1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

This operation has been canceled due to restrictions in effect on this.....

Discussion in 'Malware and Virus Removal Archive' started by tylerho, 2008/02/26.

Page 2 of 2
  1. 2008/03/01
    tylerho

    tylerho Inactive Thread Starter

    Joined:
    2008/02/26
    Messages:
    87
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.05
    Database version: 437

    Scan type: Quick Scan
    Objects scanned: 33232
    Time elapsed: 6 minute(s), 44 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 98
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 6

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{3b205a61-9744-4a75-b26f-848d4a028c81} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{11df9740-145f-49ca-831d-79158335a974} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6c266bc2-23c6-464f-9de1-5b991da2f02c} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{47271bf9-7a45-4d02-a5e4-cf56b9b17b73} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3ae34ce6-5347-4d4d-80bc-0d78566f77f4} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9d43f877-19ef-4426-950e-d4ee67f8b9ef} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b44a100a-4d07-42c2-833b-617ea078299f} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c473f94e-bfa2-4dba-8103-a703411cbf92} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{20f07b8b-c6b1-430a-852a-a65a3f81e1cc} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d22b762d-1107-4def-90bf-c5db58c4c4aa} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e02c9985-7743-476e-9a28-de3ed17cc810} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e046bd9a-7c0c-420b-8c72-59a38cf894f7} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4e3642dd-c0bc-4f90-9421-b1085049f6d3} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{65f0bd13-9b5f-4a7f-91c1-2ea63209f36c} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e637a5ea-6249-4e25-8f15-8ae400b36d3a} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{79075110-cb8e-4847-ba4a-8b91fb388bd8} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7ebc1472-c15f-4b11-b0e7-b1b3f067dfef} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{827cc9bc-ff78-47b4-b3b3-21c262e8a04d} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{15e0b9d1-6869-4b44-b64d-f60a350e725c} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1b01b4f2-4cc1-4154-ab18-20a0bc553d24} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1bc793ee-2447-4034-858a-de65d6d2bec9} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1f5cf3c9-f384-4bce-b9a1-c5a00c6f2872} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{26ab4ac4-23d3-4004-b9d8-bff54166503c} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{354242fc-4dde-48fd-9960-8801b4cf5cf4} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{36d8eec8-86fe-41ab-917d-b1db221347fc} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{4689349f-0b3a-4698-a404-2e81c9b05acc} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{4e30c4b0-1fb1-427d-90b3-be85c877b236} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{4f3145e3-67de-4654-9eaf-d72133fe65e7} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{59da55f2-d42c-492e-8cee-897717d47877} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6fe6d492-28b1-4a8d-88e9-22e1e3530da0} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{8c4e45a4-fdbc-4de0-8d1f-4ec38d4f3023} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{8ed41818-1cb1-4d9e-8a21-4f7edf9b59c3} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{957de9d3-6ca7-4e7e-aa1d-3d13eb7cf99b} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{ad33aad5-f364-430f-8e2d-ce034150afdf} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{ae539347-f840-4c45-83d2-6e9225a3ec62} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c7eb7da1-0b05-40d5-b73a-4b5ea77e7d67} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cb32d487-2bdb-49ed-8b75-8ebfe6b0990b} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cc789624-c0d2-469b-a34b-fc32117194e9} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cda873d3-a380-4b32-b4b7-a25d2e63cdba} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cf612595-40eb-443d-9bc2-2165aba6352f} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e2e7d7e7-ea40-4cc3-89fb-fc6c43c8ca77} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e3cd3689-b032-4d47-8d5f-d886628914a6} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e52bddde-b92c-4174-8247-21d9118fa036} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e5a292c6-2ce5-4702-b1fc-1f9d5f7f810d} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e691676d-381a-4fa2-8188-f8597aa5e789} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e6c3097f-1cf8-4563-8318-d25ccaaa1191} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e779dc78-51e9-4630-a8d4-c9ae3548c6c7} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e8e367a1-57d1-49cb-b1b0-192b95bd5e6a} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c9b0ecc1-e84d-4069-a569-e59ea9afc398} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{fecb6f44-0b53-43c3-b5e8-aa03ece60aa9} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{06118cbf-3228-4d60-8139-201e32675dc7} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{1ce9f746-219b-49ce-9155-cfe16a33cb4f} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e30e04f6-7066-43bf-b9ce-a3d3bfb41075} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e612ecb1-8c67-4706-9d9e-ef1690b64106} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b6a908fa-6237-4791-ac61-8b6a28add9b6} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ec26829d-fbf2-40e6-85fd-6a2d5563d5ed} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f1819e24-19f3-4b7e-aa2f-889358be8022} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{07a25120-a92b-4baa-a514-eed6667d6d83} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{01181392-ea52-4aef-88fa-1cbcd8de6825} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{012c872d-6d66-499a-b69d-4a9c63690262} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{07c02614-ef46-41a4-88c9-2a867848b31d} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{12c7b02f-145d-46a4-b2e8-4255b601230a} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{13c1e692-405a-430c-9ac7-3c274369ff71} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{165bc2ec-0b03-4bd6-9e60-6323427b01ed} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1690de52-5b60-42ca-9688-16b1a233094c} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{170b0977-27ea-426e-9b38-febab1724a1f} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1a8af5b9-87c4-454a-965f-8b1e00a51d93} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2b68f0b9-3294-4e83-b026-d30894a6b062} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{39038d48-70ac-4b19-beb8-88cad47f2deb} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{4d56ddff-895a-438f-9b16-54618b3a47f7} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{4fb926ad-73e7-4bf5-bbf1-58a8f3eeb289} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{605196d3-a6cc-43ac-8104-e8cdca25ef58} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{65b96902-f3e3-4391-a523-848f1d30b12b} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{76e3de06-3f95-4b6e-91b4-710498e437f4} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{89107b18-d3d4-46cb-8045-1af57b8c4535} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a914b7cf-086d-4fe0-9108-3d72b97e5c2c} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a9e3320e-52a9-4cb1-892f-ae8088d68a8e} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{aa958db8-1102-4091-ac05-ecbc7b2e426d} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{ae57830d-be33-4935-9d91-62f2eb0e8be3} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{ca27a95a-2b8c-478d-af5e-2e1761467eb4} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{dcd09900-b1db-4855-a41a-6245c1b2bcba} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e4fb5b1d-83e5-4df3-892d-1a0e48f91e75} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{ebeabc4b-ae96-45cf-b5c8-fef6364a6d41} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{ef9aa426-50f9-4d27-94ba-8844a165ddd5} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f084f574-f1b6-4e2b-9338-b321082693fc} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f6185cf5-6a50-4be8-8f13-c4b8a13641f9} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{b2e39a12-5d68-4276-9ac7-dfba3fcbb562} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f4d40fe2-8fef-45b0-8ddc-8fbd080e6a37} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\InfeStop (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\EasySpywareCleaner (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{102c560b-d15c-4ba1-b163-7bb4acd26c34} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{627fb506-61e4-4d02-bdaf-bfd38c75e43f} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e9c36375-c7a5-45f7-8b78-ad56965903e7} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{c1ad0c75-a340-4253-9189-39ab5b2d8a41} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{0037f041-5ec7-46aa-be24-6b4e01215611} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\Mary Longtin\Application Data\Microsoft\Internet Explorer\Quick Launch\WinIFixer.lnk (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\WINDOWS\inf\ultra.PNF (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ClickToFindandFixErrors_RON.ico (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\tcb.pmw (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Rick Longtin\Application Data\Microsoft\Internet Explorer\Quick Launch\Easy Spyware Cleaner.lnk (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Rick Longtin\Application Data\Microsoft\Internet Explorer\Quick Launch\InfeStop.lnk (Rogue.InfeStopRemover) -> Quarantined and deleted successfully.
     
    tylerho,
    #21
  2. 2008/03/01
    tylerho

    tylerho Inactive Thread Starter

    Joined:
    2008/02/26
    Messages:
    87
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:23:51 PM, on 3/1/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 SP2 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\CallWave\IAM.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [{1C32E36E-0AE9-1033-1008-050412200001}] "C:\Program Files\Common Files\{1C32E36E-0AE9-1033-1008-050412200001}\Update.exe" te-110-12-0000282
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe "
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Search - ?p=ZNxmk870YYUS
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 8412 bytes
     
    tylerho,
    #22


  3. to hide this advert.

  4. 2008/03/01
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Scan again with HijackThis and place a check next to the following entry, close all other open windows then click Fix Checked.

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

    Rescan and verify that the entry is gone.

    MBAM did a good job of cleaning up. How's the computer running now?
     
    noahdfear,
    #23
  5. 2008/03/02
    tylerho

    tylerho Inactive Thread Starter

    Joined:
    2008/02/26
    Messages:
    87
    Likes Received:
    0
    Much better!! I thank you for all of your help.
     
    tylerho,
    #24
  6. 2008/03/02
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Glad to hear it. You're most welcome. :)

    Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing the infected files there as well. The C:\Deckard's folder will also be removed. You can delete any logs that were created/saved too.

    Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

    You can also delete dss.exe
    Your choice whether to keep MBAM and AVG-AS

    Your computer is now clean! Geri has posted some very helpful information and recommendations regarding future protection in the following link.

    http://www.windowsbbs.com/showthread.php?t=67958

    Surf safe!
     
    noahdfear,
    #25
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...