1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Can't stop the Pop-Ups --Main.txt Posted

Discussion in 'Malware and Virus Removal Archive' started by ebsteve, 2007/08/06.

Page 2 of 2
  1. 2007/08/20
    ebsteve

    ebsteve Inactive Thread Starter

    Joined:
    2007/08/06
    Messages:
    16
    Likes Received:
    0
    O.k. were back. here are the logs

    ComboFix 07-08-04.3 - "Tom" 2007-08-20 19:25:42.3 [GMT -7:00] - NTFS
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True
    Command switches used :: C:\Documents and Settings\Tom\Desktop\CFScript.txt
    * Created a new restore point


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\2BCD7CB150.sys
    C:\WINDOWS\system32\50B17CCD2B.sys


    ((((((((((((((((((((((((( Files Created from 2007-07-21 to 2007-08-21 )))))))))))))))))))))))))))))))


    2007-08-18 09:50 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
    2007-08-08 08:39 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-08-07 16:26 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-08-07 16:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
    2007-08-06 20:53 <DIR> d-------- C:\Deckard
    2007-08-06 08:53 <DIR> d-------- C:\WINDOWS\system32\Panda Software
    2007-08-06 08:42 <DIR> d-------- C:\Program Files\Panda Security
    2007-08-05 21:50 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
    2007-08-05 21:08 <DIR> d-------- C:\DOCUME~1\Tom\APPLIC~1\McAfee
    2007-08-05 17:51 <DIR> d-------- C:\Program Files\Windows Live Safety Center
    2007-08-05 11:24 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
    2007-08-05 09:30 <DIR> d-------- C:\DOCUME~1\Tom\APPLIC~1\SoftInform
    2007-08-05 03:01 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-08-05 02:40 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-08-04 08:43 <DIR> d-------- C:\Program Files\iNetFormFiller Trial
    2007-08-04 08:43 <DIR> d-------- C:\DOCUME~1\Tom\APPLIC~1\iNetFormFiller
    2007-08-04 08:40 <DIR> d-------- C:\Program Files\SoftInform
    2007-08-04 08:40 <DIR> d-------- C:\DOCUME~1\Tom\APPLIC~1\AdsCleaner
    2007-08-03 15:48 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
    2007-08-02 07:55 <DIR> d-------- C:\Program Files\MSXML 6.0
    2007-08-02 07:52 <DIR> d-------- C:\Program Files\MSBuild
    2007-08-02 07:37 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
    2007-08-02 07:35 <DIR> d-------- C:\Program Files\Reference Assemblies
    2007-08-02 06:58 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2007-08-02 06:56 <DIR> d-------- C:\cf1edb0b461f19f11d10c88bd3211a95
    2007-08-02 06:53 <DIR> d-------- C:\Program Files\Windows Media Connect 2
    2007-08-02 06:45 <DIR> d-------- C:\WINDOWS\system32\LogFiles
    2007-08-02 06:45 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
    2007-08-02 01:14 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
    2007-08-02 01:14 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
    2007-08-02 01:14 116,736 --------- C:\WINDOWS\system32\aaclient.dll
    2007-08-02 00:32 <DIR> d-------- C:\Program Files\Windows Defender
    2007-08-02 00:04 <DIR> d-------- C:\Program Files\RegistryFix
    2007-08-01 20:37 1,152 --a------ C:\WINDOWS\system32\windrv.sys
    2007-08-01 20:37 <DIR> d-------- C:\Program Files\Common Files\Download Manager
    2007-08-01 12:04 <DIR> d-------- C:\DOCUME~1\Tom\.housecall6.6


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-18 19:21 --------- d-------- C:\DOCUME~1\Tom\APPLIC~1\Simple Star
    2007-08-18 19:09 --------- d-------- C:\DOCUME~1\Tom\APPLIC~1\Comcast
    2007-08-18 10:08 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-08-17 10:55 6686 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
    2007-08-14 20:06 --------- d-------- C:\Program Files\OFFICE11
    2007-08-03 21:41 --------- d-------- C:\Program Files\Google
    2007-08-03 09:45 --------- d-------- C:\Program Files\XoftSpy
    2007-08-01 07:45 --------- d-------- C:\Program Files\McAfee
    2007-07-19 07:36 --------- d-------- C:\DOCUME~1\Tom\APPLIC~1\Google
    2007-07-18 23:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-07-12 16:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
    2007-06-27 07:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
    2007-06-27 07:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
    2007-06-27 07:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-06-27 07:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-06-27 07:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-06-27 07:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-06-27 07:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-06-27 07:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-06-27 07:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-06-27 07:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-06-27 07:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-06-27 07:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-06-27 07:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-06-27 07:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
    2007-06-27 07:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-06-27 07:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-06-27 07:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
    2007-06-27 07:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-06-27 07:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
    2007-06-27 07:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
    2007-06-27 01:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-06-27 01:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-06-27 01:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-06-27 00:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
    2007-06-25 23:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
    2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
    2007-06-19 06:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
    2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
    2007-06-13 03:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
    2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll
    2002-09-11 07:26 63730 --a--c--- C:\Program Files\viewsonicinstruct_xp.pdf


    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))


    ---- Directory of C:\WINDOWS\system32\LogFiles ----



    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC9377A2-2E8D-44A1-99DB-F8A821DF254D}]
    2007-04-26 01:56 237568 --a------ C:\WINDOWS\system32\SiPlugins.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP "= "C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 17:42]
    "DMXLauncher "= "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 01:12]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 13:30]
    "ISUSPM Startup "= "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44]
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44]
    "MSKDetectorExe "= "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 15:49]
    "DLA "= "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 03:20]
    "MSKAGENTEXE "= "C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 11:26]
    "BuildBU "= "c:\dell\bldbubg.exe" [2006-04-29 13:33]
    "Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 01:18]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 16:16]
    "nwiz "= "nwiz.exe" [2005-04-01 16:16 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 16:16]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2006-04-29 13:50]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-11 09:19]
    "Logitech Hardware Abstraction Layer "= "KHALMNPR.EXE" [2005-05-20 15:46 C:\WINDOWS\KHALMNPR.Exe]
    "Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
    "igfxtray "= "C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
    "igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
    "igfxpers "= "C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PRO Landscape Dashboard "= "C:\Program Files\Drafix\PRO Landscape\PRO Landscape Dashboard.exe" [2005-12-26 21:49]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00]
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
    "Simple Star PhotoShow Media Manager "= "C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2007-07-11 11:07]
    "AdsCleaner "= "C:\Program Files\SoftInform\AdsCleaner Trial\AdsCleaner.exe" [2007-04-27 06:09]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
    ColorVisionStartup.lnk - C:\Program Files\PANTONE COLORVISION\Startup\ColorVisionStartup.exe [2004-12-21 10:37:55]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-29 13:47:27]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-12 17:44:18]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8} "= C:\WINDOWS\system32\ieframe.dll [2007-06-27 07:34 6058496]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "

    R1 MPFP;MPFP;C:\WINDOWS\system32\Drivers\Mpfp.sys
    R1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys
    R3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
    R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
    R3 LMouKE;Logitech SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
    R3 senfilt;senfilt;C:\WINDOWS\system32\drivers\senfilt.sys
    S3 CO_Mon;CO_Mon;\??\C:\WINDOWS\system32\Drivers\CO_Mon.sys
    S3 cvspydr2;ColorVision Spyder 2;C:\WINDOWS\system32\DRIVERS\cvspydr2.sys
    S3 idsvc;Windows CardSpace; "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "
    S3 L8042Kbd;Logitech SetPoint Keyboard Driver;C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
    S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
    S3 RDID1059;Cakewalk Music Connector 1;C:\WINDOWS\system32\Drivers\rdwm1059.sys
    S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe "


    Contents of the 'Scheduled Tasks' folder
    2007-08-15 08:21:26 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe
    2007-08-01 08:00:28 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe
    2007-08-20 14:30:21 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-20 19:29:47
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-20 19:31:03
    C:\ComboFix-quarantined-files.txt ... 2007-08-20 19:30
    C:\ComboFix2.txt ... 2007-08-08 22:21
    C:\ComboFix3.txt ... 2007-08-08 08:52

    --- E O F ---
     
    ebsteve,
    #21
  2. 2007/08/20
    ebsteve

    ebsteve Inactive Thread Starter

    Joined:
    2007/08/06
    Messages:
    16
    Likes Received:
    0
    Log #2

    Logfile of HijackThis v1.99.1
    Scan saved at 7:33:49 PM, on 8/20/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Drafix\PRO Landscape\PRO Landscape Dashboard.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\SoftInform\AdsCleaner Trial\AdsCleaner.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    c:\program files\common files\installshield\updateservice\isuspm.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
    C:\Documents and Settings\Tom\Desktop\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Tom\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/0409/xml/redir.asp?Ext=cdd
    O2 - BHO: AdsCleaner Helper - {40FB69E1-9B7B-453F-B238-37D8E9528929} - C:\Program Files\SoftInform\AdsCleaner Trial\PAKIEPlugins.dll
    O2 - BHO: FormFiller Helper - {C0D5D8B0-D626-4C77-8ED4-CFE4C41BCDA1} - C:\PROGRA~1\INETFO~1\FORMFI~1.DLL
    O2 - BHO: Offliner AdFilter Helper - {DC9377A2-2E8D-44A1-99DB-F8A821DF254D} - C:\WINDOWS\system32\SiPlugins.dll
    O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
    O3 - Toolbar: AdsCleaner Links Bar - {A8415B7A-F661-4D31-92D7-4398E50483DF} - C:\PROGRA~1\SOFTIN~1\ADSCLE~1\PAKIEGUI.dll
    O3 - Toolbar: AdsCleaner Bar - {75CD0BC5-E317-449C-9FF6-4986B3D48F64} - C:\PROGRA~1\SOFTIN~1\ADSCLE~1\PAKIEGUI.dll
    O3 - Toolbar: iNetFormFiller Bar - {B9F7135C-B512-4CC3-9316-FA0044083914} - C:\PROGRA~1\INETFO~1\FORMFI~1.DLL
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe "
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKCU\..\Run: [PRO Landscape Dashboard] C:\Program Files\Drafix\PRO Landscape\PRO Landscape Dashboard.exe /hide
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Simple Star PhotoShow Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [AdsCleaner] C:\Program Files\SoftInform\AdsCleaner Trial\AdsCleaner.exe /MIN
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\PANTONE COLORVISION\Startup\ColorVisionStartup.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Add banner url(s) to AdsCleaner - C:\Program Files\SoftInform\AdsCleaner Trial\System\Scripts\off_banner.htm
    O8 - Extra context menu item: Add selected links to Link Container - C:\Program Files\SoftInform\AdsCleaner Trial\System\Scripts\off_collector_sel.htm
    O8 - Extra context menu item: Bookmark all links in AdsCleaner - C:\Program Files\SoftInform\AdsCleaner Trial\System\Scripts\off_all.htm
    O8 - Extra context menu item: Bookmark selected link(s) in AdsCleaner - C:\Program Files\SoftInform\AdsCleaner Trial\System\Scripts\off_sel.htm
    O8 - Extra context menu item: Open all links in new windows - C:\Program Files\SoftInform\AdsCleaner Trial\System\Scripts\off_open_all.htm
    O8 - Extra context menu item: Open selected link(s) in new windows - C:\Program Files\SoftInform\AdsCleaner Trial\System\Scripts\off_open_sel.htm
    O8 - Extra context menu item: Say to AdsCleaner Team about banner - C:\Program Files\SoftInform\AdsCleaner Trial\System\Scripts\off_report_ad.htm
    O8 - Extra context menu item: Show domain links - C:\Program Files\SoftInform\AdsCleaner Trial\System\Scripts\off_domain_links.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
    O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: iNetFormFiller Bar - {8B393324-2563-4E7A-B272-859BE0D2BA11} - C:\PROGRA~1\INETFO~1\FORMFI~1.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AdsCleaner Bar - {B5D8F853-BEC9-4F9C-B3C9-0F744B6869D1} - C:\PROGRA~1\SOFTIN~1\ADSCLE~1\PAKIEGUI.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1186285809390
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
    ebsteve,
    #22


  3. to hide this advert.

  4. 2007/08/20
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Logs look good. :)

    Delete the following folder.

    C:\WINDOWS\system32\LogFiles

    You can delete all of the following tools we have used, and the files/folders they created.

    C:\WINDOWS\nircmd.exe
    C:\QOOBOX
    combofix.exe
    all combofix logs and scripts

    Download ATF Cleaner by Atribune and save it to your Desktop.
    Double click ATF-Cleaner.exe to run the program.
    Check the boxes to the left of:

    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Prefetch
    Java Cache
    Recycle bin


    The rest are optional - if you want it to remove everything check "Select All ".
    Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

    Clear past system restore points and create a new one.
    Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply. Click OK, then OK to close the System Properties dialog.

    Verify a new restore point was created.
    Click Start>All Programs>Accessories>System Tools>System Restore
    Select 'Restore my computer to an earlier time', then click next.
    You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.

    Surf safe!
     
    noahdfear,
    #23
  5. 2007/08/20
    ebsteve

    ebsteve Inactive Thread Starter

    Joined:
    2007/08/06
    Messages:
    16
    Likes Received:
    0
    Excellent News

    You the man Dave... You rock...

    Steve & Tom
     
    ebsteve,
    #24
  6. 2007/08/20
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Thanks :)
     
    noahdfear,
    #25
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...