|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
10-04-2007, 03:30 PM
|
#1 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 28
OS: winxp
|
DSS wont complete-viruses,trojan downloaders and popups
Everytime it gets to deleting temp net files it just crashes. I tried reinstalling it several times but nothing. I'm getting bestantivirusseller pop ups. the log i got from the free computer scan said I have viruses and hacker equipment on my computer. This whole process has taken me HOURS to complete. MY net explorer keeps freezing. I had to shut down my computer a few times manuelly. Once when it started up it froze with just my desktop picture for about 5 mins. it's like whatevers in my computer is trying to prevent me from doing this. I keep finding trojan horse downloader.generic4.ZQI in AVG....spysweeper is finding nothing but trace cookies. I'm not sure how anyone can help me without the dss log though.
|
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
10-04-2007, 08:45 PM
|
#2 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,596
OS: WinXP and Vista
|
Re: DSS wont complete-viruses,trojan downloaders and popups
Hello hybritical and welcome,
Please run dss.exe again, but use these instructions: Click Start>Select 'Run' - then copy/paste the following text into the run box & click OK "%userprofile%\desktop\dss.exe" /config In the dialog box that appears: Under the Main Log heading--Uncheck Temp Cleanup Under the Extra Log heading-- 'Check' each box if they aren't already. Click Scan! When finished, it shall produce main.txt and extra.txt for you. Please include those in your next reply. |
|
|
|
|
10-04-2007, 09:00 PM
|
#3 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 28
OS: winxp
|
Re: DSS wont complete-viruses,trojan downloaders and popups
Thanks nice to meet you
 Deckard's System Scanner v20070905.67 Run by Owner on 2007-10-04 22:51:01 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- -- Last 5 Restore Point(s) -- 33: 2007-10-04 20:50:46 UTC - RP129 - Deckard's System Scanner Restore Point 32: 2007-10-03 21:18:35 UTC - RP128 - System Checkpoint 31: 2007-10-02 19:36:43 UTC - RP127 - Last known good configuration 30: 2007-10-02 19:36:32 UTC - RP126 - System Checkpoint 29: 2007-10-02 19:36:31 UTC - RP125 - System Checkpoint -- First Restore Point -- 1: 2007-10-02 19:36:11 UTC - RP97 - System Checkpoint Backed up registry hives. Total Physical Memory: 255 MiB (512 MiB recommended). -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:53:08 PM, on 10/4/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\America Online 9.0\waol.exe C:\Documents and Settings\Owner\desktop\dss.exe C:\Program Files\America Online 9.0\shellmon.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file) O2 - BHO: (no name) - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINDOWS\system32\l3acdb.dll (file missing) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll (file missing) O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\System32\ovsuitxh.dll O2 - BHO: BndDrive BHO Class - {9815DA81-2E0C-478c-90E4-06E474E704D0} - C:\Program Files\ISM\BndDrive.dll (file missing) O2 - BHO: HttpGuard - {98B822AD-6BE7-49BC-B773-97240B774080} - C:\WINDOWS\system32\AClient.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {B7423D6D-7DC7-4B8A-B1BD-D2452B5DAD7A} - C:\WINDOWS\System32\ssqpp.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1176427498\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt O4 - HKLM\..\Run: [{AB-B7-74-48-ZN}] C:\DOCUME~1\Owner\LOCALS~1\Temp\thinksnet.exe CHD003 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\gctwjchs.dll",sitypnow O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\thinksnet.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/gam...s/y/poti_x.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file) O20 - Winlogon Notify: awtqrpn - C:\WINDOWS\SYSTEM32\awtqrpn.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\yulnoxlv.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 8430 bytes -- File Associations ----------------------------------------------------------- .bat - batfile - shell\edit\command - NOTEDAD.EXE %1 .ini - inifile - shell\open\command - NOTEDAD.EXE %1 .reg - regfile - shell\edit\command - NOTEDAD.EXE %1 .txt - txtfile - shell\open\command - %windir%\NOTEPAD.EXE %1 -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver> R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S2 DomainService - c:\windows\system32\yulnoxlv.exe /service (file missing) -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2007-10-04 22:52:02 492 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (NEW-HARVEST-Owner).job 2007-10-04 22:00:00 350 --a------ C:\WINDOWS\Tasks\At23.job 2007-10-04 21:00:00 350 --a------ C:\WINDOWS\Tasks\At22.job 2007-10-04 20:00:00 350 --a------ C:\WINDOWS\Tasks\At21.job 2007-10-04 19:00:00 350 --a------ C:\WINDOWS\Tasks\At20.job 2007-10-04 18:00:00 350 --a------ C:\WINDOWS\Tasks\At19.job 2007-10-04 17:00:00 350 --a------ C:\WINDOWS\Tasks\At18.job 2007-10-04 16:00:00 350 --a------ C:\WINDOWS\Tasks\At17.job 2007-10-04 03:00:00 350 --a------ C:\WINDOWS\Tasks\At4.job 2007-10-04 02:00:00 350 --a------ C:\WINDOWS\Tasks\At3.job 2007-10-04 01:00:00 350 --a------ C:\WINDOWS\Tasks\At2.job 2007-10-04 00:00:00 350 --a------ C:\WINDOWS\Tasks\At1.job 2007-10-03 23:00:00 350 --a------ C:\WINDOWS\Tasks\At24.job 2007-10-03 15:00:00 350 --a------ C:\WINDOWS\Tasks\At16.job 2007-10-01 14:00:00 350 --a------ C:\WINDOWS\Tasks\At15.job 2007-10-01 13:00:00 350 --a------ C:\WINDOWS\Tasks\At14.job 2007-10-01 12:00:00 350 --a------ C:\WINDOWS\Tasks\At13.job 2007-10-01 11:00:00 350 --a------ C:\WINDOWS\Tasks\At12.job 2007-09-15 04:00:00 350 --a------ C:\WINDOWS\Tasks\At5.job 2007-09-06 05:00:00 350 --a------ C:\WINDOWS\Tasks\At6.job 2007-09-03 08:00:00 350 --a------ C:\WINDOWS\Tasks\At9.job 2007-09-03 07:00:00 350 --a------ C:\WINDOWS\Tasks\At8.job 2007-09-03 06:00:00 350 --a------ C:\WINDOWS\Tasks\At7.job 2007-08-26 10:00:00 350 --a------ C:\WINDOWS\Tasks\At11.job 2007-08-26 09:00:00 350 --a------ C:\WINDOWS\Tasks\At10.job -- Files created between 2007-09-04 and 2007-10-04 ----------------------------- 2007-10-04 22:52:35 0 d-------- C:\Program Files\Trend Micro 2007-10-04 18:38:44 85056 --a------ C:\WINDOWS\System32\gctwjchs.dll 2007-10-04 18:28:21 75328 --a------ C:\WINDOWS\System32\xuqyvttu.exe <Not Verified; ; DDC> 2007-10-04 16:41:45 85056 -----n--- C:\WINDOWS\System32\yfgfqkwo.dll 2007-10-04 16:39:25 0 d-------- C:\ie-spyad_zo 2007-10-04 16:35:35 75328 --a------ C:\WINDOWS\System32\gomfiewh.exe <Not Verified; ; DDC> 2007-10-04 16:14:36 85056 -----n--- C:\WINDOWS\System32\qejbhaiq.dll 2007-10-04 16:14:06 0 d-------- C:\Program Files\SpywareBlaster 2007-10-04 16:11:19 75328 --a------ C:\WINDOWS\System32\ihrqoxkg.exe <Not Verified; ; DDC> 2007-10-04 15:55:18 1340706 ---hs---- C:\WINDOWS\System32\ppqss.ini2 2007-10-04 15:36:19 85056 --a------ C:\WINDOWS\System32\digqbhbj.dll 2007-10-04 15:31:25 75328 --a------ C:\WINDOWS\System32\fhktplvc.exe <Not Verified; ; DDC> 2007-10-04 00:50:45 0 d-------- C:\WINDOWS\System32\ActiveScan 2007-10-03 15:58:20 77376 --a------ C:\WINDOWS\System32\ovsuitxh.dll 2007-10-03 15:25:49 77376 --a------ C:\WINDOWS\System32\iyhwwqak.dll 2007-10-03 14:59:56 77376 --a------ C:\WINDOWS\System32\ghuwkrma.dll 2007-10-03 14:50:28 1338075 ---hs---- C:\WINDOWS\System32\ppqss.bak2 2007-10-02 15:37:00 6465 ---hs---- C:\WINDOWS\System32\ppqss.bak1 2007-10-02 15:35:33 310880 --a------ C:\WINDOWS\System32\ssqpp.dll 2007-10-02 15:30:22 36352 --a------ C:\WINDOWS\System32\awtqrpn.dll 2007-09-27 16:46:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2007-09-08 14:34:36 0 d-------- C:\Program Files\Common Files\ODBC -- Find3M Report --------------------------------------------------------------- 2007-10-04 02:03:11 0 d-------- C:\Program Files\Google 2007-10-03 15:45:24 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7 2007-09-10 19:25:25 0 dr-h----- C:\Documents and Settings\Owner\Application Data\yahoo! 2007-09-08 14:34:36 0 d-------- C:\Program Files\Common Files 2007-09-05 21:40:10 0 d-------- C:\Program Files\Yahoo! 2007-08-29 17:10:53 0 d-------- C:\Program Files\Common Files\Adobe 2007-08-26 12:10:50 0 d-------- C:\Program Files\Dell 2007-08-18 18:41:28 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia 2007-08-18 18:41:08 0 d-------- C:\Program Files\Escape From Paradise 2007-08-14 12:33:24 0 d-------- C:\Program Files\America Online 9.0 2007-08-14 12:23:12 0 d-------- C:\Program Files\McAfee.com 2007-08-14 12:20:26 0 d-------- C:\Program Files\Common Files\aol 2007-08-14 03:14:04 0 d-------- C:\Program Files\Webroot 2007-08-14 03  18 0 d-------- C:\Documents and Settings\Owner\Application Data\Webroot2007-08-14 01:49:59 0 d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo 2007-08-13 03:21:55 0 d-------- C:\Program Files\AVG2 2007-08-12 14:17:28 3638 --a------ C:\WINDOWS\5bydbzjy.exe 2007-08-12 13:42:37 0 d-------- C:\Program Files\Burger Island 2007-08-11 02:14:19 0 d--h----- C:\Program Files\WindowsUpdate 2007-08-10 14:37:43 0 d-------- C:\Program Files\DivX 2007-08-10 03:18:59 598 --a------ C:\Documents and Settings\Owner\Application Data\error.log 2007-08-10 03:15:20 15 --a------ C:\Documents and Settings\Owner\Application Data\config.tcf 2007-08-10 01:08:52 0 d-------- C:\Program Files\Cake Mania 2 2007-08-09 19:35:39 0 d-------- C:\Documents and Settings\Owner\Application Data\Sandlot Games 2007-08-09 17:47:06 0 d-------- C:\Program Files\Microsoft ActiveSync 2007-08-04 16:08:08 0 d-------- C:\Program Files\Blaze Media Pro -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53B5F2B1-94DD-43E5-8187-EB4E31F00701}] C:\WINDOWS\system32\l3acdb.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}] C:\WINDOWS\WebAssist.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89AD4D75-2429-462e-BD4E-443F233F6033}] 10/03/2007 03:58 PM 77376 --a------ C:\WINDOWS\System32\ovsuitxh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9815DA81-2E0C-478c-90E4-06E474E704D0}] C:\Program Files\ISM\BndDrive.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98B822AD-6BE7-49BC-B773-97240B774080}] C:\WINDOWS\system32\AClient.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7423D6D-7DC7-4B8A-B1BD-D2452B5DAD7A}] 10/02/2007 03:35 PM 310880 --a------ C:\WINDOWS\System32\ssqpp.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MCAgentExe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [] "HostManager"="C:\Program Files\Common Files\AOL\1176427498\ee\AOLSoftware.exe" [] "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/23/2006 08:50 AM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/12/2007 09:27 PM] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/13/2007 12:52 PM] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [05/08/2007 11:09 PM] "IESet"="IExplorer.dll" [] "{AB-B7-74-48-ZN}"="C:\DOCUME~1\Owner\LOCALS~1\Temp\thinksnet.exe" [] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [07/19/2007 10:54 PM] "SearchIndexer"="C:\WINDOWS\System32\gctwjchs.dll" [10/04/2007 06:38 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/07/2007 02:51 PM] "AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [07/12/2005 06:17 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "IESet"=IExplorer.dll .dbt [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{178D4E6A-BA5A-4ECB-8521-F7B8393FDB97}"= C:\WINDOWS\System32\awtqrpn.dll [10/02/2007 03:30 PM 36352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqrpn] awtqrpn.dll 10/02/2007 03:30 PM 36352 C:\WINDOWS\system32\awtqrpn.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\System32\ssqpp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="Service" -- End of Deckard's System Scanner: finished at 2007-10-04 22:56:39 ------------ |
|
|
|
|
10-04-2007, 09:52 PM
|
#4 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,596
OS: WinXP and Vista
|
Re: DSS wont complete-viruses,trojan downloaders and popups
Nice to meet you as well.
 This is a bit of a mess and will require a few rounds to clean it up, so please stay with me even if the symptoms abate. Download Combofix and save it to your desktop. **Note: It is important that it is saved directly to your desktop** -------------------------------------------------------------------- 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. -------------------------------------------------------------------- Run ComboFix using these instructions: Click the Windows 'Start' button > Select 'Run' - then copy/paste the bolded text below, into the run box & click OK "%userprofile%\desktop\combofix.exe" /killall When finished, it shall produce a log for you. Post the C:\ComboFix.txt in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. |
|
|
|
|
10-05-2007, 10:54 AM
|
#5 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 28
OS: winxp
|
Re: DSS wont complete-viruses,trojan downloaders and popups
ok when i used it the first couple of times it had an error screen saying that it would need to shut down pop up about 5 or 6 times then finally it said im not an admin, which wasn't correct. i rebooted to see if that would do anything, same thing and then i tried just clicking the link on the desktop and it worked. I hope thats ok...if so heres the log
 ComboFix 07-10-05.3 - Owner 2007-10-05 12:36:45.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.71 [GMT -4:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TA_Start.lnk C:\Temp\fse C:\WINDOWS\cookies.ini C:\WINDOWS\Downloaded Program Files.\xpreload.ocx C:\WINDOWS\Fonts\acrsecI.fon C:\WINDOWS\system32\cbaxurnr.dll C:\WINDOWS\system32\dbawkjix.dll C:\WINDOWS\system32\digqbhbj.dll C:\WINDOWS\system32\f02WtR C:\WINDOWS\system32\fhktplvc.exe C:\WINDOWS\system32\ghuwkrma.dll C:\WINDOWS\system32\gomfiewh.exe C:\WINDOWS\system32\ihrqoxkg.exe C:\WINDOWS\system32\iyhwwqak.dll C:\WINDOWS\system32\jbhbqgid.ini C:\WINDOWS\system32\ovsuitxh.dll C:\WINDOWS\system32\vpkacgkl.exe C:\WINDOWS\system32\wjhxickh.exe C:\WINDOWS\system32\xijkwabd.ini C:\WINDOWS\system32\xuqyvttu.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-09-05 to 2007-10-05 ))))))))))))))))))))))))))))))) . 2007-10-05 12:35 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-04 22:52 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-04 16:50 <DIR> d-------- C:\Deckard 2007-10-04 16:39 <DIR> d-------- C:\ie-spyad_zo 2007-10-04 16:14 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-10-04 15:55 6,628 ---hs---- C:\WINDOWS\system32\ppqss.ini2 2007-10-04 00:50 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-03 14:50 1,294,276 ---hs---- C:\WINDOWS\system32\ppqss.bak2 2007-10-02 15:37 6,465 ---hs---- C:\WINDOWS\system32\ppqss.bak1 2007-10-02 15:35 310,880 --a------ C:\WINDOWS\system32\ssqpp.dll 2007-10-02 15:30 36,352 --a------ C:\WINDOWS\system32\awtqrpn.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-04 02:03 --------- d-------- C:\Program Files\Google 2007-09-22 00:57 --------- d-------- C:\Documents and Settings\All Users\Application Data\WinZip 2007-09-10 19:25 --------- dr-h----- C:\Documents and Settings\Owner\Application Data\yahoo! 2007-09-06 01:45 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-09-05 21:44 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! 2007-09-05 21:40 --------- d-------- C:\Program Files\Yahoo! 2007-08-26 12:10 --------- d-------- C:\Program Files\Dell 2007-08-18 18:41 --------- d-------- C:\Program Files\Escape From Paradise 2007-08-14 12:33 --------- d-------- C:\Program Files\America Online 9.0 2007-08-14 12:24 --------- d-------- C:\Documents and Settings\All Users\Application Data\AOL 2007-08-14 12:23 --------- d-------- C:\Program Files\McAfee.com 2007-08-14 12:20 --------- d-------- C:\Program Files\Common Files\aol 2007-08-14 03:14 --------- d-------- C:\Program Files\Webroot 2007-08-14 03:06 --------- d-------- C:\Documents and Settings\Owner\Application Data\Webroot 2007-08-14 03:06 --------- d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2007-08-14 03:06 --------- d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2007-08-14 03:06 --------- d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2007-08-14 03:06 --------- d-------- C:\Documents and Settings\All Users\Application Data\Webroot 2007-08-14 01:49 --------- d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo 2007-08-13 03:21 --------- d-------- C:\Program Files\AVG2 2007-08-12 14:17 3638 --a------ C:\WINDOWS\5bydbzjy.exe 2007-08-12 13:42 --------- d-------- C:\Program Files\Burger Island 2007-08-10 14:37 --------- d-------- C:\Program Files\DivX 2007-08-10 01:09 --------- d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games 2007-08-10 01:08 --------- d-------- C:\Program Files\Cake Mania 2 2007-08-09 19:35 --------- d-------- C:\Documents and Settings\Owner\Application Data\Sandlot Games 2007-08-09 19:34 --------- d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2007-08-09 17:47 --------- d-------- C:\Program Files\Microsoft ActiveSync 2007-08-09 16:20 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-07-19 22:54 1521464 --a------ C:\WINDOWS\WRSetup.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F9C7C74-BD48-45B4-BB02-47C411790F14}] 2007-10-02 15:35 310880 --a------ C:\WINDOWS\System32\ssqpp.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53B5F2B1-94DD-43E5-8187-EB4E31F00701}] C:\WINDOWS\system32\l3acdb.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}] C:\WINDOWS\WebAssist.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9815DA81-2E0C-478c-90E4-06E474E704D0}] C:\Program Files\ISM\BndDrive.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98B822AD-6BE7-49BC-B773-97240B774080}] C:\WINDOWS\system32\AClient.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "@"="" [] "MCAgentExe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [] "HostManager"="C:\Program Files\Common Files\AOL\1176427498\ee\AOLSoftware.exe" [] "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-12 21:27] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-13 12:52] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-05-08 23:09] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 22:54] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "@"="" [] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 14:51] "AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 06:17] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{178D4E6A-BA5A-4ECB-8521-F7B8393FDB97}"= C:\WINDOWS\System32\awtqrpn.dll [2007-10-02 15:30 36352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqrpn] awtqrpn.dll 2007-10-02 15:30 36352 C:\WINDOWS\system32\awtqrpn.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\System32\ssqpp.dll R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\System32\Drivers\SSFS0BB8.SYS S3 NaiFiltr;NaiFiltr;C:\WINDOWS\System32\DRIVERS\NaiFiltr.sys *Newly Created Service* - ALG *Newly Created Service* - IPNAT *Newly Created Service* - SHAREDACCESS . Contents of the 'Scheduled Tasks' folder "2007-10-04 04:00:00 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\System32\simYr384.exe "2007-08-26 13:00:00 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\System32\simYr384.exe "2007-08-26 14:00:00 C:\WINDOWS\Tasks\At11.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-01 15:00:00 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-05 16:00:00 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-01 17:00:00 C:\WINDOWS\Tasks\At14.job" "2007-10-01 18:00:00 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-03 19:00:00 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-04 20:00:00 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-04 21:00:00 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-04 22:00:00 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-04 05:00:00 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-04 23:00:00 C:\WINDOWS\Tasks\At20.job" "2007-10-05 00:00:00 C:\WINDOWS\Tasks\At21.job" "2007-10-05 01:00:00 C:\WINDOWS\Tasks\At22.job" "2007-10-05 02:00:00 C:\WINDOWS\Tasks\At23.job" "2007-10-05 03:00:00 C:\WINDOWS\Tasks\At24.job" "2007-10-04 06:00:00 C:\WINDOWS\Tasks\At3.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-04 07:00:00 C:\WINDOWS\Tasks\At4.job" - C:\WINDOWS\System32\simYr384.exe "2007-09-15 08:00:00 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\System32\simYr384.exe "2007-09-06 09:00:00 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\System32\simYr384.exe "2007-09-03 10:00:00 C:\WINDOWS\Tasks\At7.job" - C:\WINDOWS\System32\simYr384.exe "2007-09-03 11:00:00 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\System32\simYr384.exe "2007-09-03 12:00:00 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-05 16:47:01 C:\WINDOWS\Tasks\McAfee.com Update Check (NEW-HARVEST-Owner).job" - C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-05 12:44:13 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-05 12:49:27 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-10-05 12:48 . --- E O F --- |
|
|
|
|
10-05-2007, 11:25 AM
|
#6 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,596
OS: WinXP and Vista
|
Re: DSS wont complete-viruses,trojan downloaders and popups
Nice work hybritical, let's continue.
 Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. *************************************************** 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. --------------------------------------------------------------------- Open notepad and copy/paste the text in the quotebox below into it: Quote:
 Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall -------------------------------------------------------------------- Also please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400 Answer Yes, when prompted to install an ActiveX component.
-------------------------------------------------- Run a new scan with HijackThis and save the log. -------------------------------------------------- Please include the following in your next reply: C:\ComboFix.txt Kaspersky results New HijackThis log Update on system behavior |
|
|
|
|
|
10-05-2007, 01:49 PM
|
#7 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 28
OS: winxp
|
Re: DSS wont complete-viruses,trojan downloaders and popups
Thanks
 .Everything is running better....net hasn't froze since Istarted this....didn't have to oull out the ole Task Manager. I am concerned that it says I still have viruses thought  . Heres all the logs in the order you asked for them. I hope it's ok that I just copy and pasted.ComboFix 07-10-05.3 - Owner 2007-10-05 14:13:11.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.103 [GMT -4:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-09-05 to 2007-10-05 ))))))))))))))))))))))))))))))) . 2007-10-05 12:35 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-04 22:52 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-04 16:50 <DIR> d-------- C:\Deckard 2007-10-04 16:39 <DIR> d-------- C:\ie-spyad_zo 2007-10-04 16:14 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-10-04 15:55 6,465 ---hs---- C:\WINDOWS\system32\ppqss.ini2 2007-10-04 00:50 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-03 14:50 6,513 ---hs---- C:\WINDOWS\system32\ppqss.bak2 2007-10-02 15:37 6,465 ---hs---- C:\WINDOWS\system32\ppqss.bak1 2007-10-02 15:35 310,880 --a------ C:\WINDOWS\system32\ssqpp.dll 2007-10-02 15:30 36,352 --a------ C:\WINDOWS\system32\awtqrpn.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-04 02:03 --------- d-------- C:\Program Files\Google 2007-09-22 00:57 --------- d-------- C:\Documents and Settings\All Users\Application Data\WinZip 2007-09-10 19:25 --------- dr-h----- C:\Documents and Settings\Owner\Application Data\yahoo! 2007-09-06 01:45 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-09-05 21:44 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! 2007-09-05 21:40 --------- d-------- C:\Program Files\Yahoo! 2007-08-26 12:10 --------- d-------- C:\Program Files\Dell 2007-08-18 18:41 --------- d-------- C:\Program Files\Escape From Paradise 2007-08-14 12:33 --------- d-------- C:\Program Files\America Online 9.0 2007-08-14 12:24 --------- d-------- C:\Documents and Settings\All Users\Application Data\AOL 2007-08-14 12:23 --------- d-------- C:\Program Files\McAfee.com 2007-08-14 12:20 --------- d-------- C:\Program Files\Common Files\aol 2007-08-14 03:14 --------- d-------- C:\Program Files\Webroot 2007-08-14 03:06 --------- d-------- C:\Documents and Settings\Owner\Application Data\Webroot 2007-08-14 03:06 --------- d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2007-08-14 03:06 --------- d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2007-08-14 03:06 --------- d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2007-08-14 03:06 --------- d-------- C:\Documents and Settings\All Users\Application Data\Webroot 2007-08-14 01:49 --------- d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo 2007-08-13 03:21 --------- d-------- C:\Program Files\AVG2 2007-08-12 14:17 3638 --a------ C:\WINDOWS\5bydbzjy.exe 2007-08-12 13:42 --------- d-------- C:\Program Files\Burger Island 2007-08-10 14:37 --------- d-------- C:\Program Files\DivX 2007-08-10 01:09 --------- d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games 2007-08-10 01:08 --------- d-------- C:\Program Files\Cake Mania 2 2007-08-09 19:35 --------- d-------- C:\Documents and Settings\Owner\Application Data\Sandlot Games 2007-08-09 19:34 --------- d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2007-08-09 17:47 --------- d-------- C:\Program Files\Microsoft ActiveSync 2007-08-09 16:20 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-07-19 22:54 1521464 --a------ C:\WINDOWS\WRSetup.dll . ((((((((((((((((((((((((((((( snapshot@2007-10-05_12.46.18.71 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 40,196 2007-10-05 16:47:39 C:\WINDOWS\system32\perfc009.dat ----a-w 311,934 2007-10-05 16:47:39 C:\WINDOWS\system32\perfh009.dat ----a-w 16,384 2007-10-05 16:43:33 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-10-05 16:43:33 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat ----a-w 32,768 2007-10-05 16:43:33 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ----a-w 40,196 2007-04-12 23:07:38 C:\WINDOWS\system32\perfc009.dat ----a-w 311,934 2007-04-12 23:07:38 C:\WINDOWS\system32\perfh009.dat ----a-w 16,384 2007-10-05 16:32:17 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-10-05 16:32:17 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat ----a-w 32,768 2007-10-05 16:32:17 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F9C7C74-BD48-45B4-BB02-47C411790F14}] 2007-10-02 15:35 310880 --a------ C:\WINDOWS\System32\ssqpp.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}] C:\WINDOWS\WebAssist.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9815DA81-2E0C-478c-90E4-06E474E704D0}] C:\Program Files\ISM\BndDrive.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MCAgentExe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [] "HostManager"="C:\Program Files\Common Files\AOL\1176427498\ee\AOLSoftware.exe" [] "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-12 21:27] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-13 12:52] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-05-08 23:09] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 22:54] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 14:51] "AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 06:17] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\System32\ssqpp.dll R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\System32\Drivers\SSFS0BB8.SYS S3 NaiFiltr;NaiFiltr;C:\WINDOWS\System32\DRIVERS\NaiFiltr.sys *Newly Created Service* - ALG *Newly Created Service* - IPNAT *Newly Created Service* - SHAREDACCESS . Contents of the 'Scheduled Tasks' folder "2007-10-04 04:00:00 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\System32\simYr384.exe "2007-08-26 13:00:00 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\System32\simYr384.exe "2007-08-26 14:00:00 C:\WINDOWS\Tasks\At11.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-01 15:00:00 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-05 16:00:00 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-05 17:00:00 C:\WINDOWS\Tasks\At14.job" "2007-10-05 18:00:00 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-03 19:00:00 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-04 20:00:00 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-04 21:00:00 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-04 22:00:00 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-04 05:00:00 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-04 23:00:00 C:\WINDOWS\Tasks\At20.job" "2007-10-05 00:00:00 C:\WINDOWS\Tasks\At21.job" "2007-10-05 01:00:00 C:\WINDOWS\Tasks\At22.job" "2007-10-05 02:00:00 C:\WINDOWS\Tasks\At23.job" "2007-10-05 03:00:00 C:\WINDOWS\Tasks\At24.job" "2007-10-04 06:00:00 C:\WINDOWS\Tasks\At3.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-04 07:00:00 C:\WINDOWS\Tasks\At4.job" - C:\WINDOWS\System32\simYr384.exe "2007-09-15 08:00:00 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\System32\simYr384.exe "2007-09-06 09:00:00 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\System32\simYr384.exe "2007-09-03 10:00:00 C:\WINDOWS\Tasks\At7.job" - C:\WINDOWS\System32\simYr384.exe "2007-09-03 11:00:00 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\System32\simYr384.exe "2007-09-03 12:00:00 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-05 18:12:00 C:\WINDOWS\Tasks\McAfee.com Update Check (NEW-HARVEST-Owner).job" - C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-05 14:16:17 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-05 14:17:52 C:\ComboFix-quarantined-files.txt ... 2007-10-05 14:17 C:\ComboFix.txt ... 2007-10-05 12:49 . --- E O F --- ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, October 05, 2007 3:40:26 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600) Kaspersky Online Scanner version: 5.0.93.1 Kaspersky Anti-Virus database last update: 5/10/2007 Kaspersky Anti-Virus database records: 428000 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ Scan Statistics: Total number of scanned objects: 29440 Number of viruses found: 3 Number of infected objects: 17 Number of suspicious objects: 0 Duration of the scan process: 00:48:58 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\HyBRidHzYsyS67\mydb.idx Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\HyBRidHzYsyS67\style.lst Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\HyBRidHzYsyS67\toolbar.lst Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\SNMaster.idx Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\CACHE\hybridhzysys02 Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\hybridhzysys67 Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\hybridhzysys67.abi Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\hybridhzysys67.aby Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Application Data\AOL\C_America Online 9.0\IDB\Apps.Lst Object is locked skipped C:\Documents and Settings\Owner\Application Data\AOL\C_America Online 9.0\IDB\art.idx Object is locked skipped C:\Documents and Settings\Owner\Application Data\AOL\C_America Online 9.0\IDB\sap.dat Object is locked skipped C:\Documents and Settings\Owner\Application Data\AOL\C_America Online 9.0\IDB\spool.lst Object is locked skipped C:\Documents and Settings\Owner\Application Data\AOL\C_America Online 9.0\IDB\sysnews.lst Object is locked skipped C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\~DFBBCE.tmp Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\My Documents\Back-up Shared Folder\Unfileable Songs\freenaruto.exe/file09 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped C:\Documents and Settings\Owner\My Documents\Back-up Shared Folder\Unfileable Songs\freenaruto.exe Inno: infected - 1 skipped C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped C:\qoobox\Quarantine\C\WINDOWS\system32\fhktplvc.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\qoobox\Quarantine\C\WINDOWS\system32\gomfiewh.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\qoobox\Quarantine\C\WINDOWS\system32\ihrqoxkg.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\qoobox\Quarantine\C\WINDOWS\system32\vpkacgkl.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\qoobox\Quarantine\C\WINDOWS\system32\wjhxickh.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\qoobox\Quarantine\C\WINDOWS\system32\xuqyvttu.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{D8878825-0DA5-4325-B5B8-E2E99F29CC1F}\RP127\A0046701.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{D8878825-0DA5-4325-B5B8-E2E99F29CC1F}\RP127\A0046718.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped C:\System Volume Information\_restore{D8878825-0DA5-4325-B5B8-E2E99F29CC1F}\RP128\A0046789.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{D8878825-0DA5-4325-B5B8-E2E99F29CC1F}\RP130\A0049864.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{D8878825-0DA5-4325-B5B8-E2E99F29CC1F}\RP130\A0049865.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{D8878825-0DA5-4325-B5B8-E2E99F29CC1F}\RP130\A0049866.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{D8878825-0DA5-4325-B5B8-E2E99F29CC1F}\RP130\A0049867.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{D8878825-0DA5-4325-B5B8-E2E99F29CC1F}\RP130\A0049868.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{D8878825-0DA5-4325-B5B8-E2E99F29CC1F}\RP130\A0049869.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{D8878825-0DA5-4325-B5B8-E2E99F29CC1F}\RP132\change.log Object is locked skipped C:\WINDOWS\Debug\oakley.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped Scan process completed. Deckard's System Scanner v20070905.67 Run by Owner on 2007-10-05 15:43:44 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 255 MiB (512 MiB recommended). -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:44:09 PM, on 10/5/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\America Online 9.0\shellmon.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Owner\desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file) O2 - BHO: (no name) - {4F9C7C74-BD48-45B4-BB02-47C411790F14} - C:\WINDOWS\System32\ssqpp.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll (file missing) O2 - BHO: BndDrive BHO Class - {9815DA81-2E0C-478c-90E4-06E474E704D0} - C:\Program Files\ISM\BndDrive.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1176427498\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/gam...s/y/poti_x.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 7589 bytes -- Files created between 2007-09-05 and 2007-10-05 ----------------------------- 2007-10-05 14:34:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-10-05 14:34:24 0 d-------- C:\WINDOWS\System32\Kaspersky Lab 2007-10-05 14:34:19 0 d-------- C:\WINDOWS\LastGood 2007-10-04 22:52:35 0 d-------- C:\Program Files\Trend Micro 2007-10-04 16:39:25 0 d-------- C:\ie-spyad_zo 2007-10-04 16:14:06 0 d-------- C:\Program Files\SpywareBlaster 2007-10-04 15:55:18 6487 ---hs---- C:\WINDOWS\System32\ppqss.ini2 2007-10-04 00:50:45 0 d-------- C:\WINDOWS\System32\ActiveScan 2007-10-03 14:50:28 6513 ---hs---- C:\WINDOWS\System32\ppqss.bak2 2007-10-02 15:37:00 6465 ---hs---- C:\WINDOWS\System32\ppqss.bak1 2007-10-02 15:35:33 310880 --a------ C:\WINDOWS\System32\ssqpp.dll 2007-10-02 15:30:22 36352 --a------ C:\WINDOWS\System32\awtqrpn.dll 2007-09-27 16:46:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2007-09-08 14:34:36 0 d-------- C:\Program Files\Common Files\ODBC -- Find3M Report --------------------------------------------------------------- 2007-10-04 02:03:11 0 d-------- C:\Program Files\Google 2007-10-03 15:45:24 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7 2007-09-10 19:25:25 0 dr-h----- C:\Documents and Settings\Owner\Application Data\yahoo! 2007-09-08 14:34:36 0 d-------- C:\Program Files\Common Files 2007-09-05 21:40:10 0 d-------- C:\Program Files\Yahoo! 2007-08-29 17:10:53 0 d-------- C:\Program Files\Common Files\Adobe 2007-08-26 12:10:50 0 d-------- C:\Program Files\Dell 2007-08-18 18:41:28 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia 2007-08-18 18:41:08 0 d-------- C:\Program Files\Escape From Paradise 2007-08-14 12:33:24 0 d-------- C:\Program Files\America Online 9.0 2007-08-14 12:23:12 0 d-------- C:\Program Files\McAfee.com 2007-08-14 12:20:26 0 d-------- C:\Program Files\Common Files\aol 2007-08-14 03:14:04 0 d-------- C:\Program Files\Webroot 2007-08-14 03 18 0 d-------- C:\Documents and Settings\Owner\Application Data\Webroot2007-08-14 01:49:59 0 d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo 2007-08-13 03:21:55 0 d-------- C:\Program Files\AVG2 2007-08-12 14:17:28 3638 --a------ C:\WINDOWS\5bydbzjy.exe 2007-08-12 13:42:37 0 d-------- C:\Program Files\Burger Island 2007-08-11 02:14:19 0 d--h----- C:\Program Files\WindowsUpdate 2007-08-10 14:37:43 0 d-------- C:\Program Files\DivX 2007-08-10 03:18:59 598 --a------ C:\Documents and Settings\Owner\Application Data\error.log 2007-08-10 03:15:20 15 --a------ C:\Documents and Settings\Owner\Application Data\config.tcf 2007-08-10 01:08:52 0 d-------- C:\Program Files\Cake Mania 2 2007-08-09 19:35:39 0 d-------- C:\Documents and Settings\Owner\Application Data\Sandlot Games 2007-08-09 17:47:06 0 d-------- C:\Program Files\Microsoft ActiveSync -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F9C7C74-BD48-45B4-BB02-47C411790F14}] 10/02/2007 03:35 PM 310880 --a------ C:\WINDOWS\System32\ssqpp.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}] C:\WINDOWS\WebAssist.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9815DA81-2E0C-478c-90E4-06E474E704D0}] C:\Program Files\ISM\BndDrive.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MCAgentExe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [] "HostManager"="C:\Program Files\Common Files\AOL\1176427498\ee\AOLSoftware.exe" [] "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/23/2006 08:50 AM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/12/2007 09:27 PM] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/13/2007 12:52 PM] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [05/08/2007 11:09 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [07/19/2007 10:54 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/07/2007 02:51 PM] "AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [07/12/2005 06:17 AM] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\System32\ssqpp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="Service" *Newly Created Service* - ALG *Newly Created Service* - IPNAT *Newly Created Service* - SHAREDACCESS -- End of Deckard's System Scanner: finished at 2007-10-05 15:44:49 ------------ |
|
|
|
|
10-05-2007, 03:16 PM
|
#8 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,596
OS: WinXP and Vista
|
Re: DSS wont complete-viruses,trojan downloaders and popups
Did you receive any errors at all when running the CFScript?
Everything is still there, let's try this again. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. --------------------------------------------------------------------- Open notepad and copy/paste the text in the quotebox below into it: Quote:
Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Please post the C:\ComboFix.txt |
|
|
|
|
|
10-05-2007, 05:31 PM
|
#9 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 28
OS: winxp
|
Re: DSS wont complete-viruses,trojan downloaders and popups
Nope, it didn't error this time or the last time...and I haven't gotten any popups in awhile.
ComboFix 07-10-05.3 - Owner 2007-10-05 19:19:25.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.104 [GMT -4:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\5bydbzjy.exe C:\WINDOWS\system32\awtqrpn.dll C:\WINDOWS\system32\ppqss.bak1 C:\WINDOWS\system32\ppqss.bak2 C:\WINDOWS\system32\ppqss.ini2 C:\WINDOWS\System32\simYr384.exe C:\WINDOWS\system32\ssqpp.dll C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\5bydbzjy.exe C:\WINDOWS\system32\awtqrpn.dll C:\WINDOWS\system32\ppqss.bak1 C:\WINDOWS\system32\ppqss.bak2 C:\WINDOWS\system32\ppqss.ini2 C:\WINDOWS\system32\ssqpp.dll C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job . ((((((((((((((((((((((((( Files Created from 2007-09-05 to 2007-10-05 ))))))))))))))))))))))))))))))) . 2007-10-05 14:34 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-10-05 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-10-05 12:35 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-04 22:52 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-04 16:50 <DIR> d-------- C:\Deckard 2007-10-04 16:39 <DIR> d-------- C:\ie-spyad_zo 2007-10-04 16:14 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-10-04 00:50 <DIR> d-------- C:\WINDOWS\system32\ActiveScan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-04 02:03 --------- d-------- C:\Program Files\Google 2007-09-22 00:57 --------- d-------- C:\Documents and Settings\All Users\Application Data\WinZip 2007-09-10 19:25 --------- dr-h----- C:\Documents and Settings\Owner\Application Data\yahoo! 2007-09-06 01:45 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-09-05 21:44 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! 2007-09-05 21:40 --------- d-------- C:\Program Files\Yahoo! 2007-08-26 12:10 --------- d-------- C:\Program Files\Dell 2007-08-18 18:41 --------- d-------- C:\Program Files\Escape From Paradise 2007-08-14 12:33 --------- d-------- C:\Program Files\America Online 9.0 2007-08-14 12:24 --------- d-------- C:\Documents and Settings\All Users\Application Data\AOL 2007-08-14 12:23 --------- d-------- C:\Program Files\McAfee.com 2007-08-14 12:20 --------- d-------- C:\Program Files\Common Files\aol 2007-08-14 03:14 --------- d-------- C:\Program Files\Webroot 2007-08-14 03:06 --------- d-------- C:\Documents and Settings\Owner\Application Data\Webroot 2007-08-14 03:06 --------- d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2007-08-14 03:06 --------- d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2007-08-14 03:06 --------- d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2007-08-14 03:06 --------- d-------- C:\Documents and Settings\All Users\Application Data\Webroot 2007-08-14 01:49 --------- d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo 2007-08-13 03:21 --------- d-------- C:\Program Files\AVG2 2007-08-12 13:42 --------- d-------- C:\Program Files\Burger Island 2007-08-10 14:37 --------- d-------- C:\Program Files\DivX 2007-08-10 01:09 --------- d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games 2007-08-10 01:08 --------- d-------- C:\Program Files\Cake Mania 2 2007-08-09 19:35 --------- d-------- C:\Documents and Settings\Owner\Application Data\Sandlot Games 2007-08-09 19:34 --------- d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2007-08-09 17:47 --------- d-------- C:\Program Files\Microsoft ActiveSync 2007-08-09 16:20 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-07-19 22:54 1521464 --a------ C:\WINDOWS\WRSetup.dll . ((((((((((((((((((((((((((((( snapshot@2007-10-05_12.46.18.71 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 40,196 2007-10-05 16:47:39 C:\WINDOWS\system32\perfc009.dat ----a-w 311,934 2007-10-05 16:47:39 C:\WINDOWS\system32\perfh009.dat ----a-w 16,384 2007-10-05 23:12:33 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-10-05 23:12:33 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat ----a-w 32,768 2007-10-05 23:12:33 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat ----a-w 213,048 2005-05-24 15:27:16 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll ----a-w 94,208 2007-09-07 15:29:00 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe ----a-w 946,176 2007-09-07 15:29:00 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll . ----a-w 40,196 2007-04-12 23:07:38 C:\WINDOWS\system32\perfc009.dat ----a-w 311,934 2007-04-12 23:07:38 C:\WINDOWS\system32\perfh009.dat ----a-w 16,384 2007-10-05 16:32:17 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-10-05 16:32:17 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat ----a-w 32,768 2007-10-05 16:32:17 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}] C:\WINDOWS\WebAssist.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9815DA81-2E0C-478c-90E4-06E474E704D0}] C:\Program Files\ISM\BndDrive.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "@"="" [] "MCAgentExe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [] "HostManager"="C:\Program Files\Common Files\AOL\1176427498\ee\AOLSoftware.exe" [] "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-12 21:27] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-13 12:52] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-05-08 23:09] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 22:54] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 14:51] "AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 06:17] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "<NO NAME>"= . Contents of the 'Scheduled Tasks' folder "2007-10-05 23:27:03 C:\WINDOWS\Tasks\McAfee.com Update Check (NEW-HARVEST-Owner).job" - C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-05 19:25:47 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ATWPKT2] "ImagePath"="\??\C:\WINDOWS\System32\drivers\ATWPKT2.SYS" . Completion time: 2007-10-05 19:29:15 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-10-05 19:28 C:\ComboFix2.txt ... 2007-10-05 14:17 . --- E O F --- |
|
|
|
|
10-05-2007, 07:33 PM
|
#10 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,596
OS: WinXP and Vista
|
Re: DSS wont complete-viruses,trojan downloaders and popups
Much better.
Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Perform an online scan with Internet Explorer with Panda ActiveScan
* Turn off the real time scanner of any existing antivirus program while performing the online scan -------------------------------------------------------------------- Run a new scan with HijackThis and save the log. -------------------------------------------------------------------- Please include the following in your next reply: Panda results New HijackThis log |
|
|
|
|
10-05-2007, 10:33 PM
|
#11 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 28
OS: winxp
|
Re: DSS wont complete-viruses,trojan downloaders and popups
ok I dont know if this is bad or expected but the threats have more than doubled
. Here's the log.Incident Status Location Potentially unwanted tool:application/need2find Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\Need2FindBar Uninstall Potentially unwanted tool:application/funweb Not disinfected hkey_classes_root\clsid\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adserver.easyad[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Owner\Cookies\owner@bfast[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[2].txt Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Cookies\owner@com[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Owner\Cookies\owner@drivecleaner[2].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ehg-dig.hitbox[2].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Owner\Cookies\owner@errorsafe[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go.winantispyware[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Owner\Cookies\owner@searchportal.information[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Owner\Cookies\owner@stats.drivecleaner[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Owner\Cookies\owner@winantispyware[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.drivecleaner[2].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.errorsafe[2].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Owner\Desktop\ComboFix.exe[nircmd.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Owner\Desktop\ComboFix.exe[nircmd.cfexe] Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Owner\My Documents\Back-up Shared Folder\Unfileable Songs\freenaruto.exe Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\fhktplvc.exe.vir Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\gomfiewh.exe.vir Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\ihrqoxkg.exe.vir Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\vpkacgkl.exe.vir Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\wjhxickh.exe.vir Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\xuqyvttu.exe.vir Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe |
|
|
|
|
10-05-2007, 11:26 PM
|
#12 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,596
OS: WinXP and Vista
|
Re: DSS wont complete-viruses,trojan downloaders and popups
It was expected, and it's not as bad as it looks.
 Clear Internet Explorer Cookies: Launch Internet Explorer>Tools>Internet Options>Delete Cookies -------------------------------------------------------------------- Delete these files: C:\Documents and Settings\Owner\My Documents\Back-up Shared Folder\Unfileable Songs\freenaruto.exe C:\WINDOWS\NirCmd.exe -------------------------------------------------------------------- Go to Start->Run and type in regedit and hit OK. Open notepad and copy/paste the entire text in the quotebox below: (don't forget to copy and paste REGEDIT4) Quote:
It should look like this:  Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards. -------------------------------------------------------------------- That's it, your logs are clean. The following procedure will clear out the tools we've used as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point. Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK: ComboFix /u -------------------------------------------------------------------- To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released. In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles: PC Safety and Security--What Do I Need? HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Understanding and Using Firewalls **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. ----------------------------------------------------- Follow the list above and the potential for infection will reduce dramatically.
Last edited by Ried; 10-05-2007 at 11:31 PM. |
|
|
|
|
| Thread Tools | |
|
|
located at the bottom of the page.
then click 
