Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Annoying Pop-Ups and icons on my computer!


  • This topic is locked This topic is locked

#1
Corbo

Corbo

    Member

  • Member
  • PipPip
  • 21 posts
Well I have this problem,everytime I open my computer a icon in the notificaton area(Bottom right hand corner) theres an icon saying"Your Computer could be infected" and then lots of pop-ups come up and it's really annoying.I tried lots of different Virus/Spyware Scan but they all can't detect it...So I really need help!I posted my Hijack log.Thanks.

My Hijack Log:

Logfile of HijackThis v1.99.1
Scan saved at 17:50:57, on 21/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\GEARSec.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\{5CE457A6-0AE8-3076-1008-05041220002c}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\shared\mghtml.exe
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\CALVIN~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\CALVIN~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\hijackthis\HijackThis.exe

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvpan.dll,startup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Calvin and Gary\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

Advertisements


#2
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello Corbo and welcome to Geeks to Go

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions! (Click the Options drop down near the upper right of the topic. Select Print this topic.)

You have a Puper infection. Let’s see what we can do.

I see McAfee and Symantec in your running processes. Is the Symantec files running for Norton Ghost only or do you have two AV programmes running?

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

A. Please download the 30-day trial version of: AVG Anti Spyware
  • Please install, and update AVG Anti-Spyware/Ewido
  • Load AVGas/Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Please select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
  • Close AVGas/Ewido. Do not run it yet.
B. Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:

Safe Mode

C. Open the SmitfraudFix Folder, (right click and choose Extract All) then double-click smitfraudfix.cmd file to start the tool. Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

D. Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

E. Close ALL open Windows / Programmes / Folders.
  • In Safe Mode, load AVGas/Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be patient.
  • AVGas/Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (I suggest the Desktop).
Close AVGas/Ewido and Reboot in Normal Mode.
______________________________

F. Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the Programme and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
______________________________

G. Please post:
  • c:\rapport.txt
  • AVGas/Ewido log
  • A new HijackThis log (from normal mode).
You may need more than one reply to post the requested logs, otherwise they might get cut off.
  • 0

#3
Corbo

Corbo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thanks for helping so much!I only have norton ghost!The icon is gone but theres still theese pop-ups...
Here's my three logs:

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Calvin and Gary\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe







Rapport Log:



SmitFraudFix v2.123

Scan done at 20:18:44.45, 22/11/2006
Run from C:\Documents and Settings\Calvin and Gary\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

遙遙遙遙遙遙遙遙遙遙遙遙 Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

遙遙遙遙遙遙遙遙遙遙遙遙 Killing process


遙遙遙遙遙遙遙遙遙遙遙遙 Generic Renos Fix

GenericRenosFix by S!Ri


遙遙遙遙遙遙遙遙遙遙遙遙 Deleting infected files

C:\WINDOWS\system32\ishost.exe Deleted
C:\WINDOWS\system32\ismini.exe Deleted
C:\WINDOWS\system32\drvpan.dll Deleted
C:\DOCUME~1\CALVIN~1\FAVORI~1\Antivirus Test Online.url Deleted

遙遙遙遙遙遙遙遙遙遙遙遙 Deleting Temp Files


遙遙遙遙遙遙遙遙遙遙遙遙 Registry Cleaning

Registry Cleaning done.

遙遙遙遙遙遙遙遙遙遙遙遙 After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


遙遙遙遙遙遙遙遙遙遙遙遙 End

Edited by Corbo, 22 November 2006 - 03:22 PM.

  • 0

#4
Corbo

Corbo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
And this is the spyware scan report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:16:32 22/11/2006

+ Scan result:



C:\Program Files\Common Files\{5CE457A6-0AE8-3076-1008-05041220002c}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{5CE457A6-0AE8-3076-1008-05041220002c}\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
[548] C:\Program Files\Common Files\{5CE457A6-0AE8-3076-1008-05041220002c}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pmnmnlk.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\actskn45.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP102\A0013363.dll -> Not-A-Virus.Hoax.Win32.Renos.fw : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.75:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.203:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.204:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.205:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.206:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.207:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.208:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.209:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.210:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.211:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.566:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.636:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.746:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.811:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Calvin and Gary\Local Settings\Temp\Cookies\calvin and [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.38:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.39:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.41:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.Addcontrol : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.732:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.733:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.734:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.735:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.736:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.737:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.128:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.129:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.246:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.247:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.248:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.249:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.250:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.565:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.101:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.764:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.523:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.77:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.78:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.80:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.71:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.72:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.73:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.140:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.153:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.79:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][2].txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.310:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.322:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.773:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.778:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.779:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.780:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.60:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.61:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.65:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.66:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.67:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.346:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.347:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.348:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.349:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.350:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.351:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.143:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.145:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.461:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.689:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.767:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.831:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.848:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.380:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.381:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.382:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.838:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.847:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.393:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.50:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.400:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Linkbuddies : Cleaned.
:mozilla.511:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.512:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.513:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Calvin and Gary\Local Settings\Temp\Cookies\calvin and [email protected][2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.251:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.472:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.473:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.474:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.475:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.476:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.240:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.241:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.242:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.293:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.294:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.295:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.296:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.244:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.245:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.252:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.253:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.254:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.87:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.88:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.89:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.90:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.91:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.92:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.93:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.228:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.229:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.232:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.233:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.234:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.235:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.509:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.510:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.353:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.355:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.356:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.357:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.358:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.359:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.360:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.361:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.362:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.363:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.364:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.365:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.366:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.367:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.368:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.369:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.370:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.371:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.372:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.373:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.398:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.399:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.765:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.340:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.341:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.342:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.553:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.220:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.221:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.935:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.936:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.937:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.938:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.939:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.940:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][2].txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.909:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][2].txt -> TrackingCookie.Wegcash : Cleaned.
:mozilla.486:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.62:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.63:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.64:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.69:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Calvin and Gary\Cookies\calvin and [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.524:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.525:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.526:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.527:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.528:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.529:C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla\Firefox\Profiles\y1eo6c2r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP102\A0013375.dll -> Trojan.Agent.neq : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__w_i_n_h_d_n_3_2_._d_l_l_ -> Trojan.Agent.neq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP101\A0013302.dll -> Trojan.Agent.vg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP101\A0013301.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).


::Report end
  • 0

#5
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

Please post a complete HJT log.

BTW, any idea what the oriental lettering is in Rapport?
  • 0

#6
Corbo

Corbo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
You mean a Hijack Log?And that text of the rapport was like that already...Thanks!^_^
Logfile of HijackThis v1.99.1
Scan saved at 22:07:31, on 22/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\GEARSec.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\hijackthis\HijackThis.exe

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Calvin and Gary\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Edited by Corbo, 22 November 2006 - 04:09 PM.

  • 0

#7
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

The logs look good.

Download this file: combofix.exe to your Desktop

Double click combofix.exe & follow the prompts.

When it has finished, it will produce a log. Please post that log in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  • 0

#8
Corbo

Corbo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
xD,Thanks again!Heres the log:


Calvin and Gary - 06-11-23 17:14:28.31 Service Pack 2
ComboFix 06.11.22 - Running from: "C:\Documents and Settings\Calvin and Gary\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components
C:\Program Files\Common Files\{5CE457A6-0AE8-3076-1008-05041220002c}


((((((((((((((((((((((((((((((( Files Created from 2006-10-23 to 2006-11-23 ))))))))))))))))))))))))))))))))))


2006-11-22 20:18 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-22 20:18 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-22 20:18 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-22 20:18 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-22 20:12 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-22 20:12 <DIR> d-------- C:\Program Files\Grisoft
2006-11-21 18:54 627,084 ---hs---- C:\WINDOWS\system32\nqtss.ini2
2006-11-21 17:21 <DIR> d-------- C:\hijackthis
2006-11-21 16:40 <DIR> d-------- C:\Program Files\IMVU
2006-11-18 13:26 625,673 ---hs---- C:\WINDOWS\system32\nqtss.bak2
2006-11-17 14:14 <DIR> d--hs---- C:\WINDOWS\system32\ShellDHCP
2006-11-17 13:26 692,276 ---hs---- C:\WINDOWS\system32\sstqn.dll
2006-11-17 13:26 625,477 ---hs---- C:\WINDOWS\system32\nqtss.bak1
2006-11-17 13:26 126,996 --a------ C:\WINDOWS\system32\urdqishi.dll
2006-11-17 13:26 110,612 --a------ C:\WINDOWS\system32\clnevhmk.exe
2006-11-17 13:25 <DIR> d-------- C:\temp
2006-11-15 18:45 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2006-11-15 18:45 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2006-11-14 16:00 <DIR> d-------- C:\Documents and Settings\All Users\??
2006-11-12 23:44 <DIR> d-------- C:\Documents and Settings\Calvin and Gary\Application Data\EndNote
2006-11-12 23:37 <DIR> d-------- C:\Program Files\EndNote 9
2006-11-12 23:37 <DIR> d-------- C:\Program Files\Common Files\Risxtd
2006-11-12 23:29 <DIR> d-------- C:\Documents and Settings\Calvin and Gary\Application Data\Help
2006-11-12 23:29 <DIR> d-------- C:\Documents and Settings\Calvin and Gary\Application Data\Design Science
2006-11-12 23:28 <DIR> d-------- C:\Program Files\MathType
2006-11-12 23:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-11-12 15:59 <DIR> d-------- C:\Program Files\SearchAssist
2006-11-12 11:53 <DIR> d-------- C:\Program Files\Lavasoft
2006-11-12 11:53 <DIR> d-------- C:\Documents and Settings\Calvin and Gary\Application Data\Lavasoft
2006-11-11 21:16 695,087 ---hs---- C:\WINDOWS\system32\rtutv.bak1
2006-11-11 21:16 <DIR> d-------- C:\Documents and Settings\Calvin and Gary\Application Data\SearchToolbarCorp
2006-11-11 21:15 692,276 ---hs---- C:\WINDOWS\system32\vtutr.dll
2006-11-11 21:10 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter
2006-11-11 14:49 <DIR> d-------- C:\Documents and Settings\Calvin and Gary\Application Data\Skype
2006-11-10 22:51 <DIR> d-------- C:\Program Files\Common Files\Vbox
2006-11-10 21:10 <DIR> d-------- C:\Program Files\Mozilla Firefox
2006-11-10 20:32 <DIR> d-------- C:\Documents and Settings\Calvin and Gary\Application Data\Mozilla
2006-11-10 20:11 <DIR> d--h----- C:\WINDOWS\PIF
2006-11-10 16:04 <DIR> d-------- C:\Program Files\Azureus
2006-11-10 16:04 <DIR> d-------- C:\Documents and Settings\Calvin and Gary\Application Data\Azureus
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-02 18:55 <DIR> d-------- C:\WINDOWS\NamelessRO Eclipse
2006-10-26 15:20 <DIR> d-------- C:\Documents and Settings\Calvin and Gary\Shared
2006-10-26 15:20 <DIR> d-------- C:\Documents and Settings\Calvin and Gary\Incomplete
2006-10-26 15:09 <DIR> d-------- C:\Documents and Settings\Calvin and Gary\.limewire
2006-10-26 14:58 <DIR> d-------- C:\Documents and Settings\Calvin and Gary\Application Data\BearShare
2006-10-26 13:46 <DIR> d-------- C:\Documents and Settings\Calvin and Gary\Application Data\X-Chat 2
2006-10-24 14:47 <DIR> d-------- C:\Documents and Settings\Calvin and Gary\Application Data\IMVU
2006-10-24 12:31 <DIR> d-------- C:\Documents and Settings\Calvin and Gary\Application Data\Opera


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-23 17:15 -------- d-------- C:\Program Files\Common Files
2006-11-23 00:57 -------- d-------- C:\Program Files\QQGame
2006-11-21 16:40 -------- d-------- C:\Program Files\Tennis Elbow 2006
2006-11-21 16:40 -------- d-------- C:\Documents and Settings\Calvin and Gary\Application Data\McAfee.com Personal Firewall
2006-11-19 10:57 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-18 14:27 -------- d-------- C:\Program Files\Internet Explorer
2006-11-15 18:47 -------- d-------- C:\Program Files\Windows Media Player
2006-11-14 10:15 -------- d---s---- C:\Documents and Settings\Calvin and Gary\Application Data\Microsoft
2006-11-13 09:22 -------- d-------- C:\Program Files\Java
2006-11-10 22:55 -------- d-------- C:\Program Files\Adobe
2006-11-10 22:53 -------- d-------- C:\Documents and Settings\Calvin and Gary\Application Data\Adobe
2006-11-10 21:03 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-10-19 16:54 -------- d-------- C:\Program Files\iTunes
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\WMASF.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 38528 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-18 15:11 -------- d-------- C:\Program Files\iPod
2006-10-18 15:11 -------- d-------- C:\Documents and Settings\Calvin and Gary\Application Data\Apple Computer
2006-10-18 15:10 -------- d-------- C:\Program Files\QuickTime
2006-10-18 15:09 -------- d-------- C:\Program Files\Apple Software Update
2006-10-14 13:26 -------- d-------- C:\Program Files\Google
2006-10-13 12:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 12:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 12:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 10:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll
2006-10-01 20:35 -------- d-------- C:\Program Files\Sony Ericsson
2006-09-30 21:00 -------- d-------- C:\Documents and Settings\Calvin and Gary\Application Data\Macromedia
2006-09-30 09:34 -------- d-------- C:\Program Files\PC Camera
2006-09-30 09:34 -------- d-------- C:\Program Files\Common Files\PCCamera
2006-09-28 20:13 95344 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-09-28 19:00 82944 --------- C:\WINDOWS\system32\drivers\WudfRd.sys
2006-09-28 18:56 55808 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-09-28 18:56 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-09-28 18:56 165376 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-09-28 18:56 146432 --------- C:\WINDOWS\system32\WudfHost.exe
2006-09-28 18:55 77568 --------- C:\WINDOWS\system32\drivers\WudfPf.sys
2006-09-25 18:54 -------- d-------- C:\Documents and Settings\Calvin and Gary\Application Data\Sonic
2006-09-25 18:54 -------- d-------- C:\Documents and Settings\Calvin and Gary\Application Data\Leadertech
2006-09-25 17:58 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-25 17:20 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-09-24 20:42 -------- d-------- C:\Program Files\Disc2Phone
2006-09-24 20:35 -------- d-------- C:\Documents and Settings\Calvin and Gary\Application Data\Teleca
2006-09-24 20:33 -------- d-------- C:\Program Files\Common Files\Teleca Shared
2006-09-23 23:29 -------- d-------- C:\Program Files\Samsung
2006-09-19 14:49 65536 --a------ C:\WINDOWS\IFinst27.exe
2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 15:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Norton Ghost 10.0"="\"C:\\Program Files\\Norton Ghost\\Agent\\GhostTray.exe\""
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"VirusScan Online"="c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
@=""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Dell Network Assistant.lnk"
"backup"="C:\\WINDOWS\\pss\\Dell Network Assistant.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\Installer\\{0240BDFB-2995-4A3F-8C96-18D41282B716}\\Icon0240BDFB3.exe -systray"
"item"="Dell Network Assistant"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\EPSON Status Monitor 3 Environment Check 2.lnk"
"backup"="C:\\WINDOWS\\pss\\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\E_SRCV02.EXE "
"item"="EPSON Status Monitor 3 Environment Check 2"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Calvin and Gary^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\Calvin and Gary\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DMXLauncher"
"hkey"="HKLM"
"command"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Application Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhdn32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (D51Z8D2J-Calvin and Gary).job

Completion time: 06-11-23 17:17:32.62
C:\ComboFix.txt ... 06-11-23 17:17
  • 0

#9
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again Calvin and Gary

I've analysed the Combofix log and found what appear to me to be either Vundo or ConHook files. I can simply delete them and things should be fine but I'd much rather fix them with the correct tool which makes the registry repairs also.

There are four separate infections spanning from 11th November up to 21st November

I want you to run the Vundofix tool in automated mode first of all and hopefully it will pick up any known Vundo files, it may run two, three or four times in that mode until it has taken out what it finds.

Then I want you to run it in a manual mode in which you enter the files for it to search for. I am going to write it out exactly as it should be, and hope it will take 8 lines and still work. If it baulks at that number, split the fix into 2 goes. This should work OK.

I am then going to delete everything in Killbox, and I would really like to see PendingFileRenameOperations.

Here goes.

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log, from normal mode, in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

If Vundofix does not find and delete the files, please try running it bit differently:
  • Double-click VundoFix.exe to run it.
  • You will receive a message saying Vundofix will close and re-open in a minute or less. Click OK.
  • When VundoFix re-opens, click Scan for Vundo button.
  • Once the scan is complete, right-click inside the listbox (white box) and click Add more files?
  • Copy & paste the 2 entries below into the top 2 boxes:
    • C:\WINDOWS\system32\sstqn.dll
    • C:\WINDOWS\system32\nqtss.*
    • C:\WINDOWS\system32\vtutr.dll
    • C:\WINDOWS\system32\rtutv.*
    • C:\WINDOWS\system32\urdqishi.dll
    • C:\WINDOWS\system32\ihsiqbru.*
    • C:\WINDOWS\system32\clnevhmk.exe
    • C:\WINDOWS\system32\kmhvenlc.*
  • Click Add Files and click Close Window.
  • Click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES.
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt
Please download: Killbox by Option^Explicit

Please install Killbox by Option^Explicit.
  • Please double-click Killbox.exe to run it.
  • Select Delete on Reboot
  • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\nqtss.ini2
C:\WINDOWS\system32\nqtss.bak2
C:\WINDOWS\system32\nqtss.bak1
C:\WINDOWS\system32\urdqishi.dll
C:\WINDOWS\system32\clnevhmk.exe
C:\WINDOWS\system32\rtutv.bak1
C:\WINDOWS\system32\vtutr.dll
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Please post a fresh HiJackThis log, from normal mode.

How's the PC running now?
  • 0

#10
Corbo

Corbo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
My computer is better now thanks!,But it still very slow...

Logfile of HijackThis v1.99.1
Scan saved at 16:09:39, on 24/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\GEARSec.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Calvin and Gary\Desktop\HijackThis.exe

O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\fykmpidt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {EF702CD4-0C69-4D1D-B801-F47A926DF92B} - C:\WINDOWS\system32\sstqn.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Calvin and Gary\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhdn32 - winhdn32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#11
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

You have a new Trojan.

Rescan with HijackThis. Close all programmes leaving only HijackThis running. Place a checkmark or tick against the following:

O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\fykmpidt.dll
O2 - BHO: (no name) - {EF702CD4-0C69-4D1D-B801-F47A926DF92B} - C:\WINDOWS\system32\sstqn.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O20 - Winlogon Notify: winhdn32 - winhdn32.dll (file missing)


Click on Fix Checked when finished and exit HijackThis.

Please install Killbox by Option^Explicit.
  • Please double-click Killbox.exe to run it.
  • Select Delete on Reboot
  • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\fykmpidt.dll
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Post back a fresh HijackThis log, from normal mode, and I will take another look.
  • 0

#12
Corbo

Corbo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hello,Here it is:

Logfile of HijackThis v1.99.1
Scan saved at 16:38:45, on 24/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\GEARSec.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Calvin and Gary\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Calvin and Gary\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#13
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

That is now a clean log. I will give you final instructions after this attempt to speed-up your PC.

Click start then run, type prefetch then press enter, click edit then select all, (all files will highlight), right click any file, click delete, confirm

Click start then all programmes, accessories, system tools to run disc clean up

Reboot

Click start then all programmes, accessories, system tools to run defragmenter

Download, install and run Tune Up 2006 Trial It is a 30-day free trial.

Run Tune Up disc clean up

Run Tune Up registry clean up

Disable your anti virus programme then click Optimize and Improve to run Reg Defrag, the screen will lose colour during the process which can take a few minutes and then needs a reboot

Check the anti virus programme is running after the reboot.

Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial

Click optimize and improve then system optimizer to optimize the computer, select computer with an internet connection from the drop down menu, this also requires a reboot

After the reboot, click optimize then system optimizer to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.

After the reboot, click optimize then system optimizer to run system advisor
  • 0

#14
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP