Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log - Please Help


  • Please log in to reply
15 replies to this topic

#1 uoneluckybug

uoneluckybug

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 01 July 2007 - 04:43 PM

Hi, I have followed all of the steps in the hijackthis log and I still have a problem. When I open Internet explorer and search for a certain thing, it will redirected me to a different website. Some of the websites include...wwww.yahabags.com and www.btcar.com. I also get Security alerts that pop up from time to time. But the most pressing issue is the redirection of my internet browser. I have dowlonaded adware, spybot, mcafee internet security suite and all windows updates. It is still not fixed. Please help. Below is the logfile from hijack this. Can you please tell me how to remove this virus or malware or whatever it is that has control of my computer? Thank you in advance.


Logfile of HijackThis v1.99.1
Scan saved at 5:36:51 PM, on 7/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ie7\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {22E2DD49-81FF-4944-BA3F-59ACDCFC3BEe} - C:\WINDOWS\system32\xrdnwwni.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: (no name) - {CDE8EAB9-CEF3-4885-B12F-26960A25C800} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: CIEPl Object - {F3727275-224F-4AB0-8642-7D461EFB82D8} - C:\WINDOWS\system32\hhjtd.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\rqeegsxu.dll",setvm
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Matt\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Matt\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Matt\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Matt\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: hhjtd - C:\WINDOWS\SYSTEM32\hhjtd.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: med - C:\WINDOWS\SYSTEM32\med.dll
O20 - Winlogon Notify: ombnq - C:\WINDOWS\SYSTEM32\ombnq.dll
O20 - Winlogon Notify: pekhe - C:\WINDOWS\SYSTEM32\pekhe.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 01 July 2007 - 05:57 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum uoneluckybug :thumbsup:

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
This will change from what we know in 2006 read this article:
http://www.clickz.com/news/article.php/3561546

You are well advised to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:

Viewpoint
Viewpoint Manager
Viewpoint Media Player


Then restart your pc.

**************************

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Post the contents of C:\vundofix.txt into your next reply.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

**************************

Please download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.


**************************

Download SmitfraudFix (by S!Ri), to your desktop.
Double click on Smitfraudfix.cmd
Select option 1 Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy and paste the content of that report into your next reply.

*IMPORTANT*
Do NOT run any other options until you are asked to do so!

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 uoneluckybug

uoneluckybug
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 02 July 2007 - 08:07 AM

Thank you for taking time to reply. I followed all of the steps you suggested. Below are the logs... just as I opened internet explorer and entered the bleepingcomputer.com website, a pop-up appeared with a security alert. I guess that means my computer is still infected. ANy other help you can provide would be greatly appreciated. Thank you.


***********************************************

VundoFix V6.5.4

Checking Java version...

Sun Java not detected
Scan started at 8:11:16 AM 7/2/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...


***********************************************
"Kristina" - 2007-07-02 8:20:26 - ComboFix 07-07-02.5 - Service Pack 2


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\med.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\144.exe
C:\WINDOWS\1800.exe
C:\WINDOWS\1861.exe
C:\WINDOWS\system32\drivers\fad.sys


((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 )))))))))))))))))))))))))))))))


2007-07-02 08:17 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-07-02 08:11 <DIR> d-------- C:\VundoFix Backups
2007-07-02 07:59 259,604 --a------ C:\WINDOWS\SYSTEM32\nshiuxdx.dll
2007-07-02 07:59 124,948 --a------ C:\WINDOWS\SYSTEM32\xwisxsby.dll
2007-07-02 07:41 124,948 --a------ C:\WINDOWS\SYSTEM32\gnxiouaj.dll
2007-07-01 18:05 259,604 --a------ C:\WINDOWS\SYSTEM32\cafotlwo.dll
2007-07-01 18:05 124,948 --a------ C:\WINDOWS\SYSTEM32\tabwjpqn.dll
2007-07-01 17:38 259,604 --a------ C:\WINDOWS\SYSTEM32\vyvsbysf.dll
2007-07-01 17:38 124,948 --a------ C:\WINDOWS\SYSTEM32\hmacpxek.dll
2007-07-01 17:24 259,604 --a------ C:\WINDOWS\SYSTEM32\rqeegsxu.dll
2007-07-01 17:22 124,948 --a------ C:\WINDOWS\SYSTEM32\xrdnwwni.dll
2007-07-01 15:33 124,948 --a------ C:\WINDOWS\SYSTEM32\ccvnxgqb.dll
2007-06-30 20:49 259,604 --a------ C:\WINDOWS\SYSTEM32\khpnkobk.dll
2007-06-30 20:49 124,948 --a------ C:\WINDOWS\SYSTEM32\yotpskfb.dll
2007-06-29 20:51 124,948 --a------ C:\WINDOWS\SYSTEM32\lrevrygi.dll
2007-06-29 18:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-29 14:02 124,948 --a------ C:\WINDOWS\SYSTEM32\piekyrgk.dll
2007-06-29 09:32 259,604 --a------ C:\WINDOWS\SYSTEM32\okgogldg.dll
2007-06-29 09:32 124,948 --a------ C:\WINDOWS\SYSTEM32\annnufkn.dll
2007-06-28 09:31 124,948 --a------ C:\WINDOWS\SYSTEM32\emgdejwl.dll
2007-06-28 09:06 259,604 --a------ C:\WINDOWS\SYSTEM32\eixxmcpd.dll
2007-06-28 09:05 124,948 --a------ C:\WINDOWS\SYSTEM32\cococxxn.dll
2007-06-28 08:04 259,604 --a------ C:\WINDOWS\SYSTEM32\dgmmswml.dll
2007-06-28 08:02 124,948 --a------ C:\WINDOWS\SYSTEM32\qmdsictv.dll
2007-06-27 19:56 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-27 19:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-27 19:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-27 19:52 124,948 --a------ C:\WINDOWS\SYSTEM32\dmmgwxiu.dll
2007-06-27 19:45 260,628 --a------ C:\WINDOWS\SYSTEM32\hvtubxhh.dll
2007-06-27 19:45 124,948 --a------ C:\WINDOWS\SYSTEM32\ehmujhdh.dll
2007-06-27 18:16 124,948 --a------ C:\WINDOWS\SYSTEM32\upwicdwj.dll
2007-06-27 18:14 260,628 --a------ C:\WINDOWS\SYSTEM32\ckjjwfsu.dll
2007-06-27 14:16 124,948 --a------ C:\WINDOWS\SYSTEM32\shyrfbra.dll
2007-06-27 13:19 124,948 --a------ C:\WINDOWS\SYSTEM32\dntiohrm.dll
2007-06-27 10:10 978,413 --a------ C:\WINDOWS\SYSTEM32\pekhe.dll
2007-06-27 06:56 <DIR> d-------- C:\DOCUME~1\Kristina\APPLIC~1\RegSweep
2007-06-27 06:09 124,948 --a------ C:\WINDOWS\SYSTEM32\jlslgaiq.dll
2007-06-27 05:47 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-27 05:32 260,628 --a------ C:\WINDOWS\SYSTEM32\mtjkgjyc.dll
2007-06-27 05:32 124,948 --a------ C:\WINDOWS\SYSTEM32\xbnvdvsq.dll
2007-06-27 05:24 <DIR> d-------- C:\Program Files\msn gaming zone
2007-06-27 05:22 <DIR> d-------- C:\WINDOWS\Prefetch
2007-06-26 09:25 <DIR> d-------- C:\Program Files\messenger
2007-06-26 09:24 <DIR> d-------- C:\WINDOWS\provisioning
2007-06-26 09:24 <DIR> d-------- C:\WINDOWS\peernet
2007-06-26 09:16 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-06-26 08:58 <DIR> d-------- C:\WINDOWS\EHome
2007-06-26 08:39 124,948 --a------ C:\WINDOWS\SYSTEM32\qrcgjate.dll
2007-06-26 08:20 260,628 --a------ C:\WINDOWS\SYSTEM32\lvwnpiko.dll
2007-06-26 08:20 124,948 --a------ C:\WINDOWS\SYSTEM32\wcrrcyyv.dll
2007-06-25 09:29 614,912 --a------ C:\WINDOWS\SYSTEM32\h323msp.dll
2007-06-25 09:29 39,936 --a------ C:\WINDOWS\SYSTEM32\mf3216.dll
2007-06-25 09:29 331,264 --a------ C:\WINDOWS\SYSTEM32\ipnathlp.dll
2007-06-25 08:57 124,948 --a------ C:\WINDOWS\SYSTEM32\sqvkvdrj.dll
2007-06-24 16:13 9,510 --ahs---- C:\WINDOWS\SYSTEM32\ospcont.dat
2007-06-24 08:57 124,948 --a------ C:\WINDOWS\SYSTEM32\hxekgukw.dll
2007-06-24 08:47 978,413 --a------ C:\WINDOWS\SYSTEM32\hhjtd.dll
2007-06-24 08:27 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-06-24 08:26 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-06-24 08:26 <DIR> d-------- C:\DOCUME~1\Kristina\APPLIC~1\SiteAdvisor
2007-06-24 08:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-06-24 08:20 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-06-24 08:17 109,608 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-06-24 08:13 <DIR> d-------- C:\Program Files\McAfee.com
2007-06-24 08:12 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-06-24 08:11 <DIR> d-------- C:\Program Files\McAfee
2007-06-24 07:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-06-24 07:23 1,082,368 --a------ C:\WINDOWS\SYSTEM32\esent.dll
2007-06-24 07:03 <DIR> d-------- C:\WINDOWS\5DF3D1BB894E4DCD8275159AC9829B43.TMP
2007-06-24 06:58 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-06-24 06:49 260,628 --a------ C:\WINDOWS\SYSTEM32\gmbeubbk.dll
2007-06-24 06:49 124,948 --a------ C:\WINDOWS\SYSTEM32\hpkfiwng.dll
2007-06-23 20:41 124,948 --a------ C:\WINDOWS\SYSTEM32\bbkdiiqk.dll
2007-06-23 08:45 8,192 --------- C:\WINDOWS\SYSTEM32\bitsprx2.dll
2007-06-23 08:45 7,168 --------- C:\WINDOWS\SYSTEM32\bitsprx3.dll
2007-06-23 08:45 351,232 --a------ C:\WINDOWS\SYSTEM32\winhttp.dll
2007-06-23 08:45 18,944 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll
2007-06-23 08:28 124,948 --a------ C:\WINDOWS\SYSTEM32\ycbyeuxo.dll
2007-06-22 14:08 124,948 --a------ C:\WINDOWS\SYSTEM32\qniuiiwk.dll
2007-06-22 13:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-22 12:14 124,948 --a------ C:\WINDOWS\SYSTEM32\uhtfvbeh.dll
2007-06-22 09:55 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-06-22 09:16 <DIR> d-------- C:\WINDOWS\pss
2007-06-21 20:56 124,948 --a------ C:\WINDOWS\SYSTEM32\fpoqtwed.dll
2007-06-20 20:55 978,413 --a------ C:\WINDOWS\SYSTEM32\ombnq.dll
2007-06-20 20:55 124,948 --a------ C:\WINDOWS\SYSTEM32\yjbioqfa.dll
2007-06-18 15:56 2,362 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-06-18 14:08 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AWRTPD.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-02 13:35:36 124,948 ----a-w C:\WINDOWS\system32\laadapts.dll
2007-07-02 13:35:26 259,604 ----a-w C:\WINDOWS\system32\hnskpknp.dll
2007-07-02 12:51:05 -------- d-----w C:\Program Files\Viewpoint
2007-06-26 14:24:33 -------- d-----w C:\Program Files\Movie Maker
2007-06-26 14:14:23 -------- d-----w C:\Program Files\Windows NT
2007-06-01 13:34:05 -------- d-----w C:\Program Files\Paint Shop Pro
2007-05-23 22:37:29 -------- d--h--w C:\Program Files\WindowsUpdate
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 03:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 20:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
2007-03-30 10:41 1099304 --a------ C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22E2DD49-81FF-4944-BA3F-59ACDCFC3BEe}]
2007-07-02 08:35 124948 --a------ C:\WINDOWS\system32\laadapts.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3727275-224F-4AB0-8642-7D461EFB82D8}]
2007-06-24 08:47 978413 --a------ C:\WINDOWS\system32\hhjtd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"POINTER"="point32.exe" []
"QAGENT"="C:\Program Files\QUICKENW\QAGENT.EXE" [2001-08-01 13:30]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 19:58]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 16:30]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-03-30 10:42]
"DllRunning"="C:\WINDOWS\system32\hnskpknp.dll" [2007-07-02 08:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hhjtd]
hhjtd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ombnq]
ombnq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pekhe]
pekhe.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]


Contents of the 'Scheduled Tasks' folder
2004-07-07 03:36:35 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1089171303.job
2007-06-24 13:15:21 C:\WINDOWS\tasks\McDefragTask.job
2007-07-01 06:00:00 C:\WINDOWS\tasks\McQcTask.job
2007-07-02 08:30:00 C:\WINDOWS\tasks\RegSweep Scheduled Scan.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-02 08:32:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\hnskpknp.dll

scan completed successfully
hidden files: 1

**************************************************************************

Completion time: 2007-07-02 8:41:28 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-02 08:39

--- E O F ---



**********************************************
SMitfraudfix Log:

SmitFraudFix v2.197

Scan done at 8:57:42.98, Mon 07/02/2007
Run from C:\Documents and Settings\Kristina\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\ie7\iexplore.exe
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\Documents and Settings\Kristina


C:\Documents and Settings\Kristina\Application Data


Start Menu


C:\DOCUME~1\Kristina\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Rustock



DNS

Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 68.87.77.130
DNS Server Search Order: 68.87.72.130

Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 172.16.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{49E2CA42-D49E-4D9A-94C5-F690A4A8AE5D}: DhcpNameServer=68.87.77.130 68.87.72.130
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C70336E7-F036-4021-9516-D488F8539FA9}: DhcpNameServer=172.16.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{49E2CA42-D49E-4D9A-94C5-F690A4A8AE5D}: DhcpNameServer=172.16.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{62CC315F-40DB-4785-A48F-8F9C5D73482B}: DhcpNameServer=172.16.0.1


Scanning for wininet.dll infection


End

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 02 July 2007 - 08:39 AM

Copy and paste ALL the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: ComboFix-Do.txt to your desktop.

File::
C:\WINDOWS\SYSTEM32\nshiuxdx.dll
C:\WINDOWS\SYSTEM32\xwisxsby.dll
C:\WINDOWS\SYSTEM32\gnxiouaj.dll
C:\WINDOWS\SYSTEM32\cafotlwo.dll
C:\WINDOWS\SYSTEM32\tabwjpqn.dll
C:\WINDOWS\SYSTEM32\vyvsbysf.dll
C:\WINDOWS\SYSTEM32\hmacpxek.dll
C:\WINDOWS\SYSTEM32\rqeegsxu.dll
C:\WINDOWS\SYSTEM32\xrdnwwni.dll
C:\WINDOWS\SYSTEM32\ccvnxgqb.dll
C:\WINDOWS\SYSTEM32\khpnkobk.dll
C:\WINDOWS\SYSTEM32\yotpskfb.dll
C:\WINDOWS\SYSTEM32\lrevrygi.dll
C:\WINDOWS\SYSTEM32\piekyrgk.dll
C:\WINDOWS\SYSTEM32\okgogldg.dll
C:\WINDOWS\SYSTEM32\annnufkn.dll
C:\WINDOWS\SYSTEM32\emgdejwl.dll
C:\WINDOWS\SYSTEM32\eixxmcpd.dll
C:\WINDOWS\SYSTEM32\cococxxn.dll
C:\WINDOWS\SYSTEM32\dgmmswml.dll
C:\WINDOWS\SYSTEM32\qmdsictv.dll
C:\WINDOWS\SYSTEM32\dmmgwxiu.dll
C:\WINDOWS\SYSTEM32\hvtubxhh.dll
C:\WINDOWS\SYSTEM32\ehmujhdh.dll
C:\WINDOWS\SYSTEM32\upwicdwj.dll
C:\WINDOWS\SYSTEM32\ckjjwfsu.dll
C:\WINDOWS\SYSTEM32\shyrfbra.dll
C:\WINDOWS\SYSTEM32\dntiohrm.dll
C:\WINDOWS\SYSTEM32\pekhe.dll
C:\WINDOWS\SYSTEM32\jlslgaiq.dll
C:\WINDOWS\SYSTEM32\mtjkgjyc.dll
C:\WINDOWS\SYSTEM32\xbnvdvsq.dll
C:\WINDOWS\SYSTEM32\qrcgjate.dll
C:\WINDOWS\SYSTEM32\lvwnpiko.dll
C:\WINDOWS\SYSTEM32\wcrrcyyv.dll
C:\WINDOWS\SYSTEM32\h323msp.dll
C:\WINDOWS\SYSTEM32\mf3216.dll
C:\WINDOWS\SYSTEM32\ipnathlp.dll
C:\WINDOWS\SYSTEM32\sqvkvdrj.dll
C:\WINDOWS\SYSTEM32\ospcont.dat
C:\WINDOWS\SYSTEM32\hxekgukw.dll
C:\WINDOWS\SYSTEM32\hhjtd.dll
C:\WINDOWS\SYSTEM32\gmbeubbk.dll
C:\WINDOWS\SYSTEM32\hpkfiwng.dll
C:\WINDOWS\SYSTEM32\bbkdiiqk.dll
C:\WINDOWS\SYSTEM32\ycbyeuxo.dll
C:\WINDOWS\SYSTEM32\qniuiiwk.dll
C:\WINDOWS\SYSTEM32\uhtfvbeh.dll
C:\WINDOWS\SYSTEM32\fpoqtwed.dll
C:\WINDOWS\SYSTEM32\ombnq.dll
C:\WINDOWS\SYSTEM32\yjbioqfa.dll
C:\WINDOWS\system32\laadapts.dll
C:\WINDOWS\system32\hnskpknp.dll

Folder::
C:\Program Files\Viewpoint

Now drag then drop the ComboFix-Do.txt file onto ComboFix.exe as you see in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.
Posted Image
Posted Image

#5 uoneluckybug

uoneluckybug
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 02 July 2007 - 05:36 PM

Hi, I am attaching the recent text log from combofix below. The good news is that yahoo is again my default home page (for awhile google.com would come up as the default) but I am still being redirected to other websites and can't get to the websites I want. Some of the redirected ones are : yahabags.com, bonus.com, btcar.com, http://201.218.196.153/click.php?c2319, and homepoeple.info/search.

Thank you for your help.







"Kristina" - 2007-07-02 17:54:56 - ComboFix 07-07-02.5 - Service Pack 2
Command switches used :: C:\Documents and Settings\Kristina\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_03000C09.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\BlueStreak.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts2Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents\VMPAudio_Win.mtj
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents\VMPVideo_Win.mtj
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MTSDownloadSites.txt
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewClassID.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-1725869827.MTZ
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-1725871275.SWF
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-1756920320.MTZ
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-1912772586.SWF
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-1912774574.MTZ
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-298658914.MTZ
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\1989748647.mtx
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\256913900.SWF
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\382884542.MTZ
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\86880139.MTZ
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-1646963688.SWF
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-1850494714.MTZ
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-298155108.MTZ
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-430746590.MTZ
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1382042067.SWF
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1874612289.MTZ
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\98843002.MTZ
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-1716011516.MTZ
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\518054506.fdg
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\518054506.mtx
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\985292955.SWF
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-1275753317.SWF
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-1725869838.MTS
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-1912774567.MTS
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini
C:\WINDOWS\SYSTEM32\annnufkn.dll
C:\WINDOWS\SYSTEM32\bbkdiiqk.dll
C:\WINDOWS\SYSTEM32\cafotlwo.dll
C:\WINDOWS\SYSTEM32\ccvnxgqb.dll
C:\WINDOWS\SYSTEM32\ckjjwfsu.dll
C:\WINDOWS\SYSTEM32\cococxxn.dll
C:\WINDOWS\SYSTEM32\dgmmswml.dll
C:\WINDOWS\SYSTEM32\dmmgwxiu.dll
C:\WINDOWS\SYSTEM32\dntiohrm.dll
C:\WINDOWS\SYSTEM32\ehmujhdh.dll
C:\WINDOWS\SYSTEM32\eixxmcpd.dll
C:\WINDOWS\SYSTEM32\emgdejwl.dll
C:\WINDOWS\SYSTEM32\fpoqtwed.dll
C:\WINDOWS\SYSTEM32\gmbeubbk.dll
C:\WINDOWS\SYSTEM32\gnxiouaj.dll
C:\WINDOWS\SYSTEM32\h323msp.dll
C:\WINDOWS\SYSTEM32\hhjtd.dll
C:\WINDOWS\SYSTEM32\hmacpxek.dll
C:\WINDOWS\system32\hnskpknp.dll
C:\WINDOWS\SYSTEM32\hpkfiwng.dll
C:\WINDOWS\SYSTEM32\hvtubxhh.dll
C:\WINDOWS\SYSTEM32\hxekgukw.dll
C:\WINDOWS\SYSTEM32\ipnathlp.dll
C:\WINDOWS\SYSTEM32\jlslgaiq.dll
C:\WINDOWS\SYSTEM32\khpnkobk.dll
C:\WINDOWS\system32\laadapts.dll
C:\WINDOWS\SYSTEM32\lrevrygi.dll
C:\WINDOWS\SYSTEM32\lvwnpiko.dll
C:\WINDOWS\SYSTEM32\mf3216.dll
C:\WINDOWS\SYSTEM32\mtjkgjyc.dll
C:\WINDOWS\SYSTEM32\nshiuxdx.dll
C:\WINDOWS\SYSTEM32\okgogldg.dll
C:\WINDOWS\SYSTEM32\ombnq.dll
C:\WINDOWS\SYSTEM32\ospcont.dat
C:\WINDOWS\SYSTEM32\pekhe.dll
C:\WINDOWS\SYSTEM32\piekyrgk.dll
C:\WINDOWS\SYSTEM32\qmdsictv.dll
C:\WINDOWS\SYSTEM32\qniuiiwk.dll
C:\WINDOWS\SYSTEM32\qrcgjate.dll
C:\WINDOWS\SYSTEM32\rqeegsxu.dll
C:\WINDOWS\SYSTEM32\shyrfbra.dll
C:\WINDOWS\SYSTEM32\sqvkvdrj.dll
C:\WINDOWS\SYSTEM32\tabwjpqn.dll
C:\WINDOWS\SYSTEM32\uhtfvbeh.dll
C:\WINDOWS\SYSTEM32\upwicdwj.dll
C:\WINDOWS\SYSTEM32\vyvsbysf.dll
C:\WINDOWS\SYSTEM32\wcrrcyyv.dll
C:\WINDOWS\SYSTEM32\xbnvdvsq.dll
C:\WINDOWS\SYSTEM32\xrdnwwni.dll
C:\WINDOWS\SYSTEM32\xwisxsby.dll
C:\WINDOWS\SYSTEM32\ycbyeuxo.dll
C:\WINDOWS\SYSTEM32\yjbioqfa.dll
C:\WINDOWS\SYSTEM32\yotpskfb.dll


((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 )))))))))))))))))))))))))))))))


2007-07-02 17:35 259,604 --a------ C:\WINDOWS\SYSTEM32\tqkrlbrh.dll
2007-07-02 17:35 124,948 --a------ C:\WINDOWS\SYSTEM32\crfspypt.dll
2007-07-02 13:26 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\SiteAdvisor
2007-07-02 08:17 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-07-02 08:11 <DIR> d-------- C:\VundoFix Backups
2007-06-29 18:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-27 19:56 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-27 19:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-27 19:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-27 06:56 <DIR> d-------- C:\DOCUME~1\Kristina\APPLIC~1\RegSweep
2007-06-27 05:47 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-27 05:24 <DIR> d-------- C:\Program Files\msn gaming zone
2007-06-27 05:22 <DIR> d-------- C:\WINDOWS\Prefetch
2007-06-26 09:25 <DIR> d-------- C:\Program Files\messenger
2007-06-26 09:24 <DIR> d-------- C:\WINDOWS\provisioning
2007-06-26 09:24 <DIR> d-------- C:\WINDOWS\peernet
2007-06-26 09:16 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-06-26 08:58 <DIR> d-------- C:\WINDOWS\EHome
2007-06-24 08:27 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-06-24 08:26 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-06-24 08:26 <DIR> d-------- C:\DOCUME~1\Kristina\APPLIC~1\SiteAdvisor
2007-06-24 08:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-06-24 08:20 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-06-24 08:17 109,608 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-06-24 08:13 <DIR> d-------- C:\Program Files\McAfee.com
2007-06-24 08:12 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-06-24 08:11 <DIR> d-------- C:\Program Files\McAfee
2007-06-24 07:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-06-24 07:23 1,082,368 --a------ C:\WINDOWS\SYSTEM32\esent.dll
2007-06-24 07:03 <DIR> d-------- C:\WINDOWS\5DF3D1BB894E4DCD8275159AC9829B43.TMP
2007-06-24 06:58 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-06-23 08:45 8,192 --a------ C:\WINDOWS\SYSTEM32\bitsprx2.dll
2007-06-23 08:45 7,168 --a------ C:\WINDOWS\SYSTEM32\bitsprx3.dll
2007-06-23 08:45 351,232 --a------ C:\WINDOWS\SYSTEM32\winhttp.dll
2007-06-23 08:45 18,944 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll
2007-06-22 13:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-22 09:55 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-06-22 09:16 <DIR> d-------- C:\WINDOWS\pss
2007-06-18 15:56 2,278 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-06-18 14:08 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AWRTPD.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-26 14:24:33 -------- d-----w C:\Program Files\Movie Maker
2007-06-26 14:14:23 -------- d-----w C:\Program Files\Windows NT
2007-06-01 13:34:05 -------- d-----w C:\Program Files\Paint Shop Pro
2007-05-23 22:37:29 -------- d--h--w C:\Program Files\WindowsUpdate
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 03:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 20:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
2007-03-30 10:41 1099304 --a------ C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22E2DD49-81FF-4944-BA3F-59ACDCFC3BEe}]
2007-07-02 17:35 124948 --a------ C:\WINDOWS\system32\crfspypt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"POINTER"="point32.exe" []
"QAGENT"="C:\Program Files\QUICKENW\QAGENT.EXE" [2001-08-01 13:30]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 19:58]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 16:30]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-03-30 10:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hhjtd]
hhjtd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ombnq]
ombnq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pekhe]
pekhe.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

*Newly Created Service* - ENTDRV51

Contents of the 'Scheduled Tasks' folder
2004-07-07 03:36:35 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1089171303.job
2007-06-24 13:15:21 C:\WINDOWS\tasks\McDefragTask.job
2007-07-01 06:00:00 C:\WINDOWS\tasks\McQcTask.job
2007-07-02 08:30:00 C:\WINDOWS\tasks\RegSweep Scheduled Scan.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-02 18:06:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-02 18:15:00 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-02 18:12
C:\ComboFix2.txt ... 2007-07-02 08:41

--- E O F ---

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 02 July 2007 - 06:43 PM

Please download the OTMoveIt by OldTimer:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\SYSTEM32\tqkrlbrh.dll
C:\WINDOWS\SYSTEM32\crfspypt.dll
C:\WINDOWS\5DF3D1BB894E4DCD8275159AC9829B43.TMP


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.

Restart your pc if you did'nt above.
Post a new Hijackthis log into your next reply.
Posted Image
Posted Image

#7 uoneluckybug

uoneluckybug
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 02 July 2007 - 07:03 PM

I ran OTMoveit like you instructed and rebooted. I'm not sure how to "Post a new Hijackthis log into your next reply." Please explain. I know you have mentioned this in your last couple of replies. I was wondering if you know what the issue is with my computer or if we are still in the process of discovering the problem. Thank you.

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 02 July 2007 - 07:14 PM

I've a good idea what the problem is,rescan with Hijackthis and post that log into your next reply.

Edited by RichieUK, 02 July 2007 - 07:34 PM.

Posted Image
Posted Image

#9 uoneluckybug

uoneluckybug
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 03 July 2007 - 06:11 AM

Logfile of HijackThis v1.99.1
Scan saved at 7:07:24 AM, on 7/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {22E2DD49-81FF-4944-BA3F-59ACDCFC3BEe} - C:\WINDOWS\system32\crfspypt.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: hhjtd - hhjtd.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ombnq - ombnq.dll (file missing)
O20 - Winlogon Notify: pekhe - pekhe.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 03 July 2007 - 06:20 AM

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {22E2DD49-81FF-4944-BA3F-59ACDCFC3BEe} - C:\WINDOWS\system32\crfspypt.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - Winlogon Notify: hhjtd - hhjtd.dll (file missing)
O20 - Winlogon Notify: ombnq - ombnq.dll (file missing)
O20 - Winlogon Notify: pekhe - pekhe.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

Exit Hijackthis.

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.

================================

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed,disable your current antivirus program,then click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.
*Note*
Don't forget to re-enable your antivirus program.

Also post a new Hijackthis log,let me know how your pc is running now.
Posted Image
Posted Image

#11 uoneluckybug

uoneluckybug
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 03 July 2007 - 03:55 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/03/2007 at 10:06 AM

Application Version : 3.9.1008

Core Rules Database Version : 3264
Trace Rules Database Version: 1275

Scan type : Complete Scan
Total Scan Time : 00:54:50

Memory items scanned : 500
Memory threats detected : 0
Registry items scanned : 5513
Registry threats detected : 86
File items scanned : 40214
File threats detected : 255

Adware.Tracking Cookie
C:\Documents and Settings\Kristina\Cookies\kristina@gomyron[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@clickz[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@incisivemedia.112.2o7[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@stats.drivecleaner[2].txt
C:\Documents and Settings\Kristina\Cookies\kristina@cpvfeed[3].txt
C:\Documents and Settings\Kristina\Cookies\kristina@gomyron[4].txt
C:\Documents and Settings\Kristina\Cookies\kristina@counter.hitslink[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@specificclick[3].txt
C:\Documents and Settings\Kristina\Cookies\kristina@uk.sitestat[2].txt
C:\Documents and Settings\Kristina\Cookies\kristina@stats.privacyprotector[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@bs.serving-sys[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@semdirector.112.2o7[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@drivecleaner[3].txt
C:\Documents and Settings\Kristina\Cookies\kristina@serving-sys[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@statse.webtrendslive[2].txt
C:\Documents and Settings\Kristina\Cookies\kristina@247realmedia[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@mediaplex[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@www.googleadservices[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@uk.sitestat[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@ad.yieldmanager[2].txt
C:\Documents and Settings\Kristina\Cookies\kristina@atdmt[3].txt
C:\Documents and Settings\Kristina\Cookies\kristina@ads2.blastro[1].txt
C:\Documents and Settings\Guest\Cookies\guest@247realmedia[1].txt
C:\Documents and Settings\Guest\Cookies\guest@2o7[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[2].txt
C:\Documents and Settings\Guest\Cookies\guest@adknowledge[2].txt
C:\Documents and Settings\Guest\Cookies\guest@admarketplace[1].txt
C:\Documents and Settings\Guest\Cookies\guest@adopt.euroclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@adopt.specificclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@adpretirementservices.122.2o7[1].txt
C:\Documents and Settings\Guest\Cookies\guest@adrevolver[2].txt
C:\Documents and Settings\Guest\Cookies\guest@adrevolver[3].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.addynamix[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.cc214142[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.expedia[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.monster[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.pointroll[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.vegas[1].txt
C:\Documents and Settings\Guest\Cookies\guest@adv.webmd[1].txt
C:\Documents and Settings\Guest\Cookies\guest@anad.tacoda[2].txt
C:\Documents and Settings\Guest\Cookies\guest@anat.tacoda[1].txt
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
C:\Documents and Settings\Guest\Cookies\guest@atwola[2].txt
C:\Documents and Settings\Guest\Cookies\guest@belnk[1].txt
C:\Documents and Settings\Guest\Cookies\guest@bizrate[2].txt
C:\Documents and Settings\Guest\Cookies\guest@bluestreak[2].txt
C:\Documents and Settings\Guest\Cookies\guest@burstnet[2].txt
C:\Documents and Settings\Guest\Cookies\guest@buycom.122.2o7[1].txt
C:\Documents and Settings\Guest\Cookies\guest@c.goclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@casalemedia[2].txt
C:\Documents and Settings\Guest\Cookies\guest@cassava[1].txt
C:\Documents and Settings\Guest\Cookies\guest@clickondetroit[1].txt
C:\Documents and Settings\Guest\Cookies\guest@cratebarrel.112.2o7[1].txt
C:\Documents and Settings\Guest\Cookies\guest@creativeby.viewpoint[1].txt
C:\Documents and Settings\Guest\Cookies\guest@data2.perf.overture[1].txt
C:\Documents and Settings\Guest\Cookies\guest@data3.perf.overture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@data4.perf.overture[1].txt
C:\Documents and Settings\Guest\Cookies\guest@dist.belnk[2].txt
C:\Documents and Settings\Guest\Cookies\guest@dowjones.122.2o7[1].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfk4enczwhp.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfk4wiajgdo.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfkiwgczgdp.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfkiwkc5ebo.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfkokjcpebp.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfkowkd5ibp.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfkywhdjebo.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfl4ahc5ecp.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfl4skdpafp.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wflowoc5olq.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfmywkdzabo.stats.esomniture[1].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wgkiqjczekp.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6whk4opdpadq.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjk4umcjmfp.stats.esomniture[1].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjkoalczmko.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjkogncjsep.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjkoqidjscp.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjkownajcgp.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjligodjilq.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjliqiazodo.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjlocmc5wkq.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjloegcpsho.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjloshcjkco.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjlyqodzgcp.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjmyehd5iep.stats.esomniture[1].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjmygpdpwho.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjmykpcpeep.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjny-1od5cl.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjnyckdpmeo.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjnyugdzcdp.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@e2itg.pbteen[2].txt
C:\Documents and Settings\Guest\Cookies\guest@edge.ru4[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ehg-airtran.hitbox[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ehg-comcast.hitbox[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ehg-consumerenergyco.hitbox[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ehg-fandango.hitbox[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ehg-realtytrac.hitbox[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ehg-ushumanesociety.hitbox[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ehg-verizonwireless.hitbox[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ehg-wachovia.hitbox[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ehg.hitbox[1].txt
C:\Documents and Settings\Guest\Cookies\guest@fastclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@fcstats.bcentral[2].txt
C:\Documents and Settings\Guest\Cookies\guest@hitbox[2].txt
C:\Documents and Settings\Guest\Cookies\guest@icc.intellisrv[1].txt
C:\Documents and Settings\Guest\Cookies\guest@indexstats[1].txt
C:\Documents and Settings\Guest\Cookies\guest@intellisrv[1].txt
C:\Documents and Settings\Guest\Cookies\guest@interclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@jcrew.112.2o7[1].txt
C:\Documents and Settings\Guest\Cookies\guest@keywordmax[1].txt
C:\Documents and Settings\Guest\Cookies\guest@linksynergy[1].txt
C:\Documents and Settings\Guest\Cookies\guest@maxserving[1].txt
C:\Documents and Settings\Guest\Cookies\guest@media.adrevolver[1].txt
C:\Documents and Settings\Guest\Cookies\guest@media3.sitebrand[2].txt
C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt
C:\Documents and Settings\Guest\Cookies\guest@msnportal.112.2o7[1].txt
C:\Documents and Settings\Guest\Cookies\guest@nextag[1].txt
C:\Documents and Settings\Guest\Cookies\guest@overture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@pacificpoker[2].txt
C:\Documents and Settings\Guest\Cookies\guest@partner2profit[2].txt
C:\Documents and Settings\Guest\Cookies\guest@partygaming.122.2o7[1].txt
C:\Documents and Settings\Guest\Cookies\guest@partypoker[1].txt
C:\Documents and Settings\Guest\Cookies\guest@pbteen[1].txt
C:\Documents and Settings\Guest\Cookies\guest@pch.122.2o7[1].txt
C:\Documents and Settings\Guest\Cookies\guest@perf.overture[1].txt
C:\Documents and Settings\Guest\Cookies\guest@pro-market[1].txt
C:\Documents and Settings\Guest\Cookies\guest@questionmarket[1].txt
C:\Documents and Settings\Guest\Cookies\guest@RadTech[2].txt
C:\Documents and Settings\Guest\Cookies\guest@realmedia[2].txt
C:\Documents and Settings\Guest\Cookies\guest@revenue[1].txt
C:\Documents and Settings\Guest\Cookies\guest@revsci[1].txt
C:\Documents and Settings\Guest\Cookies\guest@roiservice[1].txt
C:\Documents and Settings\Guest\Cookies\guest@sales.liveperson[2].txt
C:\Documents and Settings\Guest\Cookies\guest@server.iad.liveperson[2].txt
C:\Documents and Settings\Guest\Cookies\guest@server2.bkvtrack[2].txt
C:\Documents and Settings\Guest\Cookies\guest@serving-sys[2].txt
C:\Documents and Settings\Guest\Cookies\guest@statcounter[1].txt
C:\Documents and Settings\Guest\Cookies\guest@stats.klsoft[1].txt
C:\Documents and Settings\Guest\Cookies\guest@statse.webtrendslive[2].txt
C:\Documents and Settings\Guest\Cookies\guest@store.sunsetsextoy[2].txt
C:\Documents and Settings\Guest\Cookies\guest@superstats[1].txt
C:\Documents and Settings\Guest\Cookies\guest@tacoda[2].txt
C:\Documents and Settings\Guest\Cookies\guest@tracking[2].txt
C:\Documents and Settings\Guest\Cookies\guest@trafficmp[2].txt
C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[2].txt
C:\Documents and Settings\Guest\Cookies\guest@tripod[1].txt
C:\Documents and Settings\Guest\Cookies\guest@valueclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@web4.realtracker[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ww1.pbteen[2].txt
C:\Documents and Settings\Guest\Cookies\guest@www.burstbeacon[2].txt
C:\Documents and Settings\Guest\Cookies\guest@www.clickondetroit[1].txt
C:\Documents and Settings\Guest\Cookies\guest@www.pbteen[2].txt
C:\Documents and Settings\Guest\Cookies\guest@z1.adserver[1].txt
C:\Documents and Settings\Guest\Cookies\guest@zedo[2].txt
C:\Documents and Settings\Guest\Cookies\guest@zipzoomfly.122.2o7[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@ad.yieldmanager[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@adopt.specificclick[2].txt
C:\Documents and Settings\Kristina\Cookies\kristina@adrevolver[2].txt
C:\Documents and Settings\Kristina\Cookies\kristina@ads.pointroll[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@ads3.blastro[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@ads4.blastro[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@adserver.softwareonline[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@advertising[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@anad.tacoda[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@anat.tacoda[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@atdmt[2].txt
C:\Documents and Settings\Kristina\Cookies\kristina@buzznet.112.2o7[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@clickbank[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@cpvfeed[2].txt
C:\Documents and Settings\Kristina\Cookies\kristina@drivecleaner[2].txt
C:\Documents and Settings\Kristina\Cookies\kristina@exitexchange[2].txt
C:\Documents and Settings\Kristina\Cookies\kristina@go.winantivirus[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@redorbit[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@revsci[2].txt
C:\Documents and Settings\Kristina\Cookies\kristina@server.iad.liveperson[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@specificclick[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@stat.errclean[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@stats.adbrite[2].txt
C:\Documents and Settings\Kristina\Cookies\kristina@stopzilla[1].txt
C:\Documents and Settings\Kristina\Cookies\kristina@tacoda[2].txt
C:\Documents and Settings\Kristina\Cookies\kristina@winantivirus[2].txt
C:\Documents and Settings\Kristina\Cookies\kristina@www.stopzilla[1].txt

Malware.SpyCrush
HKCR\TypeLib\{3A57F88E-E4E8-470C-B032-6162923681D5}
HKCR\TypeLib\{3A57F88E-E4E8-470C-B032-6162923681D5}\1.0
HKCR\TypeLib\{3A57F88E-E4E8-470C-B032-6162923681D5}\1.0\0
HKCR\TypeLib\{3A57F88E-E4E8-470C-B032-6162923681D5}\1.0\0\win32
HKCR\TypeLib\{3A57F88E-E4E8-470C-B032-6162923681D5}\1.0\FLAGS
HKCR\TypeLib\{3A57F88E-E4E8-470C-B032-6162923681D5}\1.0\HELPDIR
HKCR\Interface\{077B1BF5-5C71-4167-ADCE-5AFD86E00FF5}
HKCR\Interface\{077B1BF5-5C71-4167-ADCE-5AFD86E00FF5}\ProxyStubClsid
HKCR\Interface\{077B1BF5-5C71-4167-ADCE-5AFD86E00FF5}\ProxyStubClsid32
HKCR\Interface\{077B1BF5-5C71-4167-ADCE-5AFD86E00FF5}\TypeLib
HKCR\Interface\{077B1BF5-5C71-4167-ADCE-5AFD86E00FF5}\TypeLib#Version
HKCR\Interface\{2CAFAFE4-E098-458F-BCCE-0D8F873C38FC}
HKCR\Interface\{2CAFAFE4-E098-458F-BCCE-0D8F873C38FC}\ProxyStubClsid
HKCR\Interface\{2CAFAFE4-E098-458F-BCCE-0D8F873C38FC}\ProxyStubClsid32
HKCR\Interface\{2CAFAFE4-E098-458F-BCCE-0D8F873C38FC}\TypeLib
HKCR\Interface\{2CAFAFE4-E098-458F-BCCE-0D8F873C38FC}\TypeLib#Version
HKCR\Interface\{667C305A-10F1-4591-9652-966B41BEE5A1}
HKCR\Interface\{667C305A-10F1-4591-9652-966B41BEE5A1}\ProxyStubClsid
HKCR\Interface\{667C305A-10F1-4591-9652-966B41BEE5A1}\ProxyStubClsid32
HKCR\Interface\{667C305A-10F1-4591-9652-966B41BEE5A1}\TypeLib
HKCR\Interface\{667C305A-10F1-4591-9652-966B41BEE5A1}\TypeLib#Version
HKCR\Interface\{66EB826C-4A16-40D4-9418-F3D4E319722B}
HKCR\Interface\{66EB826C-4A16-40D4-9418-F3D4E319722B}\ProxyStubClsid
HKCR\Interface\{66EB826C-4A16-40D4-9418-F3D4E319722B}\ProxyStubClsid32
HKCR\Interface\{66EB826C-4A16-40D4-9418-F3D4E319722B}\TypeLib
HKCR\Interface\{66EB826C-4A16-40D4-9418-F3D4E319722B}\TypeLib#Version
HKCR\Interface\{67917213-04FB-46AE-ABFB-95CFCDDAF7DF}
HKCR\Interface\{67917213-04FB-46AE-ABFB-95CFCDDAF7DF}\ProxyStubClsid
HKCR\Interface\{67917213-04FB-46AE-ABFB-95CFCDDAF7DF}\ProxyStubClsid32
HKCR\Interface\{67917213-04FB-46AE-ABFB-95CFCDDAF7DF}\TypeLib
HKCR\Interface\{67917213-04FB-46AE-ABFB-95CFCDDAF7DF}\TypeLib#Version
HKCR\Interface\{7277172E-E708-4168-99F0-DF09FDDF0BE0}
HKCR\Interface\{7277172E-E708-4168-99F0-DF09FDDF0BE0}\ProxyStubClsid
HKCR\Interface\{7277172E-E708-4168-99F0-DF09FDDF0BE0}\ProxyStubClsid32
HKCR\Interface\{7277172E-E708-4168-99F0-DF09FDDF0BE0}\TypeLib
HKCR\Interface\{7277172E-E708-4168-99F0-DF09FDDF0BE0}\TypeLib#Version
HKCR\Interface\{A30A1054-61A4-411E-8E6B-E7EED2917409}
HKCR\Interface\{A30A1054-61A4-411E-8E6B-E7EED2917409}\ProxyStubClsid
HKCR\Interface\{A30A1054-61A4-411E-8E6B-E7EED2917409}\ProxyStubClsid32
HKCR\Interface\{A30A1054-61A4-411E-8E6B-E7EED2917409}\TypeLib
HKCR\Interface\{A30A1054-61A4-411E-8E6B-E7EED2917409}\TypeLib#Version
HKCR\Interface\{A9E40D6A-D26E-4413-9431-832E42C51C3C}
HKCR\Interface\{A9E40D6A-D26E-4413-9431-832E42C51C3C}\ProxyStubClsid
HKCR\Interface\{A9E40D6A-D26E-4413-9431-832E42C51C3C}\ProxyStubClsid32
HKCR\Interface\{A9E40D6A-D26E-4413-9431-832E42C51C3C}\TypeLib
HKCR\Interface\{A9E40D6A-D26E-4413-9431-832E42C51C3C}\TypeLib#Version
HKCR\Interface\{A9E61BA4-EB7D-4699-8742-2BCFC842CD26}
HKCR\Interface\{A9E61BA4-EB7D-4699-8742-2BCFC842CD26}\ProxyStubClsid
HKCR\Interface\{A9E61BA4-EB7D-4699-8742-2BCFC842CD26}\ProxyStubClsid32
HKCR\Interface\{A9E61BA4-EB7D-4699-8742-2BCFC842CD26}\TypeLib
HKCR\Interface\{A9E61BA4-EB7D-4699-8742-2BCFC842CD26}\TypeLib#Version
HKCR\Interface\{AA4A709C-25B9-4BA5-95AD-3185FEBD9A7F}
HKCR\Interface\{AA4A709C-25B9-4BA5-95AD-3185FEBD9A7F}\ProxyStubClsid
HKCR\Interface\{AA4A709C-25B9-4BA5-95AD-3185FEBD9A7F}\ProxyStubClsid32
HKCR\Interface\{AA4A709C-25B9-4BA5-95AD-3185FEBD9A7F}\TypeLib
HKCR\Interface\{AA4A709C-25B9-4BA5-95AD-3185FEBD9A7F}\TypeLib#Version
HKCR\Interface\{AF64B18F-C7B6-4FCE-A4E6-4248344A196F}
HKCR\Interface\{AF64B18F-C7B6-4FCE-A4E6-4248344A196F}\ProxyStubClsid
HKCR\Interface\{AF64B18F-C7B6-4FCE-A4E6-4248344A196F}\ProxyStubClsid32
HKCR\Interface\{AF64B18F-C7B6-4FCE-A4E6-4248344A196F}\TypeLib
HKCR\Interface\{AF64B18F-C7B6-4FCE-A4E6-4248344A196F}\TypeLib#Version
HKCR\Interface\{B3E0E19A-FA96-4BBE-B429-CA4C9D8EC0A9}
HKCR\Interface\{B3E0E19A-FA96-4BBE-B429-CA4C9D8EC0A9}\ProxyStubClsid
HKCR\Interface\{B3E0E19A-FA96-4BBE-B429-CA4C9D8EC0A9}\ProxyStubClsid32
HKCR\Interface\{B3E0E19A-FA96-4BBE-B429-CA4C9D8EC0A9}\TypeLib
HKCR\Interface\{B3E0E19A-FA96-4BBE-B429-CA4C9D8EC0A9}\TypeLib#Version
HKCR\Interface\{B9211B3D-5FC6-4311-998E-B4138C256532}
HKCR\Interface\{B9211B3D-5FC6-4311-998E-B4138C256532}\ProxyStubClsid
HKCR\Interface\{B9211B3D-5FC6-4311-998E-B4138C256532}\ProxyStubClsid32
HKCR\Interface\{B9211B3D-5FC6-4311-998E-B4138C256532}\TypeLib
HKCR\Interface\{B9211B3D-5FC6-4311-998E-B4138C256532}\TypeLib#Version
HKCR\Interface\{C34B689D-78D9-436B-86A1-717CC7172B67}
HKCR\Interface\{C34B689D-78D9-436B-86A1-717CC7172B67}\ProxyStubClsid
HKCR\Interface\{C34B689D-78D9-436B-86A1-717CC7172B67}\ProxyStubClsid32
HKCR\Interface\{C34B689D-78D9-436B-86A1-717CC7172B67}\TypeLib
HKCR\Interface\{C34B689D-78D9-436B-86A1-717CC7172B67}\TypeLib#Version
HKCR\Interface\{CAAC1FBA-7BBE-4890-8156-D203FEA81D96}
HKCR\Interface\{CAAC1FBA-7BBE-4890-8156-D203FEA81D96}\ProxyStubClsid
HKCR\Interface\{CAAC1FBA-7BBE-4890-8156-D203FEA81D96}\ProxyStubClsid32
HKCR\Interface\{CAAC1FBA-7BBE-4890-8156-D203FEA81D96}\TypeLib
HKCR\Interface\{CAAC1FBA-7BBE-4890-8156-D203FEA81D96}\TypeLib#Version
HKCR\Interface\{FEC3BC5A-60C0-414C-8FD4-5C967597C25D}
HKCR\Interface\{FEC3BC5A-60C0-414C-8FD4-5C967597C25D}\ProxyStubClsid
HKCR\Interface\{FEC3BC5A-60C0-414C-8FD4-5C967597C25D}\ProxyStubClsid32
HKCR\Interface\{FEC3BC5A-60C0-414C-8FD4-5C967597C25D}\TypeLib
HKCR\Interface\{FEC3BC5A-60C0-414C-8FD4-5C967597C25D}\TypeLib#Version

Trojan.Downloader-CREW
C:\DOCUMENTS AND SETTINGS\GUEST\LOCAL SETTINGS\TEMP\PCEIPCPM.DLL
C:\PROGRAM FILES\HIJACKTHIS\BACKUPS\BACKUP-20070701-180008-664.DLL
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\ANNNUFKN.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BBKDIIQK.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CCVNXGQB.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\COCOCXXN.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DMMGWXIU.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DNTIOHRM.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\EHMUJHDH.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\EMGDEJWL.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FPOQTWED.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\GNXIOUAJ.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\HMACPXEK.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\HPKFIWNG.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\HXEKGUKW.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JLSLGAIQ.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LAADAPTS.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LREVRYGI.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\PIEKYRGK.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\QMDSICTV.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\QNIUIIWK.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\QRCGJATE.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SHYRFBRA.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SQVKVDRJ.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TABWJPQN.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\UHTFVBEH.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\UPWICDWJ.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WCRRCYYV.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XBNVDVSQ.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XRDNWWNI.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XWISXSBY.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\YCBYEUXO.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\YJBIOQFA.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\YOTPSKFB.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491280.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491281.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491283.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491285.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491287.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491288.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491290.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491291.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491292.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491294.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491295.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491297.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491299.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491300.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491302.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491303.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491305.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491306.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491308.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491310.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491311.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491313.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491317.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491318.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491320.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491321.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491322.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491323.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491324.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491325.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491327.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491328.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\CRFSPYPT.DLL

Adware.SysUpd/Pilo
C:\PROGRAM FILES\HIJACKTHIS\BACKUPS\BACKUP-20070701-180008-646.DLL
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\OMBNQ.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\PEKHE.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491307.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1492\A0491326.DLL




******************************************************************************
BitDefender Online Scanner



Scan report generated at: Tue, Jul 03, 2007 - 15:32:39





Scan path: A:\;C:\;D:\;E:\;







Statistics

Time
00:56:41

Files
155141

Folders
5044

Boot Sectors
3

Archives
6399

Packed Files
8946




Results

Identified Viruses
1

Infected Files
2

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
2




Engines Info

Virus Definitions
636702

Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1493\A0491410.dll
Infected with: Trojan.BHO.AR

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1493\A0491410.dll
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1493\A0491410.dll
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1493\A0491411.dll
Infected with: Trojan.BHO.AR

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1493\A0491411.dll
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1493\A0491411.dll
Deleted

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 03 July 2007 - 04:17 PM

Also post a new Hijackthis log,let me know how your pc is running now.

Could you do the above as requested please.
Posted Image
Posted Image

#13 uoneluckybug

uoneluckybug
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 04 July 2007 - 07:17 AM

i have posted a new log. THanks.

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 04 July 2007 - 09:48 AM

Post a fresh Hijackthis log into this topic please.
Also let me know how your pc is running now.
Posted Image
Posted Image

#15 uoneluckybug

uoneluckybug
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 05 July 2007 - 07:09 AM

Logfile of HijackThis v1.99.1
Scan saved at 8:06:53 AM, on 7/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC07.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: McAfee Application Installer Cleanup (0250671183550481) (0250671183550481mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\025067~1.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe




The computer seems to be running fine - no redirection, no pop-ups. However, my screen saver doesn't work. I went back in and set my custom text screensaver, but it doesn't initiate when the computer isn't in use.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users