Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC-web browser slow - myway malware/spyware suspected [CLOSED]


  • This topic is locked This topic is locked

#1
Rachael9667

Rachael9667

    Member

  • Member
  • PipPip
  • 10 posts
I have read and followed the "read this first" instructions and have pasted those log files below.

PC is very slow, especially on the internet. I have highspeed internet service, so this has never been the case before. I may have downloaded software (a driver for transferring data from my cell phone) that may have been harmful. I stopped the download and delted the files that were there, as I became unsure if it was truly safe.

Also, I keep seeing the same "myway" crud as was involved in my previous problem - HERE, don't know if it is the same one or new.

Additionally, I am not sure if this is meaningful or an unrelated byproduct of me being a little too thorough in deleting files that come up suspicious, but, at times, when I close out a window on Internet Explorer, I get this message: (in the blue title bar: "iexplore.exe (notice there is no R at the end??) - Application Error" then in the grey text area: "The instruction at "0x62304390" referenced memory at "0x62304390". the memory could not be read. Click on OK to terminate the program"

Thank YOU!!

Panda Activescan Results

Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt
Adware:adware/coolsavings Not disinfected C:\WINDOWS\Downloaded Program Files\CpnMgr.dll

The last 3 Super Anti Spyware Scans:

2/29/08:
SUPERAntiSpyware Scan Log
Generated 02/29/2008 at 08:57 PM

Application Version : 3.6.1000

Core Rules Database Version : 3358
Trace Rules Database Version: 1357

Scan type : Complete Scan
Total Scan Time : 01:50:34

Memory items scanned : 393
Memory threats detected : 0
Registry items scanned : 5985
Registry threats detected : 0
File items scanned : 80365
File threats detected : 6

Adware.Tracking Cookie
C:\Documents and Settings\Rachael\Cookies\[email protected][2].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][2].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][2].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt

3/8/08:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/08/2008 at 08:25 AM

Application Version : 4.0.1154

Core Rules Database Version : 3416
Trace Rules Database Version: 1408

Scan type : Complete Scan
Total Scan Time : 00:53:50

Memory items scanned : 378
Memory threats detected : 0
Registry items scanned : 5560
Registry threats detected : 0
File items scanned : 73997
File threats detected : 18

Adware.Tracking Cookie
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][2].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][2].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][2].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][2].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][2].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][2].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][2].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][2].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt

3/9/08:
Spyware Scan Log
http://www.superantispyware.com

Generated 03/09/2008 at 02:29 PM

Application Version : 4.0.1154

Core Rules Database Version : 3416
Trace Rules Database Version: 1408

Scan type : Complete Scan
Total Scan Time : 00:51:29

Memory items scanned : 394
Memory threats detected : 0
Registry items scanned : 5570
Registry threats detected : 0
File items scanned : 71960
File threats detected : 15

Adware.Tracking Cookie
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][2].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][2].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][2].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][2].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][2].txt
C:\Documents and Settings\Rachael\Cookies\[email protected][2].txt

Highjack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:20:18 PM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.schumanfa.../targetUPC.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D9EFA3B-4E85-41A8-9092-14012CD447C9} - http://216.24.116.21...amPlayerWeb.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://photo.walgree...eensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coupons.smart...oad/cscmv5X.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - http://www.adoramapi...geUploader4.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-cent...bin/actxcab.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EFB90C8-3652-438A-A52C-36B771DA6570}: NameServer = 216.24.119.10,216.24.112.10
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Rachael/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

--
End of file - 8497 bytes

Hijack This Uninstall List:

ABBYY FineReader 5.0 Sprint Plus
Adobe Acrobat 5.0
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 8.1.2
Adobe Setup
Adobe Shockwave Player
Age of Wonders II Demo
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
avast! Antivirus
AVG Anti-Spyware 7.5
Banctec Service Agreement
Blue's Treasure Hunt
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon EOS 5D WIA Driver
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Canon EOS-1Ds Mark II WIA Driver
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.0
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
Charting Companion for Family Tree Maker
Chinese Traditional Fonts Support For Adobe Reader 8
Civilization III
Coupon Printer for Windows
Dell Driver Reset Tool
Dell Picture Studio v3.0
Dell Support 5.0.0 (630)
EPSON CardMonitor
EPSON Copy Utility 3
EPSON CX6600 Reference Guide
EPSON PhotoStarter3.2
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
Family Tree Maker
Family Tree Maker 2006
Fonts and Graphics for Weddings
Genelines for Family Tree Maker
GenSmarts
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
Hanes Calendar 2005 ArtPack
Hanes Valentines 2005 ArtPack
Hanes© T-ShirtMake© Lite
Hanes® T-ShirtMaker® 2004 Valentine
Hanes® T-ShirtMaker® Patriotic Designs 1
Hanes® T-ShirtMaker® School Spirit 1
Hanes® T-ShirtMaker® St. Patrick's Day 2003 ProjectPack
Hanes® T-ShirtMaker® XMas 2003
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
iPod for Windows 2006-06-28
IrfanView (remove only)
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 2
Java™ 6 Update 3
JumpStart Numbers v1.0
LimeWire 4.14.12
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Age of Empires II Trial Version
Microsoft Office Converter Pack
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Event Monitor
Modem Helper
Modem On Hold
MP3 Player Utilities
MS Access 97 SP2
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML4 Parser
Musicmatch® Jukebox
Oregon Trail® 5
palmOne
Panda ActiveScan
Photo Album
Play with the Teletubbies
PrintingPress Platinum
Quicken Deluxe 2000
QuickTime
RealArcade
Rhapsody
Rhapsody Player Engine
ScanToWeb
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
SimCity 3000 Unlimited
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SUPERAntiSpyware Free Edition
Tropico
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Windows Essentials Media Codec Pack 1.0
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10
WordPerfect Office 12
World Place Advisor for FTM
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! Toolbar

AVG Scan
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:21:50 PM 3/10/2008

+ Scan result:



HKLM\SOFTWARE\Classes\CpnMgr.CMV5 -> Adware.CoolSavings : No action taken.
HKLM\SOFTWARE\Classes\CpnMgr.CMV5.3 -> Adware.CoolSavings : No action taken.
HKLM\SOFTWARE\Classes\CpnMgr.CMV5\CLSID -> Adware.CoolSavings : No action taken.
HKLM\SOFTWARE\Classes\CpnMgr.CMV5\CurVer -> Adware.CoolSavings : No action taken.
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Rachael\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Rachael\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Rachael\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Rachael\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Rachael\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Rachael\Cookies\[email protected][2].txt -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Rachael\Cookies\[email protected][2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Rachael\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : No action taken.


::Report end

Edited by Rachael9667, 11 March 2008 - 08:33 AM.

  • 0

Advertisements


#2
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Hey Rachael9667,
Sorry for the delay in response, good job on posting in the waiting room.

Lets start with this:

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Post the two logs so I can take a look :)

Harry
  • 0

#3
Rachael9667

Rachael9667

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ComboFix 08-03-18.1 - Rachael 2008-03-19 12:04:08.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.180 [GMT -5:00]
Running from: C:\Program Files\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))
.

2008-03-19 12:01 . 2008-03-19 12:01 1,599,141 --a------ C:\Program Files\ComboFix.exe
2008-03-17 15:49 . 2008-03-17 18:38 <DIR> d-------- C:\Documents and Settings\Rachael\Application Data\BitTorrent
2008-03-17 15:48 . 2008-03-17 15:48 <DIR> d-------- C:\Program Files\DNA
2008-03-17 15:48 . 2008-03-19 12:04 <DIR> d-------- C:\Documents and Settings\Rachael\Application Data\DNA
2008-03-10 14:38 . 2008-03-10 14:38 <DIR> d-------- C:\Downloads
2008-03-10 14:38 . 2008-03-10 14:39 <DIR> d-------- C:\Documents and Settings\Rachael\Application Data\GetRightToGo
2008-03-09 09:35 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\qffuqbujkwqt.sys
2008-03-07 22:13 . 2005-08-18 12:44 49,867 --a------ C:\WINDOWS\system32\drivers\mardp2k.sys
2008-03-07 22:13 . 2005-08-18 12:44 49,484 --a------ C:\WINDOWS\system32\drivers\MARDPNP.SYS
2008-03-07 22:13 . 2007-02-02 17:57 49,377 --a------ C:\WINDOWS\system32\drivers\mamotou.sys
2008-03-07 22:13 . 2007-01-16 12:46 25,302 --a------ C:\WINDOWS\system32\drivers\MaVctrl.sys
2008-03-07 22:13 . 2007-01-16 12:44 11,986 --a------ C:\WINDOWS\system32\drivers\MaVc2K.sys
2008-03-07 22:12 . 2008-03-07 22:12 <DIR> d-------- C:\WINDOWS\Application Data
2008-02-23 13:21 . 2008-02-23 13:26 <DIR> d-------- C:\Documents and Settings\Rachael\Application Data\Media Player Classic
2008-02-23 13:20 . 2008-02-23 13:20 <DIR> d-------- C:\Program Files\Essentials Codec Pack

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 09:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-16 05:20 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-09 17:05 --------- d-----w C:\Program Files\iTunes
2008-03-09 17:02 --------- d-----w C:\Program Files\Google
2008-03-02 04:43 --------- d-----w C:\Documents and Settings\Rachael\Application Data\ZoomBrowser EX
2008-03-02 04:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-03-01 04:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-24 21:45 --------- d-----w C:\Documents and Settings\Rachael\Application Data\Smart Panel
2008-01-31 22:39 --------- d-----w C:\Program Files\Coupons
2008-01-26 02:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 02:12 --------- d-----w C:\Program Files\Spaark
2008-01-26 02:12 --------- d-----w C:\Program Files\Common Files\gst
2008-01-22 02:32 --------- d-----w C:\Program Files\iPod
2008-01-22 02:29 --------- d-----w C:\Program Files\QuickTime
2008-01-17 18:45 58,619,176 ----a-w C:\Program Files\iTunesSetup.exe
2007-09-04 14:59 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-09-04 14:23 250,895 ----a-w C:\Program Files\realarcade_readersdi_stub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 19:46 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-05 20:55 1481968]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 18:43 4670704]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-17 15:48 287040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [2007-04-08 11:44 303104]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 06:00 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 06:00 53760 C:\WINDOWS\system32\narrator.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-03-05 20:55 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=C:\WINDOWS\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Rachael^Start Menu^Programs^Startup^LifeDrive™ Manager.lnk]
path=C:\Documents and Settings\Rachael\Start Menu\Programs\Startup\LifeDrive™ Manager.lnk
backup=C:\WINDOWS\pss\LifeDrive™ Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2004-07-19 08:51 306688 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-08-13 02:05 122939 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX6600 Series]
--a------ 2004-02-29 21:00 98304 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-09-20 09:32 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-09-20 09:35 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a------ 2003-09-03 21:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 04:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-09-14 09:50 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2004-09-14 09:50 131072 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 21:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 18:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 02:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MpfService"=2 (0x2)
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McShield"=3 (0x3)
"Schedule"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Rhapsody\\rhapsody.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R2 mrtRate;mrtRate;C:\WINDOWS\system32\drivers\mrtRate.sys [1999-08-10 13:51]
S3 mamotou;mamotou;C:\WINDOWS\system32\DRIVERS\mamotou.sys [2007-02-02 17:57]
S3 qperc2;qperc2;C:\DOCUME~1\Rachael\LOCALS~1\Temp\qperc2.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-03-18 01:12:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 12:08:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
.
Completion time: 2008-03-19 12:09:10
.
2008-03-15 15:20:19 --- E O F ---



________________________________________________________________________________
_______________________________________


HiJack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:36 PM, on 3/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.schumanfa.../targetUPC.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D9EFA3B-4E85-41A8-9092-14012CD447C9} - http://216.24.116.21...amPlayerWeb.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://photo.walgree...eensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coupons.smart...oad/cscmv5X.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - http://www.adoramapi...geUploader4.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-cent...bin/actxcab.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EFB90C8-3652-438A-A52C-36B771DA6570}: NameServer = 216.24.119.10,216.24.112.10
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Rachael/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

--
End of file - 7920 bytes
  • 0

#4
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Hey Rachael9667,
Not a lot popping up there, can you identify any of these sites???

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.schumanfamily.com/fatwallet/targetUPC.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
O16 - DPF: {1D9EFA3B-4E85-41A8-9092-14012CD447C9} - http://216.24.116.214:8080/img/NetCamPlayerWeb.ocx
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab

You have P2P Limewire installed and bit torrent DNA, which can and will open the door for problems.

Let me know.

Harry
  • 0

#5
Rachael9667

Rachael9667

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I just learned (before I got your message) what bit torrent and p2p websites do, I had no idea - anyway, I have removed the bit torrent programs and since I've never opened or ran Limewire (nor downloaded anything), I think it will be ok (I hope).

With regard to the web addresses, the first one is my browser's start page (it doesn't exist anymore) the others are a big no. Anything that says myway in it makes me very nervous. What are your thoughts on that?
  • 0

#6
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Hi Rachael9667,
As to the myway thing, one of the machines here still opens to Dell's myway homepage. I stay away from the rest of the pre-loaded Dell stuff.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.schumanfa.../targetUPC.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O16 - DPF: {1D9EFA3B-4E85-41A8-9092-14012CD447C9} - http://216.24.116.21...amPlayerWeb.ocx
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coupons.smart...oad/cscmv5X.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-cent...bin/actxcab.cab


Click on Fix Checked when finished and exit HijackThis.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\DNA
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Post a fresh HJT log, let me know if your problems still exist.

Harry
  • 0

#7
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP