Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

halfassed Desktop for DFW

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

halfassed Desktop for DFW

Unread postby halfassed » December 3rd, 2007, 10:40 pm

OK....Here goes....Its gonna be ugly!!

I will uninstall all P2P software tomorrow.....gotta get to bed now though!


HJT Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:44 PM, on 12/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\WINDOWS\system32\DNHlp32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [DNHelper32] C:\WINDOWS\system32\DNHlp32.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [a46e0990] rundll32.exe "C:\WINDOWS\system32\kgvhljvf.dll",b
O4 - HKCU\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /M "Stylus CX4600" /EF "HKCU"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8215694421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8216185875
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C9FE3C9-DFFA-4B94-BA05-6F184A52B8DB}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0278741196244807) (0278741196244807mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\027874~1.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O24 - Desktop Component 0: (no name) - C:\DOCUME~1\BOB\LOCALS~1\Temp\Locator.gif

--
End of file - 9025 bytes
halfassed
Regular Member
 
Posts: 25
Joined: November 22nd, 2007, 9:57 pm
Advertisement
Register to Remove

Re: halfassed Desktop for DFW

Unread postby DFW » December 4th, 2007, 4:45 am

Hi halfassed

Be back soon with start of your fix..
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: halfassed Desktop for DFW

Unread postby DFW » December 4th, 2007, 8:43 am

We need to have the files below Scanned
by Uploading them/it to Jotti


Please visit http://virusscan.jotti.org/
Click on Browse... and navigate to the following file: C:\WINDOWS\system32\DNHlp32.exe
Click Open
Please post back, to let me know the results.





Rename HJT

Go to your C Drive, then Program Files, then open the Trend Micro folder, inside find the HJT folder,
Inside the HJT folder find HijackThis.exe, Right click on it and rename to "seemenow"




1 Please download >>ComboFix<< by sUBs:
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall





Post the results from the Jotti scan, a new HJT Log and the Combofix log
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: halfassed Desktop for DFW

Unread postby halfassed » December 4th, 2007, 7:03 pm

Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1

File to upload & scan:
Service
Service load: 0% 100%

File: DNHlp32.exe_
Status: OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 75be86547cc058bf7efb1b944de24776
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 04 Dec 2007 22:55:38 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Powered by

Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, HotelScraper.com, people who donated in the past, and some people who prefer to remain anonymous... many thanks to all!
--------------------------------------------------------------------------------


Statistics
Last file scanned at least one scanner reported something about: e-bpk166.zip (MD5: a8eb36a2a64986a55e2231cfa16db957, size: 861274 bytes), detected by:

Scanner Malware name
A-Squared Riskware.Monitor.Win32.Perflogger.bs
AntiVir DR/Perflogger.AH
ArcaVir X
Avast Win32:Spyware-gen
AVG Antivirus Logger.AZY
BitDefender Generic.Keylogger.3A457362
ClamAV Trojan.Keylogger.AC
CPsecure Troj.Spy.W32.Perfloger.A
Dr.Web Trojan.Peflog.157
F-Prot Antivirus security risk or a "backdoor" program
F-Secure Anti-Virus not-a-virus:Monitor.Win32.Perflogger.bs (6, 2, 604)
Fortinet X
Ikarus Win32.SuspectCrc
Kaspersky Anti-Virus not-a-virus:Monitor.Win32.Perflogger.bs
NOD32 a variant of Win32/Spy.PerfKey
Norman Virus Control Suspicious_F.gen
Panda Antivirus Trj/Keylog.LH
Rising Antivirus Trojan.Spy.PerfLoger.c
Sophos Antivirus Mal/Generic-A
VirusBuster TrojanSpy.Perfloger.Y
VBA32 Trojan.Peflog.157


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.





Frequently asked questions - Feedback - Privacy policy



Page generated by JTPL

© 2004-2007 Jordi Bosveld <jotti@jotti.org>


ComboFix 07-12-02.6 - BOB 2007-12-04 18:08:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.522 [GMT -5:00]
Running from: C:\Documents and Settings\BOB\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\arvorisk.dll
C:\WINDOWS\system32\bifiihnd.ini
C:\WINDOWS\system32\dnhiifib.dll
C:\WINDOWS\system32\dqpgmrqh.dll
C:\WINDOWS\system32\fkrtwnwm.dll
C:\WINDOWS\system32\fvjlhvgk.ini
C:\WINDOWS\system32\genqaafv.dll
C:\WINDOWS\system32\hqrmgpqd.ini
C:\WINDOWS\system32\kgvhljvf.dll
C:\WINDOWS\system32\kwbwywbq.ini
C:\WINDOWS\system32\mljhggf.dll
C:\WINDOWS\system32\mwnwtrkf.ini
C:\WINDOWS\system32\pmnmmlm.dll
C:\WINDOWS\system32\qbwywbwk.dll
C:\WINDOWS\system32\qomllig.dll
C:\WINDOWS\system32\shfkgrhm.dll
C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\srqss.ini2
C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\tgmjxaap.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 )))))))))))))))))))))))))))))))
.

2007-12-03 21:38 . 2007-12-03 21:38 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-03 01:35 . 2007-12-03 01:35 73,280 --a------ C:\WINDOWS\system32\jkdvgens.dll
2007-11-28 11:18 . 2007-11-28 11:18 23,696 --a------ C:\WINDOWS\system32\ddcawwv.dll
2007-11-16 22:56 . 2007-11-16 23:08 48 ---hs---- C:\WINDOWS\S2E9F52F9.tmp
2007-11-16 22:55 . 2007-11-16 23:07 <DIR> d-------- C:\Program Files\SlySoft
2007-11-07 10:26 . 2007-11-07 10:26 96,832 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 10:14 --------- d-----w C:\Program Files\Common Files\McAfee
2007-11-17 04:06 --------- d-----w C:\Program Files\CloneDVD2
2007-11-11 14:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-11 14:20 --------- d-----w C:\Program Files\CyberLink DVD Solution
2007-11-11 14:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-28 21:24 --------- d-----w C:\Program Files\Java
2007-03-18 12:10 202 ----a-w C:\Documents and Settings\BOB\CloneDVD.reg
2007-01-01 03:34 87,608 ----a-w C:\Documents and Settings\BOB\Application Data\ezpinst.exe
2007-01-01 03:34 47,360 ----a-w C:\Documents and Settings\BOB\Application Data\pcouffin.sys
2005-10-31 01:59 69,184 ----a-w C:\Documents and Settings\BOB\Application Data\GDIPFONTCACHEV1.DAT
2005-04-01 02:17 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2007-11-28 11:18 23696 --a------ C:\WINDOWS\system32\ddcawwv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX4600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.exe" [2004-03-04 03:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 21:10]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"EPSON Stylus CX4600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.exe" [2004-03-04 03:00]
"DNHelper32"="C:\WINDOWS\system32\DNHlp32.exe" [2005-04-11 10:12]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 18:41]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 11:45]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 14:21]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33]

C:\Documents and Settings\BOB\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [2004-07-20 11:05:10]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\DOCUME~1\BOB\LOCALS~1\Temp\Locator.gif
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\ddcawwv.dll [2007-11-28 11:18 23696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcawwv]
ddcawwv.dll 2007-11-28 11:18 23696 C:\WINDOWS\system32\ddcawwv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ssqrs.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 dk2drv;DK2 WindowsNT Driver;\??\C:\WINDOWS\system32\Drivers\dk2drv.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

*Newly Created Service* - MCPROXY
.
Contents of the 'Scheduled Tasks' folder
"2007-11-15 08:06:00 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2007-12-01 06:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-12-03 08:45:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 18:16:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-04 18:19:01 - machine was rebooted
.
--- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:22:53 PM, on 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\E_S00RP1.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\WINDOWS\system32\DNHlp32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\PROGRA~1\mcafee\msc\mcupdui.exe
c:\program files\mcafee\virusscan\mcinsupd.exe
C:\Program Files\Trend Micro\HijackThis\seemenow.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {3FBB3766-9659-4A08-8301-D826A452CB39} - C:\WINDOWS\system32\mllml.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddcawwv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [DNHelper32] C:\WINDOWS\system32\DNHlp32.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /M "Stylus CX4600" /EF "HKCU"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8215694421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8216185875
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C9FE3C9-DFFA-4B94-BA05-6F184A52B8DB}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ddcawwv - C:\WINDOWS\SYSTEM32\ddcawwv.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O24 - Desktop Component 0: (no name) - C:\DOCUME~1\BOB\LOCALS~1\Temp\Locator.gif

--
End of file - 9714 bytes
halfassed
Regular Member
 
Posts: 25
Joined: November 22nd, 2007, 9:57 pm

Re: halfassed Desktop for DFW

Unread postby DFW » December 6th, 2007, 3:53 am

Open up Hijackthis
Click on do a system scan only.
Place a checkmark next to these lines(if still present)

O2 - BHO: (no name) - {3FBB3766-9659-4A08-8301-D826A452CB39} - C:\WINDOWS\system32\mllml.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddcawwv.dll
O20 - Winlogon Notify: ddcawwv - C:\WINDOWS\SYSTEM32\ddcawwv.dll
O24 - Desktop Component 0: (no name) - C:\DOCUME~1\BOB\LOCALS~1\Temp\Locator.gif


Then close all windows except Hijackthis and click Fix Checked



Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Uncheck and delete everything you find in there. (except for "My current home page")





Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code: Select all
File::
C:\WINDOWS\system32\jkdvgens.dll
C:\WINDOWS\system32\ddcawwv.dll
C:\WINDOWS\S2E9F52F9.tmp
C:\WINDOWS\system32\ssqrs.dll
C:\Documents and Settings\BOB\Local Settings\Temp\Locator.gif 



Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcawwv] 


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.





Once Combofix has Finished Download ATF Cleaner and AVG.




Please download ATF Cleaner here by Atribune. This program is for XP and Windows 2000 only.
It does not require any installation and uses minimal system resources.
It is set up to clean IE, FireFox and Opera, and detects the browsers you have and grays out the other(s.[/b]

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Recommend UNCHECKING COOKIES if you rely on system remembered passwords.
  • Click the Empty Selected button.

    If you use Firefox browser
  • Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser
  • Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.






AVG Anti-Spyware

Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer,
    make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).
Please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now
    change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports.
    • Under What to scan? - Select Scan every file.
Close all open windows.



We Now Need To Boot Into Safemode Now

Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc (BOOT SCREEEN).
At this point you should gently tap the F8 key repeatedly until you are presented with a Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.





  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button This must done before saving the report
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
      Image
  • Right-click the AVG Tray Icon and select Exit.
  • Now copy the report back to this topic.




Restart into normal mode



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u3.
http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.



Post the results from the AVG scan, a new HJT Log and the Combofix log
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: halfassed Desktop for DFW

Unread postby halfassed » December 9th, 2007, 7:19 pm

Sorry it took so long to get all of this done. Family duties, super dad, etc.!

I couldn't find the Combofix log after everything was done. Should I do another scan and save that log?




---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 17:40 2007-12-09

+ Scan result:



C:\Documents and Settings\BOB\My Documents\connection speed patch for windows XP.zip/EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.7:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.8:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.9:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.10:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.78:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned.
:mozilla.79:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned.
:mozilla.80:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned.
:mozilla.81:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned.
:mozilla.86:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.87:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.567:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.142:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.143:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.144:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.162:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.163:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.164:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.165:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.168:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.174:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.175:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.176:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.177:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.178:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.179:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.180:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.181:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.182:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.183:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.184:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.185:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.186:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.187:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.188:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.189:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.190:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.191:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.192:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.193:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.194:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.195:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.196:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.197:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.198:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.199:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.200:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.201:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.202:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.203:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.204:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.205:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.206:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.207:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.208:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.209:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.210:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.211:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.212:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.213:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.214:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.215:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.216:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.217:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.218:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.219:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.220:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.221:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.222:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.223:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.224:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.225:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.226:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.227:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.228:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.229:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.230:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.231:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.232:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.233:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.234:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.235:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.236:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.237:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.238:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.239:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.240:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.241:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.242:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.243:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.244:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.245:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.246:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.247:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.248:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.249:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.250:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.251:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.252:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.253:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.254:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.255:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.256:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.257:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.258:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.259:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.260:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.261:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.262:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.263:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.264:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.265:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.266:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.267:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.268:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.269:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.270:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.271:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.272:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.273:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.77:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.103:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.104:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.308:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.310:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.311:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.341:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.342:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.629:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.630:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.631:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.632:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.633:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.634:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.580:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.410:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.411:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.422:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.82:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.83:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.84:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.85:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.428:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.429:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.430:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.431:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.432:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.433:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.434:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.435:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.436:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.437:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.438:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.439:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.445:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.292:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.458:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.459:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.460:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.461:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.560:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.158:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.159:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.160:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.161:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.793:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.474:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.475:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.487:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.488:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.540:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.541:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.542:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.543:C:\Documents and Settings\BOB\Application Data\Mozilla\Firefox\Profiles\shy9id50.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13, on 2007-12-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\DNHlp32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\seemenow.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {3FBB3766-9659-4A08-8301-D826A452CB39} - C:\WINDOWS\system32\mllml.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddcawwv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {ab141564-f563-ec7b-4cf4-2c8a82a98fb7} - {7bf89a28-a8c2-4fc4-b7ce-365f465141ba} - C:\WINDOWS\system32\xgdjvgdi.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [DNHelper32] C:\WINDOWS\system32\DNHlp32.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [a46e0990] rundll32.exe "C:\WINDOWS\system32\ugktjxjw.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /M "Stylus CX4600" /EF "HKCU"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8215694421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8216185875
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C9FE3C9-DFFA-4B94-BA05-6F184A52B8DB}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ddcawwv - ddcawwv.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe

--
End of file - 9777 bytes
halfassed
Regular Member
 
Posts: 25
Joined: November 22nd, 2007, 9:57 pm

Re: halfassed Desktop for DFW

Unread postby DFW » December 10th, 2007, 1:47 pm

Please post the entire contents of the latest combofix scan (it will be in your C:\ drive, probably named Combofix2.txt.) If there are more, choose the latest one. When it is open, select the entire contents (Ctrl + A), copy them (Ctrl + C), and paste them (Ctrl + V) back here as a reply to this post.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: halfassed Desktop for DFW

Unread postby halfassed » December 10th, 2007, 6:42 pm

There is one there but it is the same as the first one I posted!
halfassed
Regular Member
 
Posts: 25
Joined: November 22nd, 2007, 9:57 pm

Re: halfassed Desktop for DFW

Unread postby DFW » December 10th, 2007, 7:45 pm

Please delete your current Combofix from your desktop, and the Combofix Log from your C Drive,
this is a new version that I need you to download

1 Please download >>ComboFix<< by sUBs:
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Post the new Combofix Log and a new HJT Log
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: halfassed Desktop for DFW

Unread postby halfassed » December 13th, 2007, 6:12 pm

I've tried but combofix DOES NOT create a log after it completes. Just some text file called avenger......What the heck do I do now?

And to top it all off my laptop won't allow me access to several of my email accounts. Just get a windows security pop up that wants user name and password for my ISP....... I suspect that it may be infected again. Is it possible to be re-infected from my desktop computer since they are networked?? Can they hide in mp3 files because I've transferred lots of them back and forth. Damn, this nightmare never seems to end!


Bob
halfassed
Regular Member
 
Posts: 25
Joined: November 22nd, 2007, 9:57 pm

Re: halfassed Desktop for DFW

Unread postby DFW » December 14th, 2007, 7:06 am

We need to try a new version of Combofix, please delete your current copy again


Now I would remove any infected system from your network, and do not copy any more MP3 just to be on the safe side, the trouble with
your emails with the window asking for your user name and password are a sure sign that there could be
trouble at your ISP end, how long has been happening??, and are all the email address from the same ISP.





Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**


Code: Select all
File:: 
C:\WINDOWS\S2E9F52F9.tmp
C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\ddcawwv.dll
C:\WINDOWS\system32\xgdjvgdi.dll 
C:\WINDOWS\system32\ugktjxjw.dll
C:\WINDOWS\system32\ssqrs.dll
C:\Documents and Settings\BOB\Local Settings\Temp\Locator.gif



Registry:: 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcawwv] 



Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Please post the entire contents of the latest combofix scan (it will be in your C:\ drive, probably named Combofix2.txt.)
If there are more, choose the latest one. When it is open, select the entire contents (Ctrl + A), copy them (Ctrl + C), and paste them (Ctrl + V) back here as a reply to this post.



Dont forget to post a new HJT Log along with the combofix log
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: halfassed Desktop for DFW

Unread postby halfassed » December 18th, 2007, 11:15 pm

Combofix is seriously driving me nuts!!

Again no report called combofix2.txt (I did a search of my entire computer), BUT...It did create a .zip file and a link on my desktop to send this file to bleepingcomputer! What gives? Am I screwing things up royally or what!?!

Here is HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15, on 2007-12-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\DNHlp32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\seemenow.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [DNHelper32] C:\WINDOWS\system32\DNHlp32.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /M "Stylus CX4600" /EF "HKCU"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8215694421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8216185875
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C9FE3C9-DFFA-4B94-BA05-6F184A52B8DB}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0316571197961841) (0316571197961841mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\031657~1.EXE (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe

--
End of file - 9334 bytes
halfassed
Regular Member
 
Posts: 25
Joined: November 22nd, 2007, 9:57 pm

Re: halfassed Desktop for DFW

Unread postby DFW » December 19th, 2007, 3:14 pm

Code: Select all
Combofix is seriously driving me nuts!!


Ok, we will try this one more time, this should sort it.



Click Start then Run....


Type Combofix /u in the runbox and click OK. (Note: The space between the x and the /u needs to be there)



Image
When shown the disclaimer, select 2.


Now go to your C drive and delete every combofix you see.


Download Combofix from any of the links below, and save it to your desktop.

Do not download Combofix untill your ready to run it.

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**


Code: Select all
File:: 
C:\WINDOWS\S2E9F52F9.tmp
C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\ddcawwv.dll
C:\WINDOWS\system32\xgdjvgdi.dll 
C:\WINDOWS\system32\ugktjxjw.dll
C:\WINDOWS\system32\ssqrs.dll
C:\Documents and Settings\BOB\Local Settings\Temp\Locator.gif



Registry:: 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcawwv] 



Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Please post the entire contents of the latest combofix scan (it will be in your C:\ drive, probably named Combofix.txt.)
If there are more, choose the latest one. When it is open, select the entire contents (Ctrl + A), copy them (Ctrl + C), and paste them (Ctrl + V) back here as a reply to this post.



Dont forget to post a new HJT Log along with the combofix log
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: halfassed Desktop for DFW

Unread postby halfassed » December 22nd, 2007, 8:05 am

Combofix created a zip file called catchme with a temp file in it. A file called qoobox with a copy of the script that it ran, and backup files, quarantine files etc. Nothing in the C: drive but in combofix file was combofix.txt. I hope this is the one you need!!!


ComboFix 07-12-22.1 - BOB 2007-12-22 6:50:18.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.534 [GMT -5:00]
Running from: C:\Documents and Settings\BOB\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\BOB\Desktop\cfscript.txt
* Created a new restore point

FILE
C:\Documents and Settings\BOB\Local Settings\Temp\Locator.gif
C:\WINDOWS\S2E9F52F9.tmp
C:\WINDOWS\system32\ddcawwv.dll
C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\ugktjxjw.dll
C:\WINDOWS\system32\xgdjvgdi.dll
.

_____________________________________________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:03, on 2007-12-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\DNHlp32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\seemenow.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [DNHelper32] C:\WINDOWS\system32\DNHlp32.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /M "Stylus CX4600" /EF "HKCU"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8215694421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8216185875
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C9FE3C9-DFFA-4B94-BA05-6F184A52B8DB}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0316571197961841) (0316571197961841mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\031657~1.EXE (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe

--
End of file - 9407 bytes
halfassed
Regular Member
 
Posts: 25
Joined: November 22nd, 2007, 9:57 pm

Re: halfassed Desktop for DFW

Unread postby DFW » December 22nd, 2007, 2:09 pm

Well that's a lot better, we are getting there, was that the complete combofix log, could you please check, if theres more please post it again.

If that it is the complete log, could you just run Combofix one one time, each time when Combofix is run and it
completes it should automatically open the log we need, this time copy and paste that into your next post.

Remember if it's going to be a few days before you can do this, you will need to delete and download a new Combofix, as it has a expiry date.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 22 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware