Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page onlinestability spyware problem HJT log inserted
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 07-17-2007, 08:39 PM   #1 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 32
OS: WinXP


onlinestability spyware problem HJT log inserted
Deckard's System Scanner v20070711.54
Run by Donna-Marie on 2007-07-17 at 22:14:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Donna-Marie.exe) -----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:14:33 PM, on 7/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BellSouth\BellSouth Internet Security\fws.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\BellSouth\BellSouth Internet Security\Rps.exe
C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe
C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\CSCRIPT.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Donna-Marie\Desktop\dss(2).exe
C:\HIJACK~1\DONNA-~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bellsouth.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
R3 - URLSearchHook: (no name) - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) -  - (no file)
O2 - BHO: (no name) - 'VF7FDF-0717-45BF-B49D-695F3168C7FE} - (no file)
O2 - BHO: (no name) - 8V8V2-E6A9-4E49-A530-D4657B8C449A} - (no file)
O2 - BHO: (no name) - 8V8V8-BC09-49F2-B5F8-42CE26B1B712} - (no file)
O2 - BHO: (no name) - orer - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - `'V11111-2222-408A-9842-CDBE1C6D37EB} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {09A37E03-09CD-4469-9355-0D036EA3B3Df} - C:\WINDOWS\system32\jqyhmsxl.dll (file missing)
O2 - BHO: (no name) - {1FE75BA3-0D18-2C6F-8B2A-09D88E397B7C} - C:\WINDOWS\system32\clewoef.dll (file missing)
O2 - BHO: MSVPS System - {335C00B1-DB93-4EEA-8A75-C9EA3B67E895} - C:\WINDOWS\qnxplugin.dll
O2 - BHO: (no name) - {482586EE-E808-4C8A-8AB2-12D1247CAE4A} - C:\WINDOWS\Fonts\svslpay.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\BellSouth\BellSouth Internet Security\FBHR.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\xssitfxb.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00303} - C:\WINDOWS\adsldpby.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00304} - C:\WINDOWS\adsldpbz.dll (file missing)
O2 - BHO: (no name) - {E26CEADA-67B0-4543-BE8B-307F00265118} - \iesplg.dll (file missing)
O2 - BHO: (no name) - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\system32\adsldpbj.dll (file missing)
O2 - BHO: (no name) - ¨V¨VF-B242-4164-A31C-2384C2B1A653} - (no file)
O2 - BHO: (no name) - à&V49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - ÈVÈVC-2DEF-493B-8A4A-8E2D81BE4EA5} - (no file)
O2 - BHO: (no name) - ˆCVJ - (no file)
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll (file missing)
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [7313e163.exe] C:\WINDOWS\system32\7313e163.exe
O4 - HKLM\..\Run: [Workflow] D:\installs\Workflow.exe
O4 - HKLM\..\Run: [uvcsvmd.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\uvcsvmd.dll,nctgjgb
O4 - HKLM\..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe
O4 - HKLM\..\Run: [Ultimate Defender] "C:\Program Files\Ultimate Defender\App.exe" hide
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BellSouth Internet Security] "C:\Program Files\BellSouth\BellSouth Internet Security\Rps.exe"
O4 - HKLM\..\Run: [HelpCenter] "C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe" /P HelpCenter
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] "C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe" /AUTORUN
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\dooluygn.dll",realset
O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [7313e163.exe] C:\Documents and Settings\Donna-Marie\Local Settings\Application Data\7313e163.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sen] "C:\Program Files\bama\tlii.exe" -vt wnew
O4 - HKCU\..\Run: [WTSS] C:\WINDOWS\system32\wapiit.exe
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: http://www.amaena.com
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: *.searchmeup.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://195.95.*.*
O15 - Trusted IP range: http://195.225.*.*
O15 - Trusted IP range: http://205.177.*.*
O15 - Trusted IP range: http://205.188.*.*
O15 - Trusted IP range: http://216.239.*.*
O16 - DPF: {127A7336-2914-516A-80DE-2FEB179D11BE} - http://85.255.115.229/1/gdnUS1402.exe
O16 - DPF: {28AD44D0-4ACB-0994-B0BB-7AFE50530CA2} - http://85.255.115.229/1/gdnUS1402.exe
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {40312344-28A5-1938-7745-09F320E14A2E} - http://85.255.115.229/1/gdnUS1402.exe
O16 - DPF: {601C7E58-1ABC-3596-1163-4C48065BBE2E} - http://85.255.115.229/1/gdnUS1402.exe
O16 - DPF: {61EB657C-82DD-1737-8CA8-7A443B169B25} - http://85.255.115.229/1/gdnUS1402.exe
O16 - DPF: {65099FCC-2446-323D-61A7-594A2425EBF4} - http://85.255.115.229/1/gdnUS1402.exe
O16 - DPF: {79D8F725-1107-0787-1201-43D91471EA5A} - http://85.255.115.229/1/gdnUS1402.exe
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.21.10/ttinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downl...ameManager.cab
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB49} (CheckControl Class) - http://content-loader.com/load/ccaccess.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EC59058-E601-4556-8B35-10D276DAE532}: NameServer = 85.255.115.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBEBFAE7-6190-4431-A3FC-006ADFC214EB}: NameServer = 85.255.115.110,85.255.112.151
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.151
O17 - HKLM\System\CS1\Services\Tcpip\..\{0EC59058-E601-4556-8B35-10D276DAE532}: NameServer = 85.255.115.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.151
O20 - Winlogon Notify: gs - C:\WINDOWS\adsldpbd.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll (file missing)
O20 - Winlogon Notify: svslpay - C:\WINDOWS\Fonts\svslpay.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - C:\WINDOWS\system32\higehsg.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: msddx - {65089994-0F29-4183-B509-B15CB42EFC5A} - C:\WINDOWS\msddx.dll
O21 - SSODL: msqnx - {1F4D69CA-B739-4757-BBA4-D2700280E6C8} - C:\WINDOWS\msqnx.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\BellSouth\BellSouth Internet Security\fws.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe


-- Files created between 2007-06-17 and 2007-07-17 -----------------------------

2007-07-17 20:26:46 0 d-------- C:\HijackThis
2007-07-17 20:23:51 66068 --a------ C:\WINDOWS\system32\kccgikoy.exe
2007-07-17 19:50:51 0 d-------- C:\WINDOWS\privacy_danger
2007-07-15 22:36:28 124436 --a------ C:\WINDOWS\system32\dooluygn.dll
2007-07-15 22:36:23 66068 --a------ C:\WINDOWS\system32\ricotasc.exe
2007-07-15 21:25:39 0 d-------- C:\HJT
2007-07-15 15:54:17 0 d-------- C:\Program Files\NoAdware5.0
2007-07-15 13:41:14 164 --a------ C:\install.dat
2007-07-15 13:38:29 0 d-------- C:\Documents and Settings\Donna-Marie\Application Data\GetRightToGo
2007-07-15 08:04:38 124436 -----n--- C:\WINDOWS\system32\ohgodswo.dll
2007-07-15 08:04:28 66580 --a------ C:\WINDOWS\system32\unuvjjkd.dll
2007-07-15 08:04:23 66068 --a------ C:\WINDOWS\system32\xumixklc.exe
2007-07-14 22:00:38 66580 --a------ C:\WINDOWS\system32\woycywnm.dll
2007-07-14 22:00:27 66068 --a------ C:\WINDOWS\system32\apjhpenb.exe
2007-07-14 21:39:01 66068 --a------ C:\WINDOWS\system32\homgemxb.exe
2007-07-14 13:46:51 66068 --a------ C:\WINDOWS\system32\uuoeduah.exe
2007-07-14 13:30:35 66048 --a------ C:\WINDOWS\ieResetIcons.exe <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2007-07-12 22:14:18 444 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-07-11 11:14:28 167936 --a------ C:\WINDOWS\msqnx.dll
2007-07-11 11:14:28 180224 --a------ C:\WINDOWS\msddx.dll <Not Verified; ; IEXPLORE>
2007-07-11 11:14:20 163840 --a------ C:\WINDOWS\qnxplugin.dll <Not Verified; ; BhoNew Module>
2007-07-11 11:13:35 0 d-------- C:\Program Files\NewMediaCodec
2007-07-10 09:38:08 0 d-------- C:\Program Files\bama
2007-07-10 09:37:53 0 d-------- C:\Program Files\PurityScan
2007-07-10 08:55:17 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-10 08:55:13 0 d-------- C:\Program Files\VirusProtectPro 3.3
2007-07-10 08:54:42 0 d-------- C:\Program Files\Video ActiveX Access
2007-06-29 22:40:26 124436 -----n--- C:\WINDOWS\system32\oagvbcld.dll
2007-06-28 22:17:10 62516 --a------ C:\WINDOWS\system32\xssitfxb.dll
2007-06-20 18:17:13 0 d-------- C:\Documents and Settings\Donna-Marie\Application Data\Real


-- Find3M Report ---------------------------------------------------------------

2007-07-17 21:17:02 55 --a------ C:\WINDOWS\taskmen32.pif
2007-07-17 20:24:02 0 d-------- C:\Program Files\Common Files\Command Software
2007-07-12 22:00:58 0 d-------- C:\Program Files\Common Files\Real
2007-07-11 13:00:57 0 d-------- C:\Program Files\Common Files\PestPatrol
2007-07-10 07:24:56 8704 --a-s---- C:\WINDOWS\system32\myqlejy.dll
2007-06-20 18:30:12 3806 --a------ C:\WINDOWS\mozver.dat
2007-06-04 23:07:03 0 d-------- C:\Program Files\Video Access ActiveX Object
2007-05-25 16:50:18 0 d-------- C:\Program Files\VideoPlugin
2007-05-19 16:40:54 49204 --a------ C:\WINDOWS\system32\pienonay.dll


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
{09A37E03-09CD-4469-9355-0D036EA3B3Df} C:\WINDOWS\system32\jqyhmsxl.dll [x]
{1FE75BA3-0D18-2C6F-8B2A-09D88E397B7C} C:\WINDOWS\system32\clewoef.dll [x]
{335C00B1-DB93-4EEA-8A75-C9EA3B67E895} C:\WINDOWS\qnxplugin.dll
{482586EE-E808-4C8A-8AB2-12D1247CAE4A} C:\WINDOWS\Fonts\svslpay.dll
{4D25F921-B9FE-4682-BF72-8AB8210D6D75} C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
{56071E0D-C61B-11D3-B41C-00E02927A304} C:\Program Files\BellSouth\BellSouth Internet Security\FBHR.dll
{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} C:\WINDOWS\system32\xssitfxb.dll
{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\system32\dla\tfswshx.dll
{A4F94C0C-54A7-4DB1-9AF3-B22E63D00303} C:\WINDOWS\adsldpby.dll [x]
{A4F94C0C-54A7-4DB1-9AF3-B22E63D00304} C:\WINDOWS\adsldpbz.dll [x]
{E26CEADA-67B0-4543-BE8B-307F00265118} \iesplg.dll [x]
{EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} C:\WINDOWS\system32\adsldpbj.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMAXPnP"="\"C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe\""
"IntelMeM"="\"C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe\""
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"mmtask"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"OASClnt"="\"C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe\""
"vmlib"="vmlib.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"7313e163.exe"="C:\\WINDOWS\\system32\\7313e163.exe"
"Workflow"="D:\\installs\\Workflow.exe"
"uvcsvmd.dll"="\"C:\\WINDOWS\\system32\\rundll32.exe\" C:\\WINDOWS\\system32\\uvcsvmd.dll,nctgjgb"
"Ultimate Cleaner"="C:\\Program Files\\Ultimate Cleaner\\App.exe"
"Ultimate Defender"="\"C:\\Program Files\\Ultimate Defender\\App.exe\" hide"
"KernelFaultCheck"="C:\\WINDOWS\\system32\\dumprep 0 -k"
"BellSouth Internet Security"="\"C:\\Program Files\\BellSouth\\BellSouth Internet Security\\Rps.exe\""
"HelpCenter"="\"C:\\Program Files\\Bellsouth\\HelpCenter\\bin\\sprtcmd.exe\" /P HelpCenter"
"BellSouthAlertManager.exe"="\"C:\\Program Files\\BellSouth\\AM\\BellSouthAlertManager.exe\" /AUTORUN"
"GPLv3"="rundll32.exe \"C:\\WINDOWS\\system32\\dooluygn.dll\",realset"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AlexaToolbar"="C:\\WINDOWS\\alt.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"7313e163.exe"="C:\\Documents and Settings\\Donna-Marie\\Local Settings\\Application Data\\7313e163.exe"
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Sen"="\"C:\\Program Files\\bama\\tlii.exe\" -vt wnew"
"WTSS"="C:\\WINDOWS\\system32\\wapiit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=""
"DisableTaskMgr"=dword:00000001
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
"NoFolderOptions"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ file:///C:\WINDOWS\privacy_danger\index.htm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}"="st3"
"{C7CF1142-0785-4B12-A280-B64681E4D45E}"="z"
"{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}"="Master Browseui"
"{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror"
"{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies"
"{98ca7898-6029-41ab-8f67-ea4f5e1afc22}"="biocomputing"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"eitheror"="{2016a466-91a2-43c6-97d8-2fd380f065ef}"
"msddx"="{65089994-0F29-4183-B509-B15CB42EFC5A}"
"msqnx"="{1F4D69CA-B739-4757-BBA4-D2700280E6C8}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gs
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\st3
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\svslpay

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"="kdjxw.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-07-17 at 22:15:35 ---------
dmitch is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 07-19-2007, 12:29 PM   #2 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,478
OS: N/A


Re: onlinestability spyware problem HJT log inserted
1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-20-2007, 06:45 PM   #3 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 32
OS: WinXP


NEW HJT log inserted & ComboFix.txt log
Deckard's System Scanner v20070711.54
Run by Donna-Marie on 2007-07-20 at 20:40:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Donna-Marie.exe) -----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:40:53 PM, on 7/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BellSouth\BellSouth Internet Security\fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BellSouth\BellSouth Internet Security\Rps.exe
C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe
C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Donna-Marie\Desktop\dss.exe
C:\HIJACK~1\DONNA-~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
R3 - URLSearchHook: (no name) - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) -  - (no file)
O2 - BHO: (no name) - 'VF7FDF-0717-45BF-B49D-695F3168C7FE} - (no file)
O2 - BHO: (no name) - 8V8V2-E6A9-4E49-A530-D4657B8C449A} - (no file)
O2 - BHO: (no name) - 8V8V8-BC09-49F2-B5F8-42CE26B1B712} - (no file)
O2 - BHO: (no name) - orer - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - `'V11111-2222-408A-9842-CDBE1C6D37EB} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {09A37E03-09CD-4469-9355-0D036EA3B3Df} - C:\WINDOWS\system32\jqyhmsxl.dll (file missing)
O2 - BHO: (no name) - {1FE75BA3-0D18-2C6F-8B2A-09D88E397B7C} - C:\WINDOWS\system32\clewoef.dll (file missing)
O2 - BHO: MSVPS System - {335C00B1-DB93-4EEA-8A75-C9EA3B67E895} - C:\WINDOWS\qnxplugin.dll (file missing)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\BellSouth\BellSouth Internet Security\FBHR.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00303} - C:\WINDOWS\adsldpby.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00304} - C:\WINDOWS\adsldpbz.dll (file missing)
O2 - BHO: (no name) - {AB56775D-4E1D-498C-B3F4-07721C01CE15} - C:\WINDOWS\Fonts\svslpay.dll
O2 - BHO: (no name) - {E26CEADA-67B0-4543-BE8B-307F00265118} - \iesplg.dll (file missing)
O2 - BHO: (no name) - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\system32\adsldpbj.dll (file missing)
O2 - BHO: (no name) - ¨V¨VF-B242-4164-A31C-2384C2B1A653} - (no file)
O2 - BHO: (no name) - à&V49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - ÈVÈVC-2DEF-493B-8A4A-8E2D81BE4EA5} - (no file)
O2 - BHO: (no name) - ˆCVJ - (no file)
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll (file missing)
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKLM\..\Run: [Workflow] D:\installs\Workflow.exe
O4 - HKLM\..\Run: [BellSouth Internet Security] "C:\Program Files\BellSouth\BellSouth Internet Security\Rps.exe"
O4 - HKLM\..\Run: [HelpCenter] "C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe" /P HelpCenter
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] "C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe" /AUTORUN
O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [7313e163.exe] C:\Documents and Settings\Donna-Marie\Local Settings\Application Data\7313e163.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sen] "C:\Program Files\bama\tlii.exe" -vt wnew
O4 - HKCU\..\Run: [WTSS] C:\WINDOWS\system32\wapiit.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: http://www.amaena.com
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: *.searchmeup.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://195.95.*.*
O15 - Trusted IP range: http://195.225.*.*
O15 - Trusted IP range: http://205.177.*.*
O15 - Trusted IP range: http://205.188.*.*
O15 - Trusted IP range: http://216.239.*.*
O16 - DPF: {127A7336-2914-516A-80DE-2FEB179D11BE} - http://85.255.115.229/1/gdnUS1402.exe
O16 - DPF: {28AD44D0-4ACB-0994-B0BB-7AFE50530CA2} - http://85.255.115.229/1/gdnUS1402.exe
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {40312344-28A5-1938-7745-09F320E14A2E} - http://85.255.115.229/1/gdnUS1402.exe
O16 - DPF: {601C7E58-1ABC-3596-1163-4C48065BBE2E} - http://85.255.115.229/1/gdnUS1402.exe
O16 - DPF: {61EB657C-82DD-1737-8CA8-7A443B169B25} - http://85.255.115.229/1/gdnUS1402.exe
O16 - DPF: {65099FCC-2446-323D-61A7-594A2425EBF4} - http://85.255.115.229/1/gdnUS1402.exe
O16 - DPF: {79D8F725-1107-0787-1201-43D91471EA5A} - http://85.255.115.229/1/gdnUS1402.exe
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.21.10/ttinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downl...ameManager.cab
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB49} (CheckControl Class) - http://content-loader.com/load/ccaccess.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EC59058-E601-4556-8B35-10D276DAE532}: NameServer = 85.255.115.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBEBFAE7-6190-4431-A3FC-006ADFC214EB}: NameServer = 85.255.115.110,85.255.112.151
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.151
O17 - HKLM\System\CS1\Services\Tcpip\..\{0EC59058-E601-4556-8B35-10D276DAE532}: NameServer = 85.255.115.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.151
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: svslpay - C:\WINDOWS\Fonts\svslpay.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - C:\WINDOWS\system32\higehsg.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\BellSouth\BellSouth Internet Security\fws.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe


-- Files created between 2007-06-20 and 2007-07-20 -----------------------------

2007-07-17 20:26:46 0 d-------- C:\HijackThis
2007-07-15 21:25:39 0 d-------- C:\HJT
2007-07-15 15:54:17 0 d-------- C:\Program Files\NoAdware5.0
2007-07-15 13:41:14 164 --a------ C:\install.dat
2007-07-15 13:38:29 0 d-------- C:\Documents and Settings\Donna-Marie\Application Data\GetRightToGo
2007-07-14 13:30:35 66048 --a------ C:\WINDOWS\ieResetIcons.exe <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2007-07-12 22:14:18 444 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-07-10 09:38:08 0 d-------- C:\Program Files\bama
2007-07-10 08:55:17 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-06-20 18:17:13 0 d-------- C:\Documents and Settings\Donna-Marie\Application Data\Real


-- Find3M Report ---------------------------------------------------------------

2007-07-20 19:43:47 0 d-------- C:\Program Files\Common Files\Command Software
2007-07-20 19:43:13 0 d-------- C:\Program Files\Common Files\PestPatrol
2007-07-20 19:40:59 55 --a------ C:\WINDOWS\taskmen32.pif
2007-07-12 22:00:58 0 d-------- C:\Program Files\Common Files\Real
2007-06-20 18:30:12 3806 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
{09A37E03-09CD-4469-9355-0D036EA3B3Df} C:\WINDOWS\system32\jqyhmsxl.dll [x]
{1FE75BA3-0D18-2C6F-8B2A-09D88E397B7C} C:\WINDOWS\system32\clewoef.dll [x]
{335C00B1-DB93-4EEA-8A75-C9EA3B67E895} C:\WINDOWS\qnxplugin.dll [x]
{4D25F921-B9FE-4682-BF72-8AB8210D6D75} C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
{56071E0D-C61B-11D3-B41C-00E02927A304} C:\Program Files\BellSouth\BellSouth Internet Security\FBHR.dll
{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\system32\dla\tfswshx.dll
{A4F94C0C-54A7-4DB1-9AF3-B22E63D00303} C:\WINDOWS\adsldpby.dll [x]
{A4F94C0C-54A7-4DB1-9AF3-B22E63D00304} C:\WINDOWS\adsldpbz.dll [x]
{AB56775D-4E1D-498C-B3F4-07721C01CE15} C:\WINDOWS\Fonts\svslpay.dll
{E26CEADA-67B0-4543-BE8B-307F00265118} \iesplg.dll [x]
{EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} C:\WINDOWS\system32\adsldpbj.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMAXPnP"="\"C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe\""
"IntelMeM"="\"C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe\""
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"mmtask"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ISUSPM Startup"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"OASClnt"="\"C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe\""
"vmlib"="vmlib.exe"
"Workflow"="D:\\installs\\Workflow.exe"
"BellSouth Internet Security"="\"C:\\Program Files\\BellSouth\\BellSouth Internet Security\\Rps.exe\""
"HelpCenter"="\"C:\\Program Files\\Bellsouth\\HelpCenter\\bin\\sprtcmd.exe\" /P HelpCenter"
"BellSouthAlertManager.exe"="\"C:\\Program Files\\BellSouth\\AM\\BellSouthAlertManager.exe\" /AUTORUN"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AlexaToolbar"="C:\\WINDOWS\\alt.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"7313e163.exe"="C:\\Documents and Settings\\Donna-Marie\\Local Settings\\Application Data\\7313e163.exe"
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Sen"="\"C:\\Program Files\\bama\\tlii.exe\" -vt wnew"
"WTSS"="C:\\WINDOWS\\system32\\wapiit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ file:///C:\WINDOWS\privacy_danger\index.htm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{C7CF1142-0785-4B12-A280-B64681E4D45E}"="z"
"{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}"="Master Browseui"
"{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror"
"{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"eitheror"="{2016a466-91a2-43c6-97d8-2fd380f065ef}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\svslpay

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_CATCHME


-- End of Deckard's System Scanner: finished at 2007-07-20 at 20:42:14 ---------




"Donna-Marie" - 2007-07-20 19:54:07 - ComboFix 07-07-21.4 - Service Pack 2 NTFS

/wow section - STAGE #3

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\dooluygn.dll
C:\WINDOWS\system32\oagvbcld.dll
C:\WINDOWS\system32\ohgodswo.dll
C:\WINDOWS\system32\pienonay.dll
C:\WINDOWS\system32\xssitfxb.dll
C:\WINDOWS\system32\unuvjjkd.dll
C:\WINDOWS\system32\woycywnm.dll
C:\WINDOWS\SYSTEM32\ngyulood.ini
C:\WINDOWS\SYSTEM32\dlcbvgao.ini
C:\WINDOWS\SYSTEM32\owsdogho.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\.protected
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2006
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup.\.protected
C:\DOCUME~1\DONNA-~1\APPLIC~1.\searchtoolbarcorp
C:\DOCUME~1\DONNA-~1\APPLIC~1.\searchtoolbarcorp\Toolbar Vision\PageHistory.txt
C:\DOCUME~1\DONNA-~1\APPLIC~1.\searchtoolbarcorp\Toolbar Vision\WebHistory.txt
C:\DOCUME~1\DONNA-~1\Desktop.\Error Cleaner.url
C:\DOCUME~1\DONNA-~1\Desktop.\Privacy Protector.url
C:\DOCUME~1\DONNA-~1\Desktop.\Spyware&Malware Protection.url
C:\DOCUME~1\DONNA-~1\FAVORI~1.\Error Cleaner.url
C:\DOCUME~1\DONNA-~1\FAVORI~1.\Privacy Protector.url
C:\DOCUME~1\DONNA-~1\FAVORI~1.\Spyware&Malware Protection.url
C:\DOCUME~1\DONNA-~1\MYDOCU~1.\wnsxs~1
C:\DOCUME~1\DONNA-~1\STARTM~1\Programs\Startup.\.protected
C:\DOCUME~1\Kevin\APPLIC~1\Ultimate Cleaner
C:\DOCUME~1\Kevin\APPLIC~1\Ultimate Defender
C:\DOCUME~1\Korynn\APPLIC~1\Ultimate Cleaner
C:\DOCUME~1\Korynn\APPLIC~1\Ultimate Defender
C:\DOCUME~1\Tyler\APPLIC~1\Ultimate Cleaner
C:\DOCUME~1\Tyler\APPLIC~1\Ultimate Defender
C:\Documents and Settings\DONNA-~1.\err.log
C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\companion wizard\log.txt
C:\Program Files\Common Files\winantivirus pro 2006
C:\Program Files\NewMediaCodec
C:\Program Files\NewMediaCodec\install.ico
C:\Program Files\NewMediaCodec\NewMediaCodec.ocx
C:\Program Files\NewMediaCodec\Uninstall.exe
C:\Program Files\purityscan
C:\Program Files\purityscan\OINSetup.exe
C:\Program Files\purityscan\PuritySCAN.exe
C:\Program Files\video access activex object
C:\Program Files\video access activex object\ot.ico
C:\Program Files\video access activex object\pmsnrr.exe
C:\Program Files\video access activex object\ts.ico
C:\Program Files\video access activex object\uninst.exe
C:\Program Files\video activex access
C:\Program Files\video activex access\iesbpl.dll
C:\Program Files\video activex access\iesmin.exe
C:\Program Files\video activex access\iesplg.dll
C:\Program Files\video activex access\imsmn.exe
C:\Program Files\video activex access\ot.ico
C:\Program Files\video activex access\ts.ico
C:\Program Files\video activex access\uninst.exe
C:\Program Files\videoplugin
C:\Program Files\videoplugin\Uninstall.exe
C:\Program Files\VirusProtectPro 3.3
C:\Program Files\VirusProtectPro 3.3\ignored.lst
C:\Program Files\VirusProtectPro 3.3\VirusProtectPro 3.3.exe
C:\Program Files\VirusProtectPro 3.3\vpp.ini
C:\WINDOWS\.protected
C:\WINDOWS\dat.txt
C:\WINDOWS\msddx.dll
C:\WINDOWS\msqnx.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\qnxplugin.dll
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\apjhpenb.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\drivers\etc\.protected
C:\WINDOWS\system32\eiveluss.dll
C:\WINDOWS\system32\fimealvy.dll
C:\WINDOWS\system32\higehsg.dll
C:\WINDOWS\system32\homgemxb.exe
C:\WINDOWS\system32\jmxgjrla.dll
C:\WINDOWS\system32\kccgikoy.exe
C:\WINDOWS\system32\kdjxw.exe
C:\WINDOWS\system32\kidkrtkl.dll
C:\WINDOWS\system32\kltmiqdq.dll
C:\WINDOWS\system32\myqlejy.dll
C:\WINDOWS\system32\nkyhqdgo.dll
C:\WINDOWS\system32\ricotasc.exe
C:\WINDOWS\system32\rmsvmank.dll
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\tbhbmjhj.dll
C:\WINDOWS\system32\uuoeduah.exe
C:\WINDOWS\system32\xumixklc.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\LEGACY_VSPF
-------\FOPN
-------\vspf


((((((((((((((((((((((((( Files Created from 2007-06-21 to 2007-07-21 )))))))))))))))))))))))))))))))


2007-07-20 19:51 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-17 20:45 <DIR> d-------- C:\Deckard
2007-07-17 20:26 <DIR> d-------- C:\HijackThis
2007-07-15 21:25 <DIR> d-------- C:\HJT
2007-07-15 15:54 <DIR> d-------- C:\Program Files\NoAdware5.0
2007-07-15 13:41 164 --a------ C:\install.dat
2007-07-15 13:38 <DIR> d-------- C:\DOCUME~1\DONNA-~1\APPLIC~1\GetRightToGo
2007-07-14 13:30 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2007-07-12 22:14 444 --a------ C:\WINDOWS\SYSTEM32\d3d8caps.dat
2007-07-10 09:38 <DIR> d-------- C:\Program Files\bama
2007-07-10 08:55 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-06-20 18:17 <DIR> d-------- C:\DOCUME~1\DONNA-~1\APPLIC~1\Real


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-21 00:04:25 244 ----a-w C:\WINDOWS\freedom.backup.dat
2007-07-20 23:43:47 -------- d-----w C:\Program Files\Common Files\Command Software
2007-07-20 23:43:13 -------- d-----w C:\Program Files\Common Files\PestPatrol
2007-07-20 23:40:59 55 ----a-w C:\WINDOWS\taskmen32.pif
2007-07-13 02:00:58 -------- d-----w C:\Program Files\Common Files\Real
2007-06-20 22:30:12 3,806 ----a-w C:\WINDOWS\mozver.dat
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-27 23:07:48 79,384 ----a-r C:\WINDOWS\system32\avmontr.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2006-10-31 04:30:11 0 ----a-w C:\Program Files\Common Files\err.log
2006-01-21 16:49:08 56 --sh--r C:\WINDOWS\SYSTEM32\0524A0A462.sys
2006-01-21 16:49:08 1,682 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09A37E03-09CD-4469-9355-0D036EA3B3Df}]
C:\WINDOWS\system32\jqyhmsxl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FE75BA3-0D18-2C6F-8B2A-09D88E397B7C}]
C:\WINDOWS\system32\clewoef.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{335C00B1-DB93-4EEA-8A75-C9EA3B67E895}]
C:\WINDOWS\qnxplugin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00303}]
C:\WINDOWS\adsldpby.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00304}]
C:\WINDOWS\adsldpbz.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB56775D-4E1D-498C-B3F4-07721C01CE15}]
2007-05-19 16:38 280644 --a------ C:\WINDOWS\Fonts\svslpay.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E26CEADA-67B0-4543-BE8B-307F00265118}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6}]
C:\WINDOWS\system32\adsldpbj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 09:50]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 09:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-01 13:04]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 07:03]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02]
"vmlib"="vmlib.exe" []
"Workflow"="D:\installs\Workflow.exe" []
"BellSouth Internet Security"="C:\Program Files\BellSouth\BellSouth Internet Security\Rps.exe" [2006-01-09 20:42]
"HelpCenter"="C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe" [2006-10-30 12:00]
"BellSouthAlertManager.exe"="C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe" [2007-01-28 12:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlexaToolbar"="C:\WINDOWS\alt.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"7313e163.exe"="C:\Documents and Settings\Donna-Marie\Local Settings\Application Data\7313e163.exe" []
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"Sen"="C:\Program Files\bama\tlii.exe" []
"WTSS"="C:\WINDOWS\system32\wapiit.exe" []

C:\Documents and Settings\Donna-Marie\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 14:04:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 14:04:12]
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [2006-01-19 17:01:36]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 12:59:36]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-04-09 13:54:54]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C7CF1142-0785-4B12-A280-B64681E4D45E}"= C:\WINDOWS\prflbmsgp32.dll [ ]
"{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}"= C:\WINDOWS\system32\admparsek.dll [2006-04-19 22:24 55808]
"{2016a466-91a2-43c6-97d8-2fd380f065ef}"= C:\WINDOWS\system32\higehsg.dll [ ]
"{aed6f6a3-183c-488d-9f90-23db99f56e7f}"= C:\WINDOWS\system32\geplxss.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"eitheror"= {2016a466-91a2-43c6-97d8-2fd380f065ef} - C:\WINDOWS\system32\higehsg.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\svslpay]
C:\WINDOWS\Fonts\svslpay.dll 2007-05-19 16:38 280644 C:\WINDOWS\Fonts\svslpay.dll

023 - agpcpq - system32\DRIVERS\agpCPQ.sys
023 - bw2ndis5 - System32\Drivers\BW2NDIS5.sys
023 - css dvp - system32\DRIVERS\css-dvp.sys
023 - drvmcdb - system32\drivers\drvmcdb.sys
023 - drvnddm - system32\drivers\drvnddm.sys
023 - dsproct - \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
023 - dsunidrv - system32\DRIVERS\dsunidrv.sys
023 - e100b - system32\DRIVERS\e100b325.sys
023 - fax - %systemroot%\system32\fxssvc.exe
023 - freedom - system32\DRIVERS\FREEDOM.SYS
023 - freetdi - System32\Drivers\FreeTdi.sys
023 - intelc51 - system32\DRIVERS\IntelC51.sys
023 - intelc52 - system32\DRIVERS\IntelC52.sys
023 - intelc53 - system32\DRIVERS\IntelC53.sys
023 - mohfilt - system32\DRIVERS\mohfilt.sys
023 - mpfirewl - System32\Drivers\MpFirewall.sys
023 - senfilt - system32\drivers\senfilt.sys
023 - sscdbhk5 - system32\drivers\sscdbhk5.sys
023 - ssrtln - system32\drivers\ssrtln.sys
023 - tfsnboio - system32\dla\tfsnboio.sys
023 - tfsncofs - system32\dla\tfsncofs.sys
023 - tfsndrct - system32\dla\tfsndrct.sys
023 - tfsndres - system32\dla\tfsndres.sys
023 - tfsnifs - system32\dla\tfsnifs.sys
023 - tfsnopio - system32\dla\tfsnopio.sys
023 - tfsnpool - system32\dla\tfsnpool.sys
023 - tfsnudf - system32\dla\tfsnudf.sys
023 - tfsnudfa - system32\dla\tfsnudfa.sys
023 - usb_rndis_xp - system32\DRIVERS\usb8023.sys - System32\drivers\rndismp.sys
023 - vspf_hk - \??\C:\WINDOWS\system32\drivers\vspf_hk5.sys
023 - wanatw - system32\DRIVERS\wanatw4.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-20 2002
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\\xc6\2C]

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-20 20:10:52 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-20 20:10

--- E O F ---
dmitch is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-21-2007, 01:40 AM   #4 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,478
OS: N/A


Re: onlinestability spyware problem HJT log inserted
Do a HijackThis scan (not DSS) & place a check next to these items and select "Fix checked":

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R3 - URLSearchHook: (no name) - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
O2 - BHO: (no name) -  - (no file)
O2 - BHO: (no name) - 'VF7FDF-0717-45BF-B49D-695F3168C7FE} - (no file)
O2 - BHO: (no name) - 8V8V2-E6A9-4E49-A530-D4657B8C449A} - (no file)
O2 - BHO: (no name) - 8V8V8-BC09-49F2-B5F8-42CE26B1B712} - (no file)
O2 - BHO: (no name) - orer - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - `'V11111-2222-408A-9842-CDBE1C6D37EB} - (no file)
O2 - BHO: (no name) - {09A37E03-09CD-4469-9355-0D036EA3B3Df} - C:\WINDOWS\system32\jqyhmsxl.dll (file missing)
O2 - BHO: (no name) - {1FE75BA3-0D18-2C6F-8B2A-09D88E397B7C} - C:\WINDOWS\system32\clewoef.dll (file missing)
O2 - BHO: MSVPS System - {335C00B1-DB93-4EEA-8A75-C9EA3B67E895} - C:\WINDOWS\qnxplugin.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00303} - C:\WINDOWS\adsldpby.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00304} - C:\WINDOWS\adsldpbz.dll (file missing)
O2 - BHO: (no name) - {AB56775D-4E1D-498C-B3F4-07721C01CE15} - C:\WINDOWS\Fonts\svslpay.dll
O2 - BHO: (no name) - {E26CEADA-67B0-4543-BE8B-307F00265118} - \iesplg.dll (file missing)
O2 - BHO: (no name) - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\system32\adsldpbj.dll (file missing)
O2 - BHO: (no name) - "V"VF-B242-4164-A31C-2384C2B1A653} - (no file)
O2 - BHO: (no name) - …&V49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - EVEVC-2DEF-493B-8A4A-8E2D81BE4EA5} - (no file)
O2 - BHO: (no name) - ^CVJ - (no file)
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O4 - HKCU\..\Run: [7313e163.exe] C:\Documents and Settings\Donna-Marie\Local Settings\Application Data\7313e163.exe
O4 - HKCU\..\Run: [Sen] "C:\Program Files\bama\tlii.exe" -vt wnew
O4 - HKCU\..\Run: [WTSS] C:\WINDOWS\system32\wapiit.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: http://www.amaena.com
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: *.searchmeup.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://195.95.*.*
O15 - Trusted IP range: http://195.225.*.*
O15 - Trusted IP range: http://205.177.*.*
O15 - Trusted IP range: http://205.188.*.*
O15 - Trusted IP range: http://216.239.*.*
O16 - DPF: {127A7336-2914-516A-80DE-2FEB179D11BE} - http://85.255.115.229/1/gdnUS1402.exe
O16 - DPF: {28AD44D0-4ACB-0994-B0BB-7AFE50530CA2} - http://85.255.115.229/1/gdnUS1402.exe
O16 - DPF: {40312344-28A5-1938-7745-09F320E14A2E} - http://85.255.115.229/1/gdnUS1402.exe
O16 - DPF: {601C7E58-1ABC-3596-1163-4C48065BBE2E} - http://85.255.115.229/1/gdnUS1402.exe
O16 - DPF: {61EB657C-82DD-1737-8CA8-7A443B169B25} - http://85.255.115.229/1/gdnUS1402.exe
O16 - DPF: {65099FCC-2446-323D-61A7-594A2425EBF4} - http://85.255.115.229/1/gdnUS1402.exe
O16 - DPF: {79D8F725-1107-0787-1201-43D91471EA5A} - http://85.255.115.229/1/gdnUS1402.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EC59058-E601-4556-8B35-10D276DAE532}: NameServer = 85.255.115.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBEBFAE7-6190-4431-A3FC-006ADFC214EB}: NameServer = 85.255.115.110,85.255.112.151
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.151
O17 - HKLM\System\CS1\Services\Tcpip\..\{0EC59058-E601-4556-8B35-10D276DAE532}: NameServer = 85.255.115.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.151
O20 - Winlogon Notify: svslpay - C:\WINDOWS\Fonts\svslpay.dll
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - C:\WINDOWS\system32\higehsg.dll (file missing)


---------------


Open notepad and copy/paste the text in the quotebox below into it:

Code:
File::
C:\WINDOWS\taskmen32.pif
Folder::
C:\Program Files\bama
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09A37E03-09CD-4469-9355-0D036EA3B3Df}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FE75BA3-0D18-2C6F-8B2A-09D88E397B7C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{335C00B1-DB93-4EEA-8A75-C9EA3B67E895}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00303}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00304}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB56775D-4E1D-498C-B3F4-07721C01CE15}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E26CEADA-67B0-4543-BE8B-307F00265118}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vmlib"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlexaToolbar"=-
"7313e163.exe"=-
"Sen"=-
"WTSS"=-
[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7CF1142-0785-4B12-A280-B64681E4D45E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2016a466-91a2-43c6-97d8-2fd380f065ef}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{aed6f6a3-183c-488d-9f90-23db99f56e7f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"eitheror"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2016a466-91a2-43c6-97d8-2fd380f065ef}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\svslpay]
Save this as "CFScript"




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.


---------------


Please perform an online scan using Internet Explorer at http://www.kaspersky.com/virusscanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. We only require a report from it.
    It does not provide an option to clean/disinfect.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
* If you're downloading torrents in the background, please disconnect all of them.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.


---------------


In your next post, please include fresh logs from:
  1. Fresh Hijackthis log taken just before replying
  2. Online scan
  3. ComboFix's log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-21-2007, 01:41 AM   #5 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,478
OS: N/A


Re: onlinestability spyware problem HJT log inserted
This is to be performed after you have posted the required logs.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u1 - http://java.sun.com/javase/downloads/index.jsp
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u2-windowsi586-p.exe to install the newest version.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-21-2007, 02:10 PM   #6 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 32
OS: WinXP


ComboFix2.txt log inserted
"Donna-Marie" - 2007-07-21 15:21:26 - ComboFix 07-07-21.4 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Donna-Marie\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\bama
C:\WINDOWS\taskmen32.pif


((((((((((((((((((((((((( Files Created from 2007-06-21 to 2007-07-21 )))))))))))))))))))))))))))))))


2007-07-20 19:51 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-17 20:45 <DIR> d-------- C:\Deckard
2007-07-17 20:26 <DIR> d-------- C:\HijackThis
2007-07-15 21:25 <DIR> d-------- C:\HJT
2007-07-15 13:41 164 --a------ C:\install.dat
2007-07-15 13:38 <DIR> d-------- C:\DOCUME~1\DONNA-~1\APPLIC~1\GetRightToGo
2007-07-14 13:30 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2007-07-12 22:14 444 --a------ C:\WINDOWS\SYSTEM32\d3d8caps.dat
2007-07-10 08:55 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-21 01:16:30 244 ----a-w C:\WINDOWS\freedom.backup.dat
2007-07-20 23:43:47 -------- d-----w C:\Program Files\Common Files\Command Software
2007-07-20 23:43:13 -------- d-----w C:\Program Files\Common Files\PestPatrol
2007-07-13 02:00:58 -------- d-----w C:\Program Files\Common Files\Real
2007-07-13 01:58:54 -------- d-----w C:\DOCUME~1\DONNA-~1\APPLIC~1\Real
2007-06-20 22:30:12 3,806 ----a-w C:\WINDOWS\mozver.dat
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-27 23:07:48 79,384 ----a-r C:\WINDOWS\system32\avmontr.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2006-10-31 04:30:11 0 ----a-w C:\Program Files\Common Files\err.log
2006-01-21 16:49:08 56 --sh--r C:\WINDOWS\SYSTEM32\0524A0A462.sys
2006-01-21 16:49:08 1,682 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90B2D504-78C4-4589-8136-1AEEE17A5848}]
2007-05-19 16:38 280644 --a------ C:\WINDOWS\Fonts\svslpay.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 09:50]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 09:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-01 13:04]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 07:03]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02]
"Workflow"="D:\installs\Workflow.exe" []
"BellSouth Internet Security"="C:\Program Files\BellSouth\BellSouth Internet Security\Rps.exe" [2006-01-09 20:42]
"HelpCenter"="C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe" [2006-10-30 12:00]
"BellSouthAlertManager.exe"="C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe" [2007-01-28 12:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]

C:\Documents and Settings\Donna-Marie\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 14:04:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 14:04:12]
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [2006-01-19 17:01:36]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 12:59:36]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-04-09 13:54:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\svslpay]
C:\WINDOWS\Fonts\svslpay.dll 2007-05-19 16:38 280644 C:\WINDOWS\Fonts\svslpay.dll

023 - agpcpq - system32\DRIVERS\agpCPQ.sys
023 - bw2ndis5 - System32\Drivers\BW2NDIS5.sys
023 - css dvp - system32\DRIVERS\css-dvp.sys
023 - drvmcdb - system32\drivers\drvmcdb.sys
023 - drvnddm - system32\drivers\drvnddm.sys
023 - dsproct - \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
023 - dsunidrv - system32\DRIVERS\dsunidrv.sys
023 - e100b - system32\DRIVERS\e100b325.sys
023 - fax - %systemroot%\system32\fxssvc.exe
023 - freedom - system32\DRIVERS\FREEDOM.SYS
023 - freetdi - System32\Drivers\FreeTdi.sys
023 - intelc51 - system32\DRIVERS\IntelC51.sys
023 - intelc52 - system32\DRIVERS\IntelC52.sys
023 - intelc53 - system32\DRIVERS\IntelC53.sys
023 - mohfilt - system32\DRIVERS\mohfilt.sys
023 - mpfirewl - System32\Drivers\MpFirewall.sys
023 - senfilt - system32\drivers\senfilt.sys
023 - sscdbhk5 - system32\drivers\sscdbhk5.sys
023 - ssrtln - system32\drivers\ssrtln.sys
023 - tfsnboio - system32\dla\tfsnboio.sys
023 - tfsncofs - system32\dla\tfsncofs.sys
023 - tfsndrct - system32\dla\tfsndrct.sys
023 - tfsndres - system32\dla\tfsndres.sys
023 - tfsnifs - system32\dla\tfsnifs.sys
023 - tfsnopio - system32\dla\tfsnopio.sys
023 - tfsnpool - system32\dla\tfsnpool.sys
023 - tfsnudf - system32\dla\tfsnudf.sys
023 - tfsnudfa - system32\dla\tfsnudfa.sys
023 - usb_rndis_xp - system32\DRIVERS\usb8023.sys - System32\drivers\rndismp.sys
023 - vspf_hk - \??\C:\WINDOWS\system32\drivers\vspf_hk5.sys
023 - wanatw - system32\DRIVERS\wanatw4.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-21 15:26:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-21 15:29:17
C:\ComboFix-quarantined-files.txt ... 2007-07-21 15:29
C:\ComboFix2.txt ... 2007-07-20 20:10

--- E O F ---
dmitch is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-21-2007, 02:55 PM   #7 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,478
OS: N/A


Re: onlinestability spyware problem HJT log inserted
If you haven't run Kasperky yet, do this ...
If you're running Kaspersky, do it after the scan


Open notepad and copy/paste the text in the quotebox below into it:

Code:
http://www.techsupportforum.com/security-center/hijackthis-log-help/168184-onlinestability-spyware-problem-hjt-log-inserted.html
Collect::
C:\WINDOWS\Fonts\svslpay.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90B2D504-78C4-4589-8136-1AEEE17A5848}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\svslpay]
Save this as "CFScript"




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file on your Desktop, called Submit [Date Time].zip
Please submit this file to:

http://www.bleepingcomputer.com/subm....php?channel=4
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-23-2007, 07:04 PM   #8 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 32
OS: WinXP


Problem: kaspersky cannot open in Firefox
I got this far until this part..."Please perform an online scan using Internet Explorer at http://www.kaspersky.com/virusscanner..."

I have Firefox and somehow the Explorer that I have will not open this link. Is there an alternative to this site that I can use in Firefox?
dmitch is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-23-2007, 07:11 PM   #9 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,478
OS: N/A


Re: onlinestability spyware problem HJT log inserted
Post the combofix log first. There's been a 2 day delay in between replies. Malware isn't going to sit around waiting to disinfected.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-23-2007, 07:34 PM   #10 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 32
OS: WinXP


Log.txt file inserted / file submitted to Bleeping Computer for analysis
"Donna-Marie" - 2007-07-23 21:15:50 - ComboFix 07-07-21.4 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Donna-Marie\Desktop\cfscript.txt


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ohlmikim.dll
C:\WINDOWS\SYSTEM32\mikimlho.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\Fonts\svslpay.dll
C:\WINDOWS\system32\mjdbsdjo.exe


((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 )))))))))))))))))))))))))))))))


2007-07-20 19:51 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-17 20:45 <DIR> d-------- C:\Deckard
2007-07-17 20:26 <DIR> d-------- C:\HijackThis
2007-07-15 21:25 <DIR> d-------- C:\HJT
2007-07-15 13:41 164 --a------ C:\install.dat
2007-07-15 13:38 <DIR> d-------- C:\DOCUME~1\DONNA-~1\APPLIC~1\GetRightToGo
2007-07-14 13:30 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2007-07-12 22:14 444 --a------ C:\WINDOWS\SYSTEM32\d3d8caps.dat
2007-07-10 08:55 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-24 01:22:13 244 ----a-w C:\WINDOWS\freedom.backup.dat
2007-07-23 22:25:52 -------- d-----w C:\Program Files\Common Files\Command Software
2007-07-20 23:43:13 -------- d-----w C:\Program Files\Common Files\PestPatrol
2007-07-13 02:00:58 -------- d-----w C:\Program Files\Common Files\Real
2007-07-13 01:58:54 -------- d-----w C:\DOCUME~1\DONNA-~1\APPLIC~1\Real
2007-06-20 22:30:12 3,806 ----a-w C:\WINDOWS\mozver.dat
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-27 23:07:48 79,384 ----a-r C:\WINDOWS\system32\avmontr.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2006-10-31 04:30:11 0 ----a-w C:\Program Files\Common Files\err.log
2006-01-21 16:49:08 56 --sh--r C:\WINDOWS\SYSTEM32\0524A0A462.sys
2006-01-21 16:49:08 1,682 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E549EA0A-CD38-43FB-B8C5-092E836350B5}]
C:\WINDOWS\Fonts\svslpay.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 09:50]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 09:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-01 13:04]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 07:03]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02]
"Workflow"="D:\installs\Workflow.exe" []
"BellSouth Internet Security"="C:\Program Files\BellSouth\BellSouth Internet Security\Rps.exe" [2006-01-09 20:42]
"HelpCenter"="C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe" [2006-10-30 12:00]
"BellSouthAlertManager.exe"="C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe" [2007-01-28 12:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]

C:\Documents and Settings\Donna-Marie\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 14:04:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 14:04:12]
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [2006-01-19 17:01:36]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 12:59:36]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-04-09 13:54:54]

023 - agpcpq - system32\DRIVERS\agpCPQ.sys
023 - bw2ndis5 - System32\Drivers\BW2NDIS5.sys
023 - css dvp - system32\DRIVERS\css-dvp.sys
023 - drvmcdb - system32\drivers\drvmcdb.sys
023 - drvnddm - system32\drivers\drvnddm.sys
023 - dsproct - \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
023 - dsunidrv - system32\DRIVERS\dsunidrv.sys
023 - e100b - system32\DRIVERS\e100b325.sys
023 - fax - %systemroot%\system32\fxssvc.exe
023 - freedom - system32\DRIVERS\FREEDOM.SYS
023 - freetdi - System32\Drivers\FreeTdi.sys
023 - intelc51 - system32\DRIVERS\IntelC51.sys
023 - intelc52 - system32\DRIVERS\IntelC52.sys
023 - intelc53 - system32\DRIVERS\IntelC53.sys
023 - mohfilt - system32\DRIVERS\mohfilt.sys
023 - mpfirewl - System32\Drivers\MpFirewall.sys
023 - senfilt - system32\drivers\senfilt.sys
023 - sscdbhk5 - system32\drivers\sscdbhk5.sys
023 - ssrtln - system32\drivers\ssrtln.sys
023 - tfsnboio - system32\dla\tfsnboio.sys
023 - tfsncofs - system32\dla\tfsncofs.sys
023 - tfsndrct - system32\dla\tfsndrct.sys
023 - tfsndres - system32\dla\tfsndres.sys
023 - tfsnifs - system32\dla\tfsnifs.sys
023 - tfsnopio - system32\dla\tfsnopio.sys
023 - tfsnpool - system32\dla\tfsnpool.sys
023 - tfsnudf - system32\dla\tfsnudf.sys
023 - tfsnudfa - system32\dla\tfsnudfa.sys
023 - usb_rndis_xp - system32\DRIVERS\usb8023.sys - System32\drivers\rndismp.sys
023 - vspf_hk - \??\C:\WINDOWS\system32\drivers\vspf_hk5.sys
023 - wanatw - system32\DRIVERS\wanatw4.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-23 21:23:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\TEMP

scan completed successfully
hidden files: 1

**************************************************************************

Completion time: 2007-07-23 21:25:25 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-23 21:24
C:\ComboFix2.txt ... 2007-07-21 15:29
C:\ComboFix3.txt ... 2007-07-20 20:10

--- E O F ---
dmitch is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-23-2007, 07:39 PM   #11 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,478
OS: N/A


Re: onlinestability spyware problem HJT log inserted
Have Hijackthis fix this:

O2 - BHO: (no name) - {AB56775D-4E1D-498C-B3F4-07721C01CE15} - C:\WINDOWS\Fonts\svslpay.dll


Since Kaspersky wont work for you, let's use BitDefender.





Please perform an online scan using Internet Explorer at this website - http://www.bitdefender.com/scan8/ie.html

Under SCANNING OPTIONS, use the following Settings:
  • Action options - Report only
  • Second option - Report only

Once finished, click on the Details button to view the results.
To the upper right of the results you will see an option saying "Click here to export the scan results" Post the log of the scan results in your next reply
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-24-2007, 05:24 PM   #12 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 32
OS: WinXP


Re: onlinestability spyware problem HJT log inserted
BitDefender Online Scanner - Real Time Virus Report
Generated at: Tue, Jul 24, 2007 - 19:23:27
Scan Info
Scanned Files
259037
Infected Files
0
Virus Detected
No virus found.
Last edited by sUBs; 07-24-2007 at 05:36 PM.
dmitch is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-24-2007, 05:38 PM   #13 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,478
OS: N/A


Re: onlinestability spyware problem HJT log inserted
Quote:
Infected Files 0
Looks good. Does it feel as good as it looks?

Please post a fresh hijackthis log.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-24-2007, 05:58 PM   #14 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 32
OS: WinXP


Re: onlinestability spyware problem HJT log inserted
It feels silky smooth!! Much thx sUBs. Awesome job. Can't say it enough. Now to learn .NET !
dmitch is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-24-2007, 06:04 PM   #15 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,478
OS: N/A


Re: onlinestability spyware problem HJT log inserted
Still need a fresh hijackthis log. :)
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-24-2007, 06:05 PM   #16 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 32
OS: WinXP


Re: onlinestability spyware problem HJT log inserted
OK. Will send immediately
dmitch is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-24-2007, 06:07 PM   #17 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 32
OS: WinXP


Re: onlinestability spyware problem HJT log inserted
Logfile of HijackThis v1.99.1
Scan saved at 828 PM, on 7/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BellSouth\BellSouth Internet Security\fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BellSouth\BellSouth Internet Security\Rps.exe
C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe
C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\BellSouth\BellSouth Internet Security\FBHR.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll (file missing)
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [Workflow] D:\installs\Workflow.exe
O4 - HKLM\..\Run: [BellSouth Internet Security] "C:\Program Files\BellSouth\BellSouth Internet Security\Rps.exe"
O4 - HKLM\..\Run: [HelpCenter] "C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe" /P HelpCenter
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] "C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe" /AUTORUN
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.21.10/ttinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downl...ameManager.cab
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB49} (CheckControl Class) - http://content-loader.com/load/ccaccess.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\BellSouth\BellSouth Internet Security\fws.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
dmitch is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-24-2007, 06:10 PM   #18 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,478
OS: N/A


Re: onlinestability spyware problem HJT log inserted
Hang on ... saw something bad in there. I'll be right back
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-24-2007, 06:19 PM   #19 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,478
OS: N/A


Re: onlinestability spyware problem HJT log inserted
This is a dialer application that is installed by visiting pornographic site. It makes higher rate calls to display adult contents.

Please have Hijackthis fix this entry:

O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB49} (CheckControl Class) - http://content-loader.com/load/ccaccess.cab


Then, open notepad and copy/paste the text in the quotebox below:
(don't forget to copy and paste REGEDIT4)

Quote:
REGEDIT4

[-HKEY_CLASSES_ROOT\CLSID\{E53458D2-5A83-4BD1-8DE2-EEEBE73BAB49}]
[-HKEY_CLASSES_ROOT\Ccaccess.CheckControl]
[-HKEY_CLASSES_ROOT\TypeLib\{6BC36767-3FCC-4948-8A13-703F887A3E87}]
[-HKEY_CLASSES_ROOT\Ccaccess.CheckControl.1]
[-HKEY_CLASSES_ROOT\Interface\{3EB94323-0856-4479-AA22-D81BBFEEA91E}]
Save this as fix.reg Choose to "Save type as - All Files"
It should look like this:
Double click on fix.reg & allow it to merge into the registry


Check if you have this file - C:\WINDOWS\System32\ccaccess.dll <-- Delete it

Let me know how that went
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-24-2007, 06:29 PM   #20 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 32
OS: WinXP


Re: onlinestability spyware problem HJT log inserted
I didn't see the file C:\WINDOWS\System32\ccaccess.dll but i did everything else successfully. Looks good I think. New HJT file inserted

Logfile of HijackThis v1.99.1
Scan saved at 8:28:50 PM, on 7/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BellSouth\BellSouth Internet Security\fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BellSouth\BellSouth Internet Security\Rps.exe
C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe
C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\BellSouth\BellSouth Internet Security\FBHR.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll (file missing)
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [Workflow] D:\installs\Workflow.exe
O4 - HKLM\..\Run: [BellSouth Internet Security] "C:\Program Files\BellSouth\BellSouth Internet Security\Rps.exe"
O4 - HKLM\..\Run: [HelpCenter] "C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe" /P HelpCenter
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] "C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe" /AUTORUN
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.21.10/ttinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downl...ameManager.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\BellSouth\BellSouth Internet Security\fws.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
dmitch is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 02:18 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85