User Tag List

OH the Agony of pop-ups!

This is a discussion on OH the Agony of pop-ups! within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. Deckard's System Scanner v20070826.66 Run by Chad on 2007-08-31 01:43:42 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore --------------------------------------------------------------


 
 
Thread Tools Search this Thread
Old 08-30-2007, 11:17 PM   #1
Guest
 
Join Date: Aug 2007
Posts: 1
OS:



Deckard's System Scanner v20070826.66
Run by Chad on 2007-08-31 01:43:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
31: 2007-08-31 05:44:01 UTC - RP188 - Deckard's System Scanner Restore Point
30: 2007-08-30 08:34:58 UTC - RP187 - Software Distribution Service 3.0
29: 2007-08-30 06:47:12 UTC - RP186 - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
28: 2007-08-30 03:18:06 UTC - RP185 - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
27: 2007-08-28 23:30:38 UTC - RP184 - System Checkpoint


-- First Restore Point --
1: 2007-08-07 21:29:00 UTC - RP158 - Installed Windows Media Player 10


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 83% (more than 75%).
Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Chad.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:03 AM, on 8/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\aspimgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\swkrojpy.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ServicePackFiles\winlogon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\WINDOWS\ServicePackFiles\mmsx.exe
C:\WINDOWS\ServicePackFiles\free.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\Chad\Desktop\stinger3.exe
C:\Documents and Settings\Chad\Local Settings\Temporary Internet Files\Content.IE5\KAHWLN6F\dss[1].exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Chad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.comcast.net/comcast.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://shell.windows.com/fileassoc/0...ir.asp?Ext=pdf
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F3 - REG:win.ini: run=C:\WINDOWS\ServicePackFiles\winlogon.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {15CD9C30-672B-4739-88AA-2EC4AD7C7354} - C:\WINDOWS\system32\ddayw.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: (no name) - {5621007F-BBEE-4674-8077-94C3591DE7C3} - C:\WINDOWS\system32\ddcbcaa.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Editor plugin - {810C7383-C49D-40a8-AB80-59DBA271DAFA} - milis.dll (file missing)
O2 - BHO: HttpGuard - {98B822AD-6BE7-49BC-B773-97240B774080} - C:\WINDOWS\system32\AClient.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\IECodecPl.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\bcnmiilm.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [xem] C:\WINDOWS\ServicePackFiles\winlogon.exe
O4 - HKCU\..\Run: [xem] C:\WINDOWS\ServicePackFiles\winlogon.exe
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - https://scripts.dlv4.com/binaries/ega...s4_1064_XP.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - https://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - https://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://by101fd.bay101.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - https://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resourc...scbase3401.cab
O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - https://scripts.dlv4.com/binaries/ega...1068_em_XP.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - https://updates.lifescapeinc.com/inst...l/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://update.microsoft.com/microsof...?1184222438420
O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - https://us2-scripts.dlv4.com/binaries...s4_1061_XP.cab
O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - https://scripts.downloadv3.com/binari...SS_1074_XP.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - https://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - https://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {FA1D6D8F-C6ED-4752-8512-A33283240130} - https://scripts.dlv4.com/binaries/ega...s4_1066_XP.cab
O16 - DPF: {FBF65A16-C9AB-465E-AECE-D2D9D5AB5E60} - https://scripts.dlv4.com/binaries/ega...s4_1067_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{266FD8F0-9BCE-477D-A327-B36ABFB18BBB}: NameServer = 69.50.176.158,85.255.112.8
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: ddayw - C:\WINDOWS\system32\ddayw.dll
O20 - Winlogon Notify: ddcbcaa - C:\WINDOWS\SYSTEM32\ddcbcaa.dll
O20 - Winlogon Notify: winqgb32 - C:\WINDOWS\SYSTEM32\winqgb32.dll
O21 - SSODL: wmphost - {F82CA7E0-96FA-49C2-962A-0EA252B69555} - (no file)
O21 - SSODL: wmpdev - {4893C8AE-BFB1-42AD-B313-3039AD6862E8} - C:\WINDOWS\wmpdev.dll (file missing)
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe
O23 - Service: asurscsi - Unknown owner - C:\DOCUME~1\ANGELA~1\LOCALS~1\Temp\MSI1A.tmp (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\swkrojpy.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

--
End of file - 12005 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>

S0 szkg - c:\windows\system32\drivers\szkg.sys (file missing)
S1 ensqio - c:\windows\system32\drivers\ensqio.sys (file missing)
S1 sbpcint4 (SB PCI128) - c:\windows\system32\drivers\sbpcint4.sys (file missing)
S1 vspf - c:\windows\system32\drivers\vspf5.sys (file missing)
S1 vspf_hk - c:\windows\system32\drivers\vspf_hk5.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aspimgr (Microsoft ASPI Manager) - c:\windows\system32\aspimgr.exe
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 DomainService - c:\windows\system32\swkrojpy.exe /service <Not Verified; ; DDC>

S2 asurscsi - c:\docume~1\angela~1\locals~1\temp\msi1a.tmp (file missing)
S2 MCVSRte (McAfee.com VirusScan Online Realtime Engine) - c:\progra~1\mcafee.com\vso\mcvsrte.exe /embedding (file missing)
S2 Network Monitor - c:\program files\network monitor\netmon.exe service (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_24CD&SUBSYS_53528086&REV_01\3&267A616A&0&EF
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_24CD&SUBSYS_53528086&REV_01\3&267A616A&0&EF
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-08-31 01:01:45 440 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2007-08-30 04:22:29 338 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-08-30 04:22:28 330 --a------ C:\WINDOWS\Tasks\McQcTask.job
2007-08-30 04:12:00 726 --a------ C:\WINDOWS\Tasks\McAfee Cleanup.job
2007-08-30 03:00:00 374 --a------ C:\WINDOWS\Tasks\RegCure.job
2007-08-27 14:18:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-03-11 16:47:41 436 --a------ C:\WINDOWS\Tasks\SpyWareKiller.job


-- Files created between 2007-07-31 and 2007-08-31 -----------------------------

2007-08-31 01:08:51 125504 --a------ C:\WINDOWS\system32\rdivktxn.dll
2007-08-31 01:03:23 75328 --a------ C:\WINDOWS\system32\hsxoxtub.exe <Not Verified; ; DDC>
2007-08-30 10:19:42 0 d-------- C:\Documents and Settings\Angela.ANGELAHOME\Application Data\COMCASTTOOLBAR
2007-08-30 06:14:21 0 d-------- C:\Program Files\ComcastToolbar
2007-08-30 06:14:21 0 d-------- C:\Documents and Settings\Chad\Application Data\ComcastToolbar
2007-08-30 04:28:42 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2007-08-30 04:21:41 0 d-------- C:\Program Files\McAfee.com
2007-08-30 04:20:44 0 d-------- C:\Program Files\Common Files\McAfee
2007-08-30 04:20:21 0 d-------- C:\Program Files\McAfee
2007-08-30 04:13:12 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-08-30 03:12:42 0 d-------- C:\WINDOWS\privacy_danger
2007-08-30 02:48:39 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-08-30 02:22:10 0 d-------- C:\Documents and Settings\Chad\www.google.com
2007-08-29 23:18:34 0 d-------- C:\Program Files\STOPzilla!
2007-08-29 23:18:32 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-08-29 23:04:57 14336 --a------ C:\WINDOWS\winvip.exe
2007-08-29 22:22:46 0 d-------- C:\Webcam Live!
2007-08-29 22:04:27 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2007-08-29 22:01:52 125504 --a------ C:\WINDOWS\system32\brtmaccb.dll
2007-08-29 21:56:08 70208 --a------ C:\WINDOWS\system32\bcnmiilm.dll
2007-08-29 21:52:48 75328 --a------ C:\WINDOWS\system32\swkrojpy.exe <Not Verified; ; DDC>
2007-08-29 21:50:05 0 --a------ C:\WINDOWS\system32\nftiduhj.exe
2007-08-29 21:50:04 1705135 ---hs---- C:\WINDOWS\system32\wyadd.bak2
2007-08-28 23:25:33 20464 --a------ C:\WINDOWS\system32\3253360941.dll
2007-08-28 23:00:31 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-08-28 23:00:31 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-08-28 23:00:31 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-08-28 23:00:31 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-08-28 23:00:31 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-08-28 23:00:31 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-08-28 23:00:31 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-08-28 23:00:31 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-08-28 23:00:31 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-08-28 23:00:31 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-08-28 23:00:31 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-08-28 23:00:31 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-08-28 23:00:31 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-08-28 23:00:30 262144 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-08-28 18:03:52 0 --a------ C:\WINDOWS\system32\gtv_sd.bin
2007-08-28 17:59:01 0 d--hs---- C:\found.000
2007-08-28 17:52:20 20464 --a------ C:\WINDOWS\system32\21522034241.dll
2007-08-28 17:52:07 61440 --a------ C:\WINDOWS\system32\aspimgr.exe
2007-08-28 17:51:40 0 --a------ C:\WINDOWS\retadpu27.exe
2007-08-28 17:51:38 0 --a------ C:\WINDOWS\system32\wvlvmaac.exe
2007-08-28 17:51:38 155648 --a------ C:\WINDOWS\system32\GoogleBot.exe
2007-08-28 17:50:54 31010 --a------ C:\WINDOWS\system32\spoolsvv.exe
2007-08-28 17:50:30 31010 --a------ C:\WINDOWS\system32\vedxga4m1et4.exe
2007-08-28 17:50:29 5922 --a------ C:\WINDOWS\system32\vedxg6ame4.exe
2007-08-28 17:50:28 0 --a------ C:\WINDOWS\system32\vedxga5me3.exe
2007-08-28 17:50:27 5632 --a------ C:\WINDOWS\system32\vedxga3me2.exe
2007-08-28 17:50:27 7970 --a------ C:\WINDOWS\system32\vedxg4am1et2.exe
2007-08-28 17:50:27 13824 --a------ C:\WINDOWS\system32\max1d1164v.exe
2007-08-28 17:50:26 0 --a------ C:\WINDOWS\system32\vedxga4me1.exe
2007-08-28 17:50:26 0 --a------ C:\WINDOWS\system32\vedxga1me4t1.exe
2007-08-28 17:50:25 1 --a------ C:\i
2007-08-28 17:50:08 932 --a------ C:\WINDOWS\system32\winpfz32.sys
2007-08-28 17:50:05 8856 --a------ C:\WINDOWS\system32\dllh8jkd1q7.exe
2007-08-28 17:50:02 8856 --a------ C:\WINDOWS\system32\dllh8jkd1q6.exe
2007-08-28 17:49:54 1174840 --a------ C:\Documents and Settings\NetworkService\Application Data\Install.dat
2007-08-28 17:49:54 1174840 --a------ C:\Documents and Settings\LocalService\Application Data\Install.dat
2007-08-28 17:49:53 8856 --a------ C:\WINDOWS\system32\dllh8jkd1q5.exe
2007-08-28 17:49:51 23192 --a------ C:\WINDOWS\system32\dllh8jkd1q2.exe
2007-08-28 17:49:50 1 --a------ C:\WINDOWS\system32\ps.dat
2007-08-28 17:49:50 6442 --a------ C:\WINDOWS\system32\dllh8jkd1q1.exe
2007-08-28 17:49:50 1 --a------ C:\WINDOWS\system32\cookie.dat
2007-08-28 17:49:49 16 --a------ C:\WINDOWS\system32\dllh8jkd1q8.exe
2007-08-28 17:49:12 11554 --a------ C:\WINDOWS\system32\kernelwind32.exe
2007-08-28 17:48:24 0 d-------- C:\WINDOWS\system32\f06WtR
2007-08-28 17:48:24 57354 --a------ C:\WINDOWS\system32\dwdsrngt.exe
2007-08-28 17:47:31 21504 --a------ C:\WINDOWS\system32\mstdmc.exe
2007-08-28 17:47:31 111 --a------ C:\WINDOWS\system32\drivers\fee
2007-08-28 17:47:26 59392 --a------ C:\epulp.exe
2007-08-28 17:47:22 15360 --a------ C:\WINDOWS\system32\drvjudr.dll
2007-08-28 17:47:22 93696 --a------ C:\WINDOWS\system32\drvjud.dll
2007-08-28 17:47:21 43542 --a------ C:\WINDOWS\system32\iifccya.dll
2007-08-28 17:46:03 15360 --a------ C:\WINDOWS\system32\drvmadr.dll
2007-08-28 17:46:03 93696 --a------ C:\WINDOWS\system32\drvmad.dll
2007-08-28 17:45:56 43542 --a------ C:\WINDOWS\system32\fcccbcd.dll
2007-08-28 17:45:43 0 --a------ C:\WINDOWS\system32\stani.dll
2007-08-28 17:45:39 1600719 ---hs---- C:\WINDOWS\system32\wyadd.bak1
2007-08-28 17:45:31 298080 --a------ C:\WINDOWS\system32\ddayw.dll
2007-08-28 17:43:54 0 d-------- C:\Program Files\WinPop
2007-08-28 17:43:54 0 d-------- C:\Program Files\InetGet2
2007-08-28 17:40:38 2 --a------ C:\-262391314
2007-08-28 17:40:32 0 --a------ C:\WINDOWS\retadpu2000352.exe
2007-08-28 17:40:30 15360 --a------ C:\WINDOWS\system32\drvgosr.dll
2007-08-28 17:40:30 93696 --a------ C:\WINDOWS\system32\drvgos.dll
2007-08-28 17:40:28 43542 --a------ C:\WINDOWS\system32\ddcbcaa.dll
2007-08-28 17:24:38 0 d-------- C:\Program Files\RegCure
2007-08-28 05:09:39 50688 --a------ C:\WINDOWS\main_uninstaller.exe
2007-08-28 05:08:16 0 d-------- C:\Program Files\VideoAccessCodec
2007-08-27 14:01:09 0 d--h----- C:\WINDOWS\msdownld.tmp
2007-08-27 13:44:22 0 d-------- C:\Program Files\Common Files\PocketSoft
2007-08-27 13:44:15 0 d-------- C:\Program Files\RedlightCenter
2007-08-21 01:44:32 0 d-------- C:\Program Files\PC Wizard 2007
2007-08-20 03:53:57 0 d-------- C:\Program Files\midi2wav
2007-08-20 03:39:21 0 d-------- C:\Program Files\MIDI TO WAV 1.0 DEMO
2007-08-14 14:27:00 0 d-------- C:\Documents and Settings\Chad\Application Data\Garritan
2007-08-14 14:11:17 0 d-------- C:\Program Files\Garritan Personal Orchestra
2007-08-13 19:18:18 0 d-------- C:\Program Files\Veoh Networks
2007-08-12 23:58:39 0 d-------- C:\Program Files\Finale NotePad 2007
2007-08-12 23:21:27 0 d-------- C:\Program Files\eMule
2007-08-12 21:30:28 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2007-08-12 21:29:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-12 21:29:17 0 d-------- C:\Psfonts
2007-08-12 21:26:46 0 d-------- C:\Program Files\Finale 2006
2007-08-12 19:45:36 0 d-------- C:\Program Files\Audacity
2007-08-09 20:13:30 0 dr-h----- C:\MSOCache
2007-08-09 19:26:32 20002 --a------ C:\WINDOWS\system\Windows32.dll
2007-08-09 19:26:31 0 d-------- C:\Program Files\DesktopUSArmyBFC
2007-08-09 19:25:47 0 d-------- C:\Program Files\Common Files\Download Manager
2007-08-07 17:35:25 0 d-------- C:\Program Files\Windows Media Connect 2
2007-08-07 17:31:35 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-08-07 17:26:45 0 d-------- C:\Documents and Settings\Angela.ANGELAHOME\Application Data\WinRAR
2007-08-05 20:42:11 0 d-------- C:\Program Files\Common Files\SupportSoft
2007-08-05 02:41:17 22585 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys <Not Verified; Adaptec; Adaptec's CDRAL>
2007-08-05 02:41:12 206240 --a------ C:\WINDOWS\system32\drivers\UdfReadr.sys <Not Verified; Adaptec; UDF Reader Driver>
2007-08-05 02:41:12 52720 --a------ C:\WINDOWS\system32\drivers\cdr4_2K.sys <Not Verified; Adaptec; Adaptec's CD-R Helper Drivers>
2007-08-05 02:41:12 45056 --a------ C:\WINDOWS\system32\cdrtc.dll <Not Verified; Adaptec; Adaptec's CD-R Helper Drivers>
2007-08-02 14:50:47 0 d-------- C:\Documents and Settings\Angela.ANGELAHOME\Application Data\Mozilla
2007-08-02 14:50:02 0 d-------- C:\Documents and Settings\Angela.ANGELAHOME\Application Data\SecondLife
2007-08-02 14:11:21 0 d-------- C:\The Lord of the Rings- The Fellowship of the Ring
2007-08-02 14:09:14 0 d-------- C:\Documents and Settings\Angela.ANGELAHOME\Application Data\.BitZip


-- Find3M Report ---------------------------------------------------------------

2007-08-31 01:48:15 0 d-------- C:\Program Files\Network Monitor
2007-08-31 01:47:31 0 d-------- C:\Program Files\Trend Micro
2007-08-30 06:14:24 0 d-------- C:\Program Files\Common Files\Scanner
2007-08-30 06:11:29 423424 --a------ C:\WINDOWS\system32\AClient.dll
2007-08-30 04:20:44 0 d-a------ C:\Program Files\Common Files
2007-08-29 00:27:45 245248 --a------ C:\WINDOWS\system32\mswsock.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-28 17:40:29 5594 --a------ C:\WINDOWS\system32\qgfyhgxs.dat
2007-08-28 03:29:22 0 d-------- C:\Documents and Settings\Chad\Application Data\uTorrent
2007-08-27 13:44:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-14 23:46:25 0 d-------- C:\Program Files\Vstplugins
2007-08-12 21:38:01 0 d-------- C:\Program Files\Java
2007-08-08 03:29:49 0 d-------- C:\Program Files\IrfanView
2007-08-07 21:49:32 0 d-------- C:\Program Files\SecondLife
2007-08-07 17:02:10 265497 --a------ C:\WINDOWS\system32\qgfyhgxs_nav.dat
2007-08-05 20:46:36 0 d-------- C:\Program Files\support.com
2007-08-05 02:08:28 0 d-------- C:\Program Files\NoteWorthy Composer
2007-08-04 20:47:26 0 d-------- C:\Documents and Settings\Chad\Application Data\Adobe
2007-07-30 22:25:00 0 d-------- C:\Program Files\QuickTime
2007-07-30 22:19:29 0 d-------- C:\Program Files\Apple Software Update
2007-07-28 00:09:23 0 d-------- C:\Documents and Settings\Chad\Application Data\SecondLife
2007-07-28 00:07:51 0 d-------- C:\Documents and Settings\Chad\Application Data\Mozilla
2007-07-27 14:50:58 0 d-------- C:\Program Files\Runtime Software
2007-07-27 14:43:20 0 d-------- C:\Program Files\HDD Recovery Pro
2007-07-26 18:13:28 0 d-------- C:\Program Files\Data Doctor Recovery FAT+NTFS (Demo)
2007-07-26 12:18:38 0 d-------- C:\Program Files\The KMPlayer
2007-07-26 11:51:31 0 d-------- C:\Program Files\MP4 Video Player
2007-07-26 11:48:09 0 d-------- C:\Program Files\Microsoft Games
2007-07-26 11:28:47 164980 --a------ C:\WINDOWS\Video Cleaner Uninstaller.exe
2007-07-26 11:28:44 0 d-------- C:\Documents and Settings\Chad\Application Data\River Past G5
2007-07-26 11:28:43 0 d-------- C:\Program Files\River Past
2007-07-26 11:28:43 0 d-------- C:\Program Files\Common Files\River Past
2007-07-23 22:51:02 0 d-------- C:\Program Files\AGEIA Technologies
2007-07-23 22:49:47 0 d-------- C:\Program Files\Kuma Games
2007-07-21 03:56:12 0 d-------- C:\Program Files\MSXML 4.0
2007-07-21 01:00:26 925696 --a------ C:\WINDOWS\Flight Simulator Screensaver.scr
2007-07-21 01:00:25 0 d-------- C:\Program Files\Longgame
2007-07-21 00:53:16 0 d-------- C:\Program Files\The Weather Channel FW
2007-07-21 00:50:15 0 d-------- C:\Program Files\Freeze.com
2007-07-21 00:50:10 0 d-------- C:\Program Files\Free Offers from Freeze.com
2007-07-20 02:32:22 0 d-------- C:\Documents and Settings\Chad\Application Data\Talkback
2007-07-20 02:29:20 0 d-------- C:\Program Files\DivX
2007-07-20 02:07:06 0 d-------- C:\Program Files\Hotbar
2007-07-20 01:21:20 0 d-------- C:\Documents and Settings\Chad\Application Data\.BitZip
2007-07-20 01:08:48 0 d-------- C:\Program Files\BitZip
2007-07-20 00:16:36 0 d-------- C:\Documents and Settings\Chad\Application Data\Yahoo!
2007-07-19 23:38:49 0 d-------- C:\Program Files\Yahoo!
2007-07-18 14:42:54 0 d-------- C:\Program Files\Common Files\Java
2007-07-17 00:58:55 0 d-------- C:\Program Files\Virtual Earth 3D
2007-07-15 04:16:54 0 d-------- C:\Program Files\Creative
2007-07-14 03:14:50 0 d-------- C:\Program Files\Messenger
2007-07-14 02:34:32 0 d-------- C:\Program Files\AWC
2007-07-14 02:29:23 0 d-------- C:\Program Files\Desktop Wallpaper Timer
2007-07-14 01:57:13 0 d-------- C:\Program Files\Bonjour
2007-07-14 01:57:08 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-14 01:33:31 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-07-14 00:14:28 0 d-------- C:\Program Files\Movie Maker
2007-07-14 00:09:11 0 d-------- C:\Program Files\Windows NT
2007-07-13 17:51:53 0 d-------- C:\Documents and Settings\Chad\Application Data\WinRAR
2007-07-13 16:27:41 0 d-------- C:\Program Files\utorrent
2007-07-13 02:56:56 0 d-------- C:\Program Files\BitTorrent
2007-07-12 20:25:47 0 d-------- C:\Documents and Settings\Chad\Application Data\Viewpoint
2007-07-12 03:48:09 0 d-------- C:\Documents and Settings\Chad\Application Data\BitTorrent
2007-07-12 01:41:53 0 d-------- C:\Program Files\AIM6
2007-07-12 01:34:39 0 d-------- C:\Documents and Settings\Chad\Application Data\Google
2007-07-12 01:34:29 0 d-------- C:\Program Files\Google
2007-07-12 01:30:07 0 d-------- C:\Documents and Settings\Chad\Application Data\IrfanView
2007-07-12 00:42:03 0 d-------- C:\Program Files\Common Files\AOL
2007-07-12 00:38:04 0 d-------- C:\Documents and Settings\Chad\Application Data\AOL


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15CD9C30-672B-4739-88AA-2EC4AD7C7354}]
08/28/2007 05:45 PM 298080 --a------ C:\WINDOWS\system32\ddayw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5621007F-BBEE-4674-8077-94C3591DE7C3}]
08/28/2007 05:40 PM 43542 --a------ C:\WINDOWS\system32\ddcbcaa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{810C7383-C49D-40a8-AB80-59DBA271DAFA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98B822AD-6BE7-49BC-B773-97240B774080}]
08/30/2007 06:11 AM 423424 --a------ C:\WINDOWS\system32\AClient.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}]
07/20/2006 05:41 PM 111616 --a------ C:\WINDOWS\IECodecPl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]
08/29/2007 09:56 PM 70208 --a------ C:\WINDOWS\system32\bcnmiilm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xem"="C:\WINDOWS\ServicePackFiles\winlogon.exe" [08/28/2007 11:11 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xem"="C:\WINDOWS\ServicePackFiles\winlogon.exe" [08/28/2007 11:11 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5621007F-BBEE-4674-8077-94C3591DE7C3}"= C:\WINDOWS\system32\ddcbcaa.dll [08/28/2007 05:40 PM 43542]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wmpdev"= {4893C8AE-BFB1-42AD-B313-3039AD6862E8} - C:\WINDOWS\wmpdev.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayw]
C:\WINDOWS\system32\ddayw.dll 08/28/2007 05:45 PM 298080 C:\WINDOWS\system32\ddayw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbcaa]
ddcbcaa.dll 08/28/2007 05:40 PM 43542 C:\WINDOWS\system32\ddcbcaa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winqgb32]
winqgb32.dll 08/28/2003 05:48 PM 19968 C:\WINDOWS\system32\winqgb32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= c:\windows\system32\ldcore.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - MFERKDK

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}]
C:\WINDOWS\system32\nusrmgr.exe



-- End of Deckard's System Scanner: finished at 2007-08-31 01:51:09 ------------
Attached Files
File Type: txt extra.txt (17.1 KB, 9 views)
claudiotech is offline  
Sponsored Links
Advertisement
 
Old 08-31-2007, 07:06 PM   #2
TSF-Enthusiast
 
Join Date: Mar 2007
Posts: 923
OS: XP Vista W7



Please download SmitfraudFix
Extract the files to the Desktop

~~~~
Now, start the computer in Safe Mode:
  • When the machine first starts again, tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
  • Select the option for Safe Mode using the arrow keys.
  • Press Enter to boot into Safe Mode.
Open SmitfraudFix
  • Double-click smitfraudfix.cmd
  • Select Option 2 - Clean by typing 2 and press Enter (Deletes infected files)
  • You are prompted: Do you want to clean the registry? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool also checks if a relevant file, wininet.dll, is infected.
You may be prompted to replace the infected file (if found).
Replace infected file? Answer Y (yes) and hit Enter to restore a clean file.

~~~~
Restart the computer to complete the removal process.

~~~~
Also download ComboFix
Save it to the Desktop

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Please run HijackThis once again to obtain a new log.

~~~~
Please post the SmitFraudFix report located at C:\rapport.txt , the ComboFix.txt, and a new HijackThis log.
Aaflac is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:56 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts