1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Combofix scan

Discussion in 'All Other Software' started by aliasjb, Mar 29, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. aliasjb

    aliasjb Thread Starter

    Joined:
    Mar 28, 2007
    Messages:
    18
    Today is my first time on this site, and I notice that the combofix program is recommended. Among other recent issues, my computer is running dreadfully slowly; and when I try to shut down programs to turn off the machine it is really, really slow. Here is the read out from combofix. I will appreciate anyone who knows this kind of stuff telling me what combofix is showing to be wrong. Thanks.

    "Jeffrey Bruce" - 07-03-28 21:08:56 Service Pack 2
    ComboFix 07-03-27.4.2 - Running from: "C:\Documents and Settings\Jeffrey Bruce\Desktop"


    ((((((((((((((((((((((((((((((( Files Created from 2007-02-28 to 2007-03-28 ))))))))))))))))))))))))))))))))))


    2007-03-28 20:41 <DIR> d-------- C:\Program Files\AntiSpywareBot
    2007-03-12 16:26 <DIR> d-------- C:\Program Files\Real
    2007-03-12 16:26 <DIR> d-------- C:\Program Files\Common Files\xing shared
    2007-03-10 20:34 <DIR> d-------- C:\Program Files\Norton 360
    2007-03-10 20:33 48,776 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
    2007-03-10 20:33 115,000 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
    2007-03-10 20:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Symantec Temporary Files
    2007-03-10 18:02 <DIR> d-------- C:\WINDOWS\McAfee.com


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-03-28 20:44 -------- d-------- C:\Program Files\Common Files\symantec shared
    2007-03-28 18:34 -------- d-------- C:\Program Files\java
    2007-03-12 16:28 -------- d-------- C:\DOCUME~1\JEFFRE~1\APPLIC~1\real
    2007-03-11 00:33 -------- d-------- C:\DOCUME~1\JEFFRE~1\APPLIC~1\symantec
    2007-03-10 20:36 -------- d-------- C:\Program Files\symantec
    2007-02-18 20:23 185496 -ra------ C:\WINDOWS\SYSTEM32\symnppwa.dll
    2007-02-08 07:37 -------- d-------- C:\DOCUME~1\JEFFRE~1\APPLIC~1\viewpoint
    2007-02-01 11:00 -------- d-------- C:\Program Files\google
    2007-01-09 19:47 624784 --a------ C:\WINDOWS\SYSTEM32\symneti.dll
    2007-01-09 19:47 242320 --a------ C:\WINDOWS\SYSTEM32\symredir.dll
    2007-01-08 20:01 17408 --a------ C:\WINDOWS\SYSTEM32\corpol.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "Yahoo! Pager"="1"
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
    "SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
    "PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
    "IntelMeM"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"
    "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
    "Dell Photo AIO Printer 922"="\"C:\\Program Files\\Dell Photo AIO Printer 922\\dlbtbmgr.exe\""
    "TACA-Click"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,54,41,43,41,2d,43,6c,69,\
    63,6b,2e,65,78,65,00
    "BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
    "YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
    "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
    "IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
    "AntiSpywareBot"="C:\\Program Files\\AntiSpywareBot\\AntiSpywareBot.exe -boot"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "NoChange"="1"
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoCDBurning"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0

    *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST


    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-03-28 21:12:39
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Click here to download HJTsetup.exe.
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. aliasjb

    aliasjb Thread Starter

    Joined:
    Mar 28, 2007
    Messages:
    18
    Thanks for your help. Here's the results.

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 2:02:11 PM, on 3/29/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
    C:\Program Files\BOINC\boincmgr.exe
    C:\Program Files\TrueAssistant\TrueAssistant.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\BOINC\boinc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\dlbtcoms.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\BOINC\projects\spin.fh-bielefeld.de\metropolis_2.42_windows_intelx86.exe
    C:\Documents and Settings\Jeffrey Bruce\Desktop\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
    O4 - HKLM\..\Run: [TACA-Click] C:\WINDOWS\TACA-Click.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-21-476105414-3017631126-1383911794-500\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'Administrator')
    O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
    O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126067467413
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4981/mcfscan.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 11444 bytes
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Run ActiveScan online virus scan:
    http://www.pandasoftware.com/products/activescan.htm

    Once you are on the Panda site click the Scan your PC button.
    A new window will open...click the Check Now button.
    Enter your Country.
    Enter your State/Province.
    Enter your e-mail address and click send.
    Select either Home User or Company.
    Click the big Scan Now button.
    If it wants to install an ActiveX component allow it.
    It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    When download is complete, click on My Computer to start the scan.
    When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post the contents of the ActiveScan report.
     
  5. aliasjb

    aliasjb Thread Starter

    Joined:
    Mar 28, 2007
    Messages:
    18
    Thanks for the help. I ran Panda, and here are the results. I find it quite strange that I ran Super Antispy earlier today, got rid of all their spy stuff and now--with very little computer usage--Panda comes up with more spyware. That seems quite improbable to me since I don't see how all this spyware could have got on my computer during probably 25 minutes online. What do you think?

    OOps I have to shorten the log--apparently it is too long. I'll chop off the bottom and put it in a separate posting.


    Incident Status Location

    Adware:adware/sidestep Not disinfected Windows Registry
    Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Earthlink\6.0\[email protected]\Cookies\jeffrey [email protected][2].txt
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Earthlink\6.0\[email protected]\Cookies\jeffrey [email protected][2].txt
    Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Earthlink\6.0\[email protected]\Cookies\jeffrey [email protected][2].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[.zedo.com/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[.tucows.com/]
    Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[.clickbank.net/]
    Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[.ads.addynamix.com/]
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[.dist.belnk.com/]
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[.belnk.com/]
    Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[citi.bridgetrack.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[.trafficmp.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[.bs.serving-sys.com/]
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[.bluestreak.com/]
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[.fastclick.net/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[.perf.overture.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[.overture.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[.go.com/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[server.iad.liveperson.net/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\1lcmq0n3.default\cookies.txt[server.iad.liveperson.net/hc/41409448]
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\jkagdjio.default\cookies.txt[.zedo.com/]
    Spyware:Cookie/Gator Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\jkagdjio.default\cookies.txt[.gator.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\jkagdjio.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\jkagdjio.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/Versiontracker Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\jkagdjio.default\cookies.txt[.versiontracker.com/]
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\jkagdjio.default\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\jkagdjio.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\jkagdjio.default\cookies.txt[.maxserving.com/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\jkagdjio.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\jkagdjio.default\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\jkagdjio.default\cookies.txt[.servedby.advertising.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\jkagdjio.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\jkagdjio.default\cookies.txt[.z1.adserver.com/]
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\jkagdjio.default\cookies.txt[.bluestreak.com/]
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\jkagdjio.default\cookies.txt[.adultfriendfinder.com/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\jkagdjio.default\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jeffrey Bruce\Application Data\Mozilla\Firefox\Profiles\jkagdjio.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Jeffrey Bruce\Cookies\[email protected][1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jeffrey Bruce\Cookies\[email protected][2].txt
    Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Jeffrey Bruce\Cookies\[email protected][2].txt
    Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Jeffrey Bruce\Cookies\[email protected][1].txt
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jeffrey Bruce\Cookies\[email protected][1].txt
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jeffrey Bruce\Cookies\[email protected][1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jeffrey Bruce\Cookies\[email protected][1].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jeffrey Bruce\Cookies\[email protected][1].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Jeffrey Bruce\Cookies\[email protected][2].txt
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Jeffrey Bruce\Cookies\[email protected][2].txt
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Jeffrey Bruce\Cookies\[email protected][2].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jeffrey Bruce\Cookies\[email protected][2].txt
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jeffrey Bruce\Cookies\[email protected][1].txt
    Spyware:Cookie/2o7 Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq145.tmp
    Spyware:Cookie/Advertising Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14B.tmp
    Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14C.tmp
    Spyware:Cookie/Bfast Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14E.tmp
    Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq150.tmp
    Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq151.tmp
    Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq152.tmp
    Spyware:Cookie/BurstNet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq153.tmp
    Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq154.tmp
    Spyware:Cookie/CentrPort Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq155.tmp
    Spyware:Cookie/Bridgetrack Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq156.tmp
    Spyware:Cookie/Com.com Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq159.tmp
    Spyware:Cookie/Coremetrics Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15A.tmp
     
  6. aliasjb

    aliasjb Thread Starter

    Joined:
    Mar 28, 2007
    Messages:
    18
    Here's the balance of the Panda report.

    Spyware:Cookie/Dbbsrv Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15B.tmp
    Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15D.tmp
    Spyware:Cookie/Falkag Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp
    Spyware:Cookie/FastClick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq162.tmp
    Spyware:Cookie/Humanclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq163.tmp
    Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq166.tmp
    Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq167.tmp
    Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq168.tmp
    Spyware:Cookie/Hitslink Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq169.tmp
    Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16C.tmp
    Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16D.tmp
    Spyware:Cookie/QkSrv Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16F.tmp
    Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq170.tmp
    Spyware:Cookie/Advertising Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq171.tmp
    Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq172.tmp
    Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq174.tmp
    Spyware:Cookie/Tradedoubler Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq175.tmp
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq176.tmp
    Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq178.tmp
    Spyware:Cookie/Valueclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17A.tmp
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17C.tmp
    Spyware:Cookie/Adserver Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17D.tmp
    Spyware:Cookie/Zedo Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17E.tmp
    Virus:W32/Bagle.EA.worm Disinfected Personal Folders\Norton AntiSpam Folder\[Norton AntiSpam] \The_reporting_of_taxes.zip[Taxes.exe]

    It says it caught one virus which was in a spam folder.
     
  7. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    A majority are tracking cookies which are normal and harmless. The rest are in Yahoo Quarantine.

    Please find and delete these folders:

    C:\Program Files\AntiSpywareBot
    C:\DOCUME~1\JEFFRE~1\APPLIC~1\viewpoint
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Combofix scan
  1. KKLC
    Replies:
    1
    Views:
    285
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/555903

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice