Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Removal of Malware, Successful? [CLOSED]


  • This topic is locked This topic is locked

#1
cubs23

cubs23

    New Member

  • Member
  • Pip
  • 4 posts
Hello Geeks To Go Staff,

I have made an attempt to clean my sister-in-laws machine of all it's spyware/malware. When I received the machine I was unable to access the internet other than to a re-directed page. I was able to load, via jump drive, most of the programs from the "please do this first..." post. I think I have removed most, if not all, the malware. I was hoping someone would have time to verify my work. I have attached the first logs including the first HJT log. In my second post I will include the most recent HJT log. Other than a slow boot, internet navigation and ccsvshost error on shut down the system is running much better.

Note: Some of the items on the log are from fix it files I have on the desktop but have not used nor installed. IE: combofix, fixiedef.

Malwarebytes' Anti-Malware 1.14
Database version: 800

8:35:03 PM 6/1/2008
mbam-log-6-1-2008 (20-35-03).txt

Scan type: Quick Scan
Objects scanned: 45104
Time elapsed: 11 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/01/2008 at 01:19 PM

Application Version : 4.1.1046

Core Rules Database Version : 3459
Trace Rules Database Version: 1450

Scan type : Complete Scan
Total Scan Time : 01:27:11

Memory items scanned : 523
Memory threats detected : 0
Registry items scanned : 5916
Registry threats detected : 0
File items scanned : 115491
File threats detected : 518

Adware.Tracking Cookie
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected]-2-2.stats.esomniture[2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][3].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected]q-2-2.stats.esomniture[2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected]bmdj6wvny-1sez2pra2dj6wjkywhc5kgqqydj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected]q-2-2.stats.esomniture[1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected]-2-2.stats.esomniture[2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected]-2-2.stats.esomniture[2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected]-2-2.stats.esomniture[2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][3].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected]wakycjcpshq.stats.esomniture[1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][3].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Stamper\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Stamper\Local Settings\Temp\Cookies\[email protected][1].txt

;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-06-02 07:42:23
PROTECTIONS: 1
MALWARE: 2
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Norton Internet Security 15.5.0.23 No Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00096718 adware/twain-tech Adware No 0 Yes No c:\windows\support.cn
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1508\A0063605.exe[327882R2FWJFW\NirCmdC.cfexe]
01176994 Bck/VB.XB Virus/Trojan No 0 Yes No C:\ComboFix\NirCmdC.cfexe
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location K
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description K
;===============================================================================
================================================================================
=
===================
120815 HIGH MS06-022 K
;===============================================================================
================================================================================
=
===================

Edited by cubs23, 03 June 2008 - 09:12 PM.

  • 0

Advertisements


#2
cubs23

cubs23

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
HJT Log 1

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:55 PM, on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Documents and Settings\Stamper\Desktop\HiJackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9918 bytes

HJT Log 2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:39 PM, on 6/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Stamper\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.co...?BundleId=21871
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8415 bytes
  • 0

#3
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hello and welcome to Geeks To Go! My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again.


I am looking over you log now, and I will post your first set of instructions shortly. :)
  • 0

#4
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hi cubs23,

Your logs looks pretty good, but let’s check a few things just to make sure. :)


Move HijackThis

Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. For this reason it cannot be run from a Zip file, Temporary folders, or desktop because the backups might be deleted. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!

  • Please go to Start > My Computer > C:\
  • right-click and select New > Folder then name the folder 'HJT'.
  • Copy and paste HijackThis.exe to the new folder.

===============================================

Fix with HijackThis

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

===============================================


ATF Cleaner

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

===============================================

Deckard's System Scanner

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
===============================================

Kaspersky WebScanner
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
===============================================

Needed in your next reply:
Deckard's System Scanner main.txt and extra.txt
Kaspersky WebScanner results
New HijackThis log

*Note* you may have to post the results in more then one post
  • 0

#5
cubs23

cubs23

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thank you bhowett. I should have a post for you with all the logs sometime tomorrow.

Thanks for your help with this!
  • 0

#6
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
no problem, I will take a look at them when you post them. :)
  • 0

#7
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP