Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ComboFix and HijackThis Log - Please Help me analyze them!


  • Please log in to reply

#1
KendraK

KendraK

    New Member

  • Member
  • Pip
  • 3 posts
Hello,

I have Outerinfo on my computer, the symptoms are: a ton of pop-ups. I've followed the instructions for getting rid of it, and I'm now at the step where I have to post my ComboFix and HijackThis log for analyzing.

ComboFix:


ComboFix 08-03-18.1 - Sharlon 2008-03-19 20:58:24.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.67 [GMT -7:00]Running from: C:\Documents and Settings\Sharlon\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Kendra\err.log
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\udajzbxn.dllbox
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\winantispyware 2007\Data\ProductCode
C:\Documents and Settings\Kendra\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\Kendra\Application Data\WinAntiSpyware 2007\Logs\update.log
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\tsks~1
C:\temp\tn3
C:\WINDOWS\BMe3d23a27.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\SYSTEM32\abadd.ini
C:\WINDOWS\SYSTEM32\abadd.ini2
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\c4
C:\WINDOWS\system32\drivers\CMDIDEE.sys
C:\WINDOWS\system32\iDlo01
C:\WINDOWS\system32\k8
C:\WINDOWS\system32\k8\ravecom3.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\s7
C:\WINDOWS\system32\s7\gbsu011.exe
C:\WINDOWS\system32\x3
C:\WINDOWS\wr.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDIDEE
-------\Legacy_TNIDRIVER
-------\Service_CMDIDEE
-------\Service_TnIDriver
-------\Legacy_CMDIDEE
-------\Legacy_TNIDRIVER


((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.

2008-03-19 17:59 . 2008-03-19 18:00 <DIR> d-------- C:\Documents and Settings\Kendra\Application Data\AVG7
2008-03-15 10:47 . 2008-03-15 10:47 <DIR> d-------- C:\Program Files\Dell Computer
2008-03-15 10:45 . 2008-03-19 18:23 <DIR> d-------- C:\Program Files\Dl_cats
2008-03-15 10:45 . 2008-03-15 10:46 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-03-15 10:42 . 2008-03-15 18:32 <DIR> d-------- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-03-15 10:42 . 2008-03-15 10:43 <DIR> d-------- C:\Program Files\Dell Photo AIO Printer 922
2008-03-15 10:42 . 2004-10-25 14:05 1,048,576 --a------ C:\WINDOWS\SYSTEM32\dlbtserv.dll
2008-03-15 09:57 . 2008-03-15 09:59 <DIR> d-------- C:\Documents and Settings\Will\Application Data\AVG7
2008-03-14 23:14 . 2008-03-14 23:14 230 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.inf
2008-03-14 21:22 . 2008-03-14 21:22 9,662 --a------ C:\WINDOWS\SYSTEM32\ZoneAlarmIconUS.ico
2008-03-14 19:40 . 2008-03-14 21:23 <DIR> d-------- C:\Documents and Settings\Sharlon\Application Data\AVG7
2008-03-14 14:21 . 2008-03-14 14:50 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-03-14 14:18 . 2008-03-14 14:18 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2008-03-14 14:18 . 2008-03-14 14:19 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2008-03-14 10:50 . 2008-03-14 10:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-14 10:35 . 2008-03-14 10:37 <DIR> d-------- C:\winreg
2008-03-13 17:39 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2008-03-13 17:39 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2008-03-13 17:39 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2008-03-13 17:39 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2008-03-13 17:39 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2008-03-13 17:39 . 2008-03-13 17:39 336 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-03-13 16:10 . 2008-03-13 16:10 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-13 16:10 . 2008-03-14 09:06 <DIR> d-------- C:\Documents and Settings\Genesis Landscape\Application Data\AVG7
2008-03-13 16:09 . 2008-03-13 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-13 16:09 . 2008-03-13 16:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-13 11:37 . 2008-03-13 11:37 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-13 11:37 . 2008-03-13 11:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-13 11:35 . 2008-03-13 11:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-13 10:39 . 2007-12-06 19:21 6,066,176 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-03-13 10:39 . 2007-06-30 20:31 2,455,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2008-03-13 10:39 . 2007-06-30 20:36 991,232 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2008-03-13 10:39 . 2007-12-06 19:21 459,264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2008-03-13 10:39 . 2007-12-06 19:21 383,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2008-03-13 10:39 . 2007-12-06 19:21 267,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2008-03-13 10:39 . 2007-12-06 19:21 63,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2008-03-13 10:39 . 2007-12-06 19:21 52,224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2008-03-13 10:39 . 2007-12-06 04:00 13,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-03-13 10:02 . 2008-03-13 10:02 <DIR> d-------- C:\Program Files\MSBuild
2008-03-13 09:57 . 2008-03-13 10:49 <DIR> d-------- C:\WINDOWS\SYSTEM32\XPSViewer
2008-03-13 09:56 . 2008-03-13 09:56 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-03-13 09:54 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\SYSTEM32\spmsg2.dll
2008-03-13 09:53 . 2008-03-13 09:53 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-13 09:40 . 2006-11-12 23:02 288,768 --------- C:\WINDOWS\SYSTEM32\rhttpaa.dll
2008-03-13 09:40 . 2006-11-12 23:02 116,736 --------- C:\WINDOWS\SYSTEM32\aaclient.dll
2008-03-13 09:40 . 2006-11-12 23:02 36,352 --------- C:\WINDOWS\SYSTEM32\tsgqec.dll
2008-03-12 13:42 . 2008-03-13 09:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-12 13:14 . 2008-03-12 13:14 <DIR> d-------- C:\VundoFix Backups
2008-03-12 10:05 . 2008-03-12 10:05 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-12 10:04 . 2008-03-13 12:16 <DIR> d-------- C:\CrashBox
2008-03-12 03:01 . 2008-03-12 03:01 127 --a------ C:\WINDOWS\SYSTEM32\MRT.INI
2008-03-11 17:49 . 2008-03-11 17:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-11 17:48 . 2008-03-12 11:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-11 17:48 . 2008-03-12 11:50 <DIR> d-------- C:\Documents and Settings\Genesis Landscape\Application Data\SUPERAntiSpyware.com
2008-03-11 17:45 . 2008-03-14 10:51 <DIR> d-------- C:\Documents and Settings\Genesis Landscape\Application Data\U3
2008-03-11 16:17 . 2008-03-11 16:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-03-11 16:05 . 2005-03-15 23:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-03-11 16:05 . 2005-03-15 23:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-03-11 13:27 . 2008-03-11 13:28 <DIR> d-------- C:\RegClean
2008-03-06 10:19 . 2008-03-12 11:53 1,307,397 ---hs---- C:\WINDOWS\SYSTEM32\uasuikpb.ini
2008-03-05 10:50 . 2008-03-12 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-05 10:46 . 2008-03-12 09:59 <DIR> d--hs---- C:\WINDOWS\U2hhcmxvbg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 17:48 --------- d-----w C:\Program Files\Jasc Software Inc
2008-03-15 17:48 --------- d-----w C:\Documents and Settings\Sharlon\Application Data\Jasc Software Inc
2008-03-13 17:22 --------- d-----w C:\Program Files\Viewpoint
2008-03-13 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-12 22:40 --------- d-----w C:\Program Files\SpyShredder
2008-03-06 17:20 246 ----a-w C:\Program Files\Common Files\labu247
2008-02-04 21:17 --------- d-----w C:\Documents and Settings\Kendra\Application Data\AdobeUM
2008-02-01 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-02-01 18:39 --------- d-----w C:\Program Files\Dell Support Center
2008-02-01 18:39 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-02-01 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-01-21 17:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 17:10 --------- d-----w C:\Program Files\Google
2008-01-21 01:30 --------- d-----w C:\Program Files\Common Files\Real
2008-01-21 01:29 --------- d--h--r C:\Documents and Settings\Sharlon\Application Data\yahoo!
2008-01-21 01:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-21 01:28 --------- d-----w C:\Program Files\Yahoo!
2005-03-28 18:23 32,159 -c--a-w C:\WINDOWS\Fonts\crackman.zip
2005-03-28 18:23 25,273 -c--a-w C:\WINDOWS\Fonts\coolveti.zip
2005-03-23 21:54 684 -c--a-w C:\Documents and Settings\Kendra\g8pref.dat
2005-03-23 21:32 480 -c--a-w C:\Documents and Settings\Kendra\chart.dat
1998-12-30 16:35 151,658 -c--a-w C:\Documents and Settings\Kendra\npcosmop211.zip
2005-09-12 21:23 848 -csha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 12:36 290816]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 14:41 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-13 16:10 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayyyww]
yayyyww.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ddaba.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-03-13 16:11 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe3d23a27]
C:\WINDOWS\system32\iaulgwgv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]
--a------ 2004-11-10 12:36 290816 C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 00:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 10:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e0e109bb]
C:\WINDOWS\system32\bpkiusau.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 10:32 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 10:36 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 10:35 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2002-07-16 14:21 28672 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-09-14 07:50 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-03-15 23:22 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 14:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 16:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 00:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"QBFCService"=3 (0x3)
"NetSvc"=3 (0x3)
"DSBrokerService"=3 (0x3)
"dlbt_device"=3 (0x3)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"aawservice"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2005\\QBDBMgrN.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

R3 crtaud;Conexant Riptide WDM Audio Driver;C:\WINDOWS\system32\drivers\crtaud.sys [2001-08-17 13:19]
R3 rpfun;Conexant Riptide Dummy Driver;C:\WINDOWS\system32\drivers\rpfun.sys [2001-08-17 13:19]
R3 rthwcls;Conexant Riptide Bus / Firmware Downloader;C:\WINDOWS\system32\drivers\rthwcls.sys [2001-08-17 13:19]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 01:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (GENESIS-Sharlon).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 21:05:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
.
**************************************************************************
.
Completion time: 2008-03-19 21:10:09 - machine was rebooted [Sharlon]
ComboFix-quarantined-files.txt 2008-03-20 04:10:03
.
2008-03-17 10:01:14 --- E O F ---




HijackThis:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:23 PM, on 3/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[email protected]
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZJfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Documents and Settings\Kendra\My Documents\Ebay\Ebay.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O20 - Winlogon Notify: yayyyww - yayyyww.dll (file missing)
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe

--
End of file - 4557 bytes








Please help me! The pop-ups have seemed to go away since I ran ComboFix, but it said that I should still post this stuff for you to analyze. Thanks so much!

Kendra
  • 0

Advertisements


#2
KendraK

KendraK

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Also, here is my SUPERAntiSpyware Scan Log, if that's of any help:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/19/2008 at 10:25 PM

Application Version : 4.0.1154

Core Rules Database Version : 3422
Trace Rules Database Version: 1414

Scan type : Complete Scan
Total Scan Time : 00:48:49

Memory items scanned : 320
Memory threats detected : 0
Registry items scanned : 4768
Registry threats detected : 0
File items scanned : 62786
File threats detected : 42

Adware.Tracking Cookie
C:\Documents and Settings\Sharlon\Cookies\[email protected][1].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][2].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][1].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][1].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][2].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][1].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][2].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][1].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][1].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][1].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][2].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][2].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][1].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][1].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][1].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][2].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][2].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][1].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][2].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][2].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][1].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][1].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][2].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][2].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][3].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][1].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][2].txt
C:\Documents and Settings\Sharlon\Cookies\[email protected][1].txt
C:\Documents and Settings\Will\Cookies\[email protected][1].txt
C:\Documents and Settings\Will\Cookies\[email protected][1].txt
C:\Documents and Settings\Will\Cookies\[email protected][1].txt
C:\Documents and Settings\Will\Cookies\[email protected][2].txt
C:\Documents and Settings\Will\Cookies\[email protected][2].txt
C:\Documents and Settings\Will\Cookies\[email protected][1].txt
C:\Documents and Settings\Will\Cookies\[email protected][1].txt
C:\Documents and Settings\Will\Cookies\[email protected][2].txt
C:\Documents and Settings\Will\Cookies\[email protected][1].txt
C:\Documents and Settings\Will\Cookies\[email protected][2].txt

Malware.SpyShredder
C:\Program Files\SpyShredder

Adware.OuterInfo-Installer
C:\DOCUMENTS AND SETTINGS\SHARLON\DESKTOP\OIUNINSTALLER.EXE
C:\WINDOWS\Prefetch\OIUNINSTALLER.EXE-08BC8C8E.pf

Adware.Rabio Search Enhancer
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\K8\RAVECOM3.EXE.VIR





Thanks,
Kendra
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP