Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

malware attempt please review

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

malware attempt please review

Unread postby chad27 » November 5th, 2007, 10:45 am

Hello thanks for the help in this issue.I got attacked last nite by some zlob downloaders etc,pop ups.I tried to block action attempts by clicking on block all in my internet security suite.But they got in some how.So i did what i knew to fix this issue.Afterwards i ran a highjack log listed below.I havent really noticed anything going on now.But im no pro at this please look at the log to see if there is something not supposed to be going on.Thanks in advance for your time. :?
chad27
Active Member
 
Posts: 9
Joined: November 2nd, 2007, 5:43 pm
Location: mississippi
Advertisement
Register to Remove

Re: malware attempt please review

Unread postby chad27 » November 5th, 2007, 10:46 am

[quote="chad27"]Hello thanks for the help in this issue.I got attacked last nite by some zlob downloaders etc,pop ups.I tried to block action attempts by clicking on block all in my internet security suite.But they got in some how.So i did what i knew to fix this issue.Afterwards i ran a highjack log listed below.I havent really noticed anything going on now.But im no pro at this please look at the log to see if there is something not supposed to be going on.Thanks in advance for your time. :?file of HijackThis v1.99.1
Scan saved at 7:35:21 AM, on 11/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\carrie\Desktop\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {43BF8E0C-886D-4103-8DDB-2DFE0E8A0168} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - C:\Program Files\Starware316\bin\Starware316.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Starware Screensavers Toolbar - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware316\bin\Starware316.dll (file missing)
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe
O4 - HKCU\..\Run: [Analogue Vista Clock] C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe
O4 - HKCU\..\Run: [CrystalXP] C:\Program Files\CrystalXP\CrystalXP.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WBSrv - C:\WINDOWS\
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservic
chad27
Active Member
 
Posts: 9
Joined: November 2nd, 2007, 5:43 pm
Location: mississippi

Unread postby Bob4 » November 6th, 2007, 7:23 am

_________________________________
Welcome to the Forums.

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. So lets do this to the end!

  • All hijackthis logs I ask for should be done in normal mode ( not safe mode)
  • These logs should be done last after you have followed my instructions in the previous post.



Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!


Looks as if Smitfraud (Zlob) could have been there. Let's have a good look.





______________________________
HJT
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked


F3 - REG:win.ini: run=
O2 - BHO: (no name) - {43BF8E0C-886D-4103-8DDB-2DFE0E8A0168} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - C:\Program Files\Starware316\bin\Starware316.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Starware Screensavers Toolbar - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware316\bin\Starware316.dll (file missing)
O20 - Winlogon Notify: WBSrv - C:\WINDOWS\







______________________________
Download SmitfraudFix (by S!Ri) to your Desktop.
Smitfraud by S!ri




  • Double clcik the smitfraud.exe
  • When promted
    Press any key to continue.
  • Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with any others I have asked for in your next reply.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. When prompted by allow it to run




IMPORTANT: Do NOT run any other options until you are asked to do so!
If you do and smitfraud isn't present it will have undesirable effects









________________________________________
Panda
Run Panda's ActiveScan from here and perform a full system scan.
- Once you are on the Panda site click the "Scan your PC" button
- A new window will open...click the big "Check Now" button
- Enter your Country
- Enter your State/Province
- Enter your Valid Email
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
- Click on "Local Disks" to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
- Post Panda scan results in your next reply



_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from Smitfraud
  • The report from Panda's Online scanner


User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

hj report as rquested

Unread postby chad27 » November 6th, 2007, 6:10 pm

Logfile of HijackThis v1.99.1
Scan saved at 15:03, on 2007-11-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\carrie\Desktop\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [Analogue Vista Clock] C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe
O4 - HKCU\..\Run: [CrystalXP] C:\Program Files\CrystalXP\CrystalXP.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservic
chad27
Active Member
 
Posts: 9
Joined: November 2nd, 2007, 5:43 pm
Location: mississippi

smit fraud report as requested

Unread postby chad27 » November 6th, 2007, 6:11 pm

SmitFraudFix v2.248

Scan done at 5:56:30.18, 2007-11-06
Run from C:\Documents and Settings\carrie\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\carrie


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\carrie\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\carrie\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Dell Wireless 1370 WLAN Mini-PCI Card - Packet Scheduler Miniport
DNS Server Search Order: 24.116.221.232
DNS Server Search Order: 24.116.2.34

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D56D8608-4CFE-411C-87C9-EAC81FC471FA}: DhcpNameServer=24.116.221.232 24.116.2.34
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D56D8608-4CFE-411C-87C9-EAC81FC471FA}: DhcpNameServer=24.116.221.232 24.116.2.34
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D56D8608-4CFE-411C-87C9-EAC81FC471FA}: DhcpNameServer=24.116.221.232 24.116.2.34
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.116.221.232 24.116.2.34
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.116.221.232 24.116.2.34


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
chad27
Active Member
 
Posts: 9
Joined: November 2nd, 2007, 5:43 pm
Location: mississippi

panda scan as requested

Unread postby chad27 » November 6th, 2007, 6:13 pm

Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D}
Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\ComboFix\nircmd.cfexe
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\All Users\Application Data\BOC425\evidence.boc
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\carrie\Desktop\ComboFix(2).exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\carrie\Desktop\ComboFix(2).exe[nircmd.cfexe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\carrie\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\carrie\Desktop\ComboFix.exe[nircmd.cfexe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\carrie\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\carrie\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\carrie\Desktop\SmitfraudFix\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\carrie\Desktop\SmitfraudFix(2)\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\carrie\Desktop\SmitfraudFix(2)\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\carrie\Desktop\SmitfraudFix(2)\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\carrie\Desktop\SmitfraudFix(2).zip[SmitfraudFix/Process.exe]
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\carrie\Desktop\SmitfraudFix(2).zip[SmitfraudFix/Reboot.exe]
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\carrie\Desktop\SmitfraudFix(2).zip[SmitfraudFix/restart.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\carrie\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\carrie\Desktop\SmitfraudFix.zip[SmitfraudFix/Reboot.exe]
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\carrie\Desktop\SmitfraudFix.zip[SmitfraudFix/restart.exe]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt[.azjmp.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt[.com.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\chad\Cookies\chad@maxserving[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfec
chad27
Active Member
 
Posts: 9
Joined: November 2nd, 2007, 5:43 pm
Location: mississippi

Unread postby Bob4 » November 6th, 2007, 9:10 pm

Doesn't look bad at all.

Please delete the smitfraud fix from your desktop as you will not need it.



ComboFix
__________________________________
I also see you have combofix . Did you run it ?
If you have run it already it should have produced a lod for me to look at.
Location is:
c:\comboFix.txt
Please post that log for me.

If you haven't run it yet don't and just let me know you haven't yet. I want to be sure we have the lateset version before running it.


______________________________

Download and install CCleaner from here


If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.

  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Reset Temp File Removal for Regular Use.
    Click on the Options block on the left. Select the Advanced button.
    Check "Only delete files in Windows Temp folders older than 48 hours".


    Now run the program and click on Run Cleaner
    ( Do not use the Registry function to clean anything with this program. Having anything auto clean your regisrty is risky).


AVG Anti-Spyware:
________________________________________
Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).



    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    • Open up AVG anti Malware

Please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports.
    • Under What to scan? - Select Scan every file.
Close all open windows.
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
  • Make sure that Set all elements to: shows Quarantine
  • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
  • When the program has finished, it will display the message All actions have been applied.
  • Then click the Save Scan Report button.
  • Click the Save Report as button.
  • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
  • Reboot in normal mode.

________________________________


open CCleaner
click on tools
highlight uninstall

down on the bottom click save to text file.
Save it to your desktop and post
the contents
of that log for me.
_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from ComboFix if you have already run it.
  • The report from ccleaner uninstall list.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

this is the latest hijack log

Unread postby chad27 » November 6th, 2007, 10:57 pm

Logfile of HijackThis v1.99.1
Scan saved at 20:53, on 2007-11-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\carrie\Desktop\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Analogue Vista Clock] C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe
O4 - HKCU\..\Run: [CrystalXP] C:\Program Files\CrystalXP\CrystalXP.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service (file missing)
chad27
Active Member
 
Posts: 9
Joined: November 2nd, 2007, 5:43 pm
Location: mississippi

avg scan report

Unread postby chad27 » November 6th, 2007, 10:59 pm

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:49 2007-11-06

+ Scan result:



:mozilla.10:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.293:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.404:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.474:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.475:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.23:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.24:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.537:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.538:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.52:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.53:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.54:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.55:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.56:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\Documents and Settings\carrie\Application Data\Mozilla\Firefox\Profiles\4cu2doda.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.66:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.632:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.100:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.101:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.102:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.103:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.96:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.97:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.98:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.99:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.536:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.150:C:\Documents and Settings\carrie\Application Data\Mozilla\Firefox\Profiles\4cu2doda.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.83:C:\Documents and Settings\carrie\Application Data\Mozilla\Firefox\Profiles\4cu2doda.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.163:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.139:C:\Documents and Settings\carrie\Application Data\Mozilla\Firefox\Profiles\4cu2doda.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.28:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.29:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.30:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.31:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.147:C:\Documents and Settings\carrie\Application Data\Mozilla\Firefox\Profiles\4cu2doda.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.65:C:\Documents and Settings\carrie\Application Data\Mozilla\Firefox\Profiles\4cu2doda.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.660:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.661:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.662:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.663:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.664:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.665:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.666:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.667:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.668:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.669:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.670:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.671:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.672:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.673:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.180:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.181:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.182:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.183:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.184:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.235:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.236:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.59:C:\Documents and Settings\carrie\Application Data\Mozilla\Firefox\Profiles\4cu2doda.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.246:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.252:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.253:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.605:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.592:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.593:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.594:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.568:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.544:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Matchcraft : Cleaned.
:mozilla.545:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Matchcraft : Cleaned.
:mozilla.546:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Matchcraft : Cleaned.
:mozilla.294:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.295:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.423:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.345:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.346:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.347:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.359:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.37:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.38:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.39:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.40:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.374:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.375:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.381:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.382:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.383:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.384:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.390:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.391:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.392:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.393:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.394:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.85:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.27:C:\Documents and Settings\carrie\Application Data\Mozilla\Firefox\Profiles\4cu2doda.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.28:C:\Documents and Settings\carrie\Application Data\Mozilla\Firefox\Profiles\4cu2doda.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.29:C:\Documents and Settings\carrie\Application Data\Mozilla\Firefox\Profiles\4cu2doda.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.30:C:\Documents and Settings\carrie\Application Data\Mozilla\Firefox\Profiles\4cu2doda.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.31:C:\Documents and Settings\carrie\Application Data\Mozilla\Firefox\Profiles\4cu2doda.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.34:C:\Documents and Settings\carrie\Application Data\Mozilla\Firefox\Profiles\4cu2doda.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.430:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.431:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.432:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.433:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.434:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.465:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.376:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.377:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.378:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.379:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.380:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.576:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.509:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.527:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.528:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.529:C:\Documents and Settings\chad\Application Data\Mozilla\Firefox\Profiles\4hrzsm3z.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end
chad27
Active Member
 
Posts: 9
Joined: November 2nd, 2007, 5:43 pm
Location: mississippi

combofix.log

Unread postby chad27 » November 6th, 2007, 11:09 pm

ComboFix 07-11-05.2 - carrie 2007-11-06 21:02:32.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.205 [GMT -8:00]
Running from: C:\Documents and Settings\carrie\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-07 to 2007-11-07 )))))))))))))))))))))))))))))))
.

2007-11-06 19:48 <DIR> d-------- C:\Documents and Settings\carrie\Application Data\Grisoft
2007-11-02 18:29 <DIR> d-------- C:\Program Files\PCPitstop
2007-11-01 11:59 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-11-01 11:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-01 11:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-31 20:28 <DIR> d-------- C:\Program Files\CONEXANT
2007-10-31 20:17 60,968 --a------ C:\Documents and Settings\carrie\GoToAssistDownloadHelper.exe
2007-10-31 14:16 <DIR> d-------- C:\KAV
2007-10-31 11:47 <DIR> d-------- C:\Program Files\XoftSpySE
2007-10-30 10:31 <DIR> d-------- C:\Documents and Settings\chad\Application Data\Comodo
2007-10-29 19:27 <DIR> d-------- C:\Program Files\CrystalXP
2007-10-29 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-29 16:41 <DIR> d-------- C:\Program Files\themexp
2007-10-29 16:41 <DIR> d-------- C:\Program Files\OneStepSearch
2007-10-29 11:56 <DIR> d-------- C:\Program Files\Java
2007-10-29 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2007-10-29 11:54 <DIR> d-------- C:\Program Files\Citrix
2007-10-29 11:53 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-28 17:46 <DIR> d-------- C:\Program Files\Stardock
2007-10-28 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-28 12:26 <DIR> d-------- C:\Program Files\TGTSoft
2007-10-28 09:34 <DIR> d-------- C:\Program Files\Analogue Vista Clock
2007-10-28 09:17 <DIR> d-------- C:\Program Files\LClock
2007-10-27 18:43 <DIR> d-------- C:\Documents and Settings\carrie\Application Data\SpywareRemover
2007-10-26 17:45 <DIR> d-------- C:\Documents and Settings\carrie\Application Data\AdwareAlert
2007-10-26 05:30 <DIR> d-------- C:\Documents and Settings\carrie\Application Data\Canon
2007-10-26 05:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\espionServerData
2007-10-26 05:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-10-26 05:10 <DIR> d-------- C:\Program Files\Common Files\Canon
2007-10-26 05:10 <DIR> d-------- C:\Program Files\Canon
2007-10-25 06:33 <DIR> d-------- C:\Program Files\onOne Software
2007-10-25 06:33 <DIR> d-------- C:\Program Files\Common Files\onOne Software Shared
2007-10-24 10:51 <DIR> d-------- C:\Program Files\CCleaner
2007-10-24 10:20 <DIR> d-------- C:\Documents and Settings\carrie\Application Data\Comodo
2007-10-24 08:02 <DIR> d-------- C:\Program Files\Viewpoint
2007-10-24 08:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-24 08:01 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-10-24 08:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-24 08:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-10-22 11:57 <DIR> d-------- C:\Program Files\Pacific Heroes
2007-10-22 11:56 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-10-22 11:46 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-10-22 11:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-10-21 13:45 <DIR> dr-h----- C:\MSOCache
2007-10-21 13:34 <DIR> d-------- C:\Documents and Settings\carrie\Application Data\Yahoo!
2007-10-21 13:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-21 13:24 <DIR> d-------- C:\Documents and Settings\carrie\Application Data\Symantec
2007-10-21 13:19 <DIR> d-------- C:\Program Files\Yahoo!
2007-10-21 13:10 <DIR> d-------- C:\Program Files\Comodo
2007-10-21 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BOC425
2007-10-21 13:05 <DIR> d-------- C:\Program Files\Google
2007-10-21 13:05 <DIR> d---s---- C:\Documents and Settings\carrie\UserData
2007-10-21 12:57 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-21 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-07 05:04 45,600 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-07 05:04 2,842,144 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-07 03:56 5,204 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-07 03:56 38,948 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-01 20:05 82,061 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-11-01 20:05 81,549 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-11-01 04:25 5 ----a-w C:\WINDOWS\system32\drivers\DELL_INS_2200.MRK
2007-11-01 04:25 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL_INS_2200.MRK
2007-11-01 04:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-28 20:28 2,320,768 ----a-w C:\WINDOWS\system32\kernel1.exe
2007-10-23 18:52 20,640 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-10-23 18:52 109,568 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-10-23 18:52 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-10-22 19:07 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-10-22 19:07 434,252 ----a-w C:\WINDOWS\system32\MSVCRTD.DLL
2007-10-22 19:07 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-10-22 19:07 216,576 ----a-w C:\WINDOWS\system32\monln.dll
2007-10-22 19:07 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.dll
2007-10-21 22:50 --------- d-----w C:\Program Files\SigmaTel
2007-10-21 22:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-21 22:48 --------- d-----w C:\Program Files\Dell
2007-10-21 22:47 --------- d-----w C:\Program Files\Intel
2007-10-21 22:38 --------- d-----w C:\Program Files\microsoft frontpage
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-09 03:02 235,008 ----a-w C:\WINDOWS\UNBOC.EXE
.

((((((((((((((((((((((((((((( snapshot@2007-11-05_ 9.51.34.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-24 16:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\asinst.dll
+ 2007-03-29 17:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll
+ 2006-10-06 00:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll
+ 2005-06-03 22:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll
+ 2003-08-01 19:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll
+ 2005-05-20 21:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll
+ 2006-02-17 02:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll
+ 2005-10-26 02:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll
+ 2004-05-04 23:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll
+ 2006-07-14 21:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe
+ 2006-04-10 18:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll
+ 2006-02-14 21:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll
+ 2006-02-17 02:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll
+ 2006-10-06 00:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll
+ 2006-06-30 22:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
+ 2004-02-04 22:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll
+ 2006-08-01 21:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll
+ 2006-08-23 21:06:08 1,388,544 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll
+ 2006-08-17 19:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll
+ 2006-09-04 19:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll
+ 2006-08-18 16:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll
+ 2007-03-26 22:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll
+ 2006-08-09 18:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll
+ 2006-07-19 18:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll
+ 2006-01-21 00:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll
+ 2006-05-17 17:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
+ 2006-08-16 18:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll
+ 2006-06-30 22:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll
+ 2006-08-17 22:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll
+ 2006-08-08 21:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll
+ 2006-08-18 16:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll
+ 2006-08-18 16:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll
+ 2007-04-19 01:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll
+ 2007-01-22 22:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll
+ 1997-09-18 14:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll
+ 2006-03-01 01:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
+ 2006-08-02 20:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe
- 2007-11-01 20:01:59 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-06 13:38:13 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-11-01 20:01:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-06 13:38:13 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-01 20:01:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-06 13:38:13 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-05-30 12:10:42 10,872 ----a-w C:\WINDOWS\system32\drivers\AvgAsCln.sys
- 2006-01-09 17:36:06 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2006-11-30 01:21:29 370,688 ----a-w C:\WINDOWS\system32\swsc.exe
- 2006-12-01 13:20:34 79,360 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2006-12-01 13:20:32 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2003-03-26 02:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.exe" [2007-08-08 18:49]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-06 16:09]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-06 16:06]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-06 16:10]
"PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [2007-10-26 14:53]
"PCPitstop Optimize Registration Reminder"="C:\Program Files\PCPitstop\Optimize\Reminder.exe" [2007-10-26 14:53]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 11:51]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Analogue Vista Clock"="C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe" [2007-09-25 15:26]
"CrystalXP"="C:\Program Files\CrystalXP\CrystalXP.exe" [2005-11-02 22:55]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2007-10-29 11:54 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Analogue Vista Clock]
C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BOC-425]
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cnfgCav]
"C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CrystalXP]
C:\Program Files\CrystalXP\CrystalXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wltrysvc"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"ose"=3 (0x3)
"gusvc"=3 (0x3)
"GoToAssist"=3 (0x3)
"Comodo Anti-Virus and Anti-Spyware Service"=2 (0x2)
"BOCore"=2 (0x2)
"AdobeActiveFileMonitor5.0"=2 (0x2)

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
S3 BOCDRIVE;BOClean Kernel Monitor.;\??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-05 11:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
"2007-11-05 11:00:00 C:\WINDOWS\Tasks\SpywareRemover Scheduled Scan.job"
- C:\Program Files\SpywareRemover\SpywareRemover.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-06 21:05:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-06 21:06:30
C:\ComboFix2.txt ... 2007-11-05 09:52
.
--- E O F ---
chad27
Active Member
 
Posts: 9
Joined: November 2nd, 2007, 5:43 pm
Location: mississippi

Unread postby Bob4 » November 7th, 2007, 7:47 am

I need the uninstall list from CCleaner I asked for in my last post please.


_________________________________
Please do an online scan with Kaspersky Online Scanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
Scan using the following Anti-Virus database:

Extended (If available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK

Now under select a target to scan select My Computer


Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Copy and paste that information in your next post.


_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from CCleaner uninstall list
  • The report from Kaspersky online scanner


User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: malware attempt please review

Unread postby NonSuch » November 15th, 2007, 12:06 am

This topic is now closed due to inactivity. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 58 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware