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-04-23 04:16:28 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-06-23 16:57:29 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-06-23 16:57:29 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-04-23 04:16:28 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-06-23 16:57:33 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-04-23 04:16:28 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-06-23 16:57:33 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-04-23 04:16:28 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-06-23 16:57:34 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-08-21 06:15:44 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-23 16:57:35 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-04-23 04:16:28 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-06-23 16:57:36 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-04-23 04:16:28 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-06-23 16:57:36 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-06-23 16:57:39 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-06-23 16:57:39 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-06-23 16:57:40 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-04-23 04:16:28 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-06-23 16:57:40 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-04-23 04:16:28 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-06-23 16:57:40 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
- 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-04-23 04:16:29 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-06-23 16:57:41 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-06-23 16:57:41 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-06-23 16:57:27 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-06-23 16:57:27 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-06-23 16:57:27 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-06-23 16:57:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-06-23 09:20:25 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-06-23 16:57:29 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-06-23 16:57:29 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-06-21 05:23:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-06-23 16:57:29 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-06-23 16:57:29 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-06-23 16:57:33 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-06-23 16:57:33 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-06-23 16:57:34 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2008-08-08 14:13:06 214,403 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-08-14 10:10:17 214,405 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
- 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-06-23 16:57:35 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-08-05 18:11:01 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-06-23 16:57:36 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-06-23 16:57:36 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-04-24 05:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-06-24 17:57:40 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-06-23 16:57:39 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-06-23 16:57:39 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-06-23 16:57:40 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-06-23 16:57:40 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2007-11-13 11:31:11 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ----a-w C:\WINDOWS\system32\tzchange.exe
- 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-06-23 16:57:41 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-06-23 16:57:41 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 23:50 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 12:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 18:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 18:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 18:50 114688]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 01:12 94208]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 03:20 122940]
"DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-09-13 22:51 73728]
"dlcdmon.exe"="C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-10-07 01:01 430080]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 944\memcard.exe" [2005-09-06 22:37 290816]
"KEMailKb"="C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE" [2005-08-09 01:27 401408]
"KPDrv4XP"="C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE" [2005-02-21 04:15 40960]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-16 12:23 98304]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 10:07 496752]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-09 21:47 185896]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-16 12:20:06 24576]
LaunchU3.exe.lnk - C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2008-06-14 18:29:18 22486]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 23:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R3 dlcd_device;dlcd_device;C:\WINDOWS\system32\dlcdcoms.exe [2005-10-27 21:41]
S3 Winacusb;Winacusb;C:\WINDOWS\system32\DRIVERS\winacusb.sys [2004-07-14 12:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-14 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 10:50:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCDCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-14 10:51:52
ComboFix-quarantined-files.txt 2008-08-14 17:51:41
ComboFix2.txt 2008-08-12 18:24:55
ComboFix3.txt 2008-08-12 17:07:15
ComboFix4.txt 2008-08-12 15:12:00

Pre-Run: 86,342,397,952 bytes free
Post-Run: 86,325,338,112 bytes free

336 --- E O F --- 2008-08-14 10:02:46


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:44, on 8/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
O4 - HKLM\..\Run: [KPDrv4XP] C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} - http://aolsvc.aol.com/onlinegames/free-tri...mesLauncher.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://roxypalace.microgaming.com/freeplay/FlashAX.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 8165 bytes


Thanks so much!

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:39 PM

Posted 14 August 2008 - 01:35 PM

Hello,

You're welcome. :)

Those look really good! :thumbsup: Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

If there are no further problems:

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

It is very important to maintain your Firewall.
A tutorial on understanding and using firewalls may be found here.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 Daimeion

Daimeion
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 14 August 2008 - 03:47 PM

Thanks Teacup!

Donation is on its way!

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:39 PM

Posted 15 August 2008 - 10:37 PM

Thank you. :thumbsup: Glad I could help.

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:39 PM

Posted 11 September 2008 - 05:17 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users