1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Google search links redirects me to a unrelated website

Discussion in 'Virus & Other Malware Removal' started by richie445, Apr 12, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. richie445

    richie445 Thread Starter

    Joined:
    Apr 12, 2008
    Messages:
    5
    Hello I am wokring on a computer for a friend and I found several ad-ware, male-ware, and trojans. I removed them by using Spy Sweeper, Spybot, and Ad-ware 2007.

    After doing so there was still something worng with the computer. I would do a google search and I will click on the links found in the search results and I will be sent to a completely different webstie. None of the other programs I mentioned above found this problem or fixed it

    I used the untility Fixwareout and I thought it did fixed the problem but it did not. I Posted a log of Hijackthis and Fixwareout below. I ran Fixwareout first then Hijackthis.

    The computer I am on is A Windows XP Pro SP2 copmuter Pentium 4 2.4 GHz Dell Dimmention 2400.

    Thanks for any help you can give me :)



    Fixwareout report-------------------------------------------------------------------------------------------------------

    Username "Daniel MacDonald" - 04/12/2008 10:29:55 [Fixwareout edited 9/01/2007]

    ~~~~~ Prerun check

    Successfully flushed the DNS Resolver Cache.


    System was rebooted successfully.

    ~~~~~ Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "System"=""
    ....
    ....
    ~~~~~ Misc files.
    ....
    ~~~~~ Checking for older varients.
    ....

    ~~~~~ Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
    "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
    "BCMSMMSG"="BCMSMMSG.exe"
    "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
    "StorageGuard"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
    "DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
    "PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
    "MMTray"="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe\""
    "RealTray"="\"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe\" SYSTEMBOOTHIDEPLAYER"
    "DwlClient"="\"C:\\Program Files\\Common Files\\Dell\\EUSW\\Support.exe\""
    "MaxtorOneTouch"="C:\\PROGRA~1\\Maxtor\\OneTouch\\Utils\\OneTouch.exe"
    "MXO Auto Loader"="C:\\WINDOWS\\MXOALDR.EXE"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "mcagent_exe"="\"C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe\" /runkey"
    "SiteAdvisor"="\"C:\\Program Files\\SiteAdvisor\\6253\\SiteAdv.exe\""
    "McENUI"="\"C:\\PROGRA~1\\McAfee\\MHN\\McENUI.exe\" /hide"
    "MBkLogOnHook"="\"C:\\Program Files\\McAfee\\MBK\\LogOnHook.exe\""
    "SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sonic RecordNow!"=""
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "SystemTray.exe"="\"C:\\Program Files\\Ezdental\\SystemTray.exe\""
    "MSI Configuration"="msiconf.exe"
    "SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /0"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it...
    ~~~~~ End report ~~~~~
    --------------------------------------------------------------------------------------------------------

    Hijackthis log
    ------------------------------------------------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:17:34 AM, on 4/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\McAfee\MSC\mcregist.exe
    C:\Program Files\DynDNS Updater\DynDNS.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    C:\WINDOWS\MXOALDR.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Ezdental\SystemTray.exe
    C:\Program Files\America Online 8.0\aoltray.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Documents and Settings\Dr. Daniel MacDonald\My Documents\HiJackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: (no name) - {16C4CC4D-559A-40CA-927A-F59BD019E904} - C:\WINDOWS\system32\ceaokkyb.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: (no name) - {3C820350-19B0-4E26-893B-EE752A60C4F7} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {AB43FBBB-6F48-48EB-A65D-FF801EBC633B} - C:\WINDOWS\system32\batmete.dll
    O2 - BHO: (no name) - {CC9BD1D1-66CE-4064-9D81-88D73C17000A} - (no file)
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [DwlClient] "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
    O4 - HKLM\..\Run: [McENUI] "C:\PROGRA~1\McAfee\MHN\McENUI.exe" /hide
    O4 - HKLM\..\Run: [MBkLogOnHook] "C:\Program Files\McAfee\MBK\LogOnHook.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SystemTray.exe] "C:\Program Files\Ezdental\SystemTray.exe"
    O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1186845659562
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5187/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8DAB8C45-1878-4A83-A68E-67CAB8B29172}: NameServer = 68.237.161.12,71.243.0.12
    O20 - Winlogon Notify: byxxxxv - byxxxxv.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 9105 bytes

    --------------------------------------------------------------------------------------------------------
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi Welcome to TSG!!


    Please visit this webpage for instructions for downloading and running ComboFix.

    Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
     
  3. richie445

    richie445 Thread Starter

    Joined:
    Apr 12, 2008
    Messages:
    5
    Thanks a lot for your help. below are the logs I got from combo fix and hijackthis

    Combofix log----------------------------------------------------------------------------------------------------

    ComboFix 08-04-11.8 - Daniel MacDonald 2008-04-12 15:10:15.2 - NTFSx86
    Running from: C:\Documents and Settings\Dr. Daniel MacDonald\My Documents\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
    .

    2008-04-12 10:38 . 2008-04-12 10:58 <DIR> d-------- C:\Documents and Settings\Dr. Daniel MacDonald\Application Data\U3
    2008-04-12 10:29 . 2008-04-12 10:33 <DIR> d-------- C:\fixwareout
    2008-04-05 15:25 . 2008-04-05 15:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
    2008-04-05 15:25 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
    2008-04-05 15:25 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
    2008-04-05 15:25 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
    2008-04-05 15:25 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
    2008-04-05 15:25 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0BB9.sys
    2008-04-05 15:24 . 2008-04-05 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
    2008-04-05 15:24 . 2008-04-05 15:24 164 --a------ C:\install.dat
    2008-04-05 13:49 . 2008-04-07 19:24 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-05 13:33 . 2008-04-07 19:19 <DIR> d-------- C:\Program Files\SpywareBlaster
    2008-04-05 12:16 . 2008-04-05 12:16 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-04-05 12:16 . 2008-04-05 12:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-05 12:09 . 2008-04-05 12:09 <DIR> d-------- C:\Program Files\CCleaner
    2008-04-05 10:35 . 2008-04-05 10:36 <DIR> d-------- C:\Program Files\Panda Security
    2008-04-05 10:19 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
    2008-04-05 10:13 . 2008-04-05 10:19 3,408 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
    2008-04-05 10:11 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
    2008-04-05 10:11 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
    2008-04-05 10:11 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe
    2008-04-05 10:11 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
    2008-04-05 10:11 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
    2008-04-05 10:11 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
    2008-03-27 17:30 . 2008-03-27 17:30 <DIR> d-------- C:\Program Files\Webroot
    2008-03-27 17:30 . 2008-03-27 17:30 <DIR> d-------- C:\Documents and Settings\Dr. Daniel MacDonald\Application Data\Webroot
    2008-03-22 13:13 . 2008-03-22 13:13 <DIR> d-------- C:\Program Files\Lavasoft
    2008-03-22 13:13 . 2008-03-22 13:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-22 13:12 . 2008-03-22 13:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-22 12:58 . 2008-03-22 12:58 <DIR> d-------- C:\Documents and Settings\Dr. Daniel MacDonald\Application Data\PC Tools
    2008-03-22 12:43 . 2008-03-22 12:43 51,072 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikhlayer.sys
    2008-03-22 12:43 . 2008-03-22 12:43 30,592 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikhfile.sys
    2008-03-22 11:23 . 2008-03-29 09:05 <DIR> d-------- C:\Documents and Settings\Dr. Daniel MacDonald\Application Data\McAfee
    2008-03-12 03:02 . 2008-03-12 03:02 127 --a------ C:\WINDOWS\SYSTEM32\MRT.INI

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-12 04:00 --------- d-----w C:\Program Files\DynDNS Updater
    2008-04-07 22:43 --------- d-----w C:\Program Files\McAfee
    2008-04-05 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Retrospect
    2008-04-05 18:19 --------- d-----w C:\Program Files\SiteAdvisor
    2008-03-22 17:15 12,632 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe
    2008-03-22 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
    2008-03-22 14:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
    .

    ((((((((((((((((((((((((((((( [email protected]_14.35.54.00 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-12 12:40:02 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
    + 2008-04-12 18:39:44 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
    - 2008-04-12 12:40:02 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
    + 2008-04-12 18:39:44 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
    - 2008-04-12 12:40:02 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
    + 2008-04-12 18:39:44 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
    - 2008-04-12 18:32:58 16,384 --sha-w C:\WINDOWS\Temp\Cookies\index.dat
    + 2008-04-12 19:07:30 16,384 --sha-w C:\WINDOWS\Temp\Cookies\index.dat
    - 2008-04-12 18:32:58 16,384 --sha-w C:\WINDOWS\Temp\History\History.IE5\index.dat
    + 2008-04-12 19:07:30 16,384 --sha-w C:\WINDOWS\Temp\History\History.IE5\index.dat
    - 2008-04-12 18:32:58 32,768 --sha-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
    + 2008-04-12 19:07:30 32,768 --sha-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sonic RecordNow!"="" []
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
    "SystemTray.exe"="C:\Program Files\Ezdental\SystemTray.exe" [2005-03-11 13:04 126976]
    "MSI Configuration"="msiconf.exe" []
    "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2008-01-04 20:56 3572592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 02:19 155648]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 02:07 114688]
    "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 05:59 122880 C:\WINDOWS\BCMSMMSG.exe]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 03:04 114741]
    "StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 03:01 155648]
    "DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 12:27 28672]
    "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 21:47 204800]
    "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-08-14 19:29 90112]
    "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-12-02 09:06 26112]
    "DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2005-10-13 23:26 69632]
    "MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 15:30 45056]
    "MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2003-04-07 18:09 118784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-10-30 10:38 77824]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 17:57 36640]
    "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
    "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
    "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxxxv]
    byxxxxv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
    PCANotify.dll 2003-10-31 11:01 8704 C:\WINDOWS\SYSTEM32\PCANotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Symantec\\pcAnywhere\\Winaw32.exe"=
    "C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
    "C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\INSTALL.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{894b5582-4b7a-11dc-9234-00038a000015}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-15 05:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
    "2008-03-01 06:00:00 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe
    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-12 15:12:16
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\SiteAdvisor\6253\saHook.dll
    .
    Completion time: 2008-04-12 15:12:57
    ComboFix-quarantined-files.txt 2008-04-12 19:12:51
    ComboFix2.txt 2008-04-12 18:36:44
    Pre-Run: 70,634,295,296 bytes free
    Post-Run: 70,620,446,720 bytes free
    .
    2008-04-12 07:00:21 --- E O F ---
    --------------------------------------------------------------------------------------------------

    hijackthis log

    -----------------------------------------------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:14:26 PM, on 4/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    C:\WINDOWS\MXOALDR.EXE
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\Program Files\McAfee\MSC\mcregist.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Documents and Settings\Dr. Daniel MacDonald\My Documents\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [DwlClient] "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
    O4 - HKLM\..\Run: [McENUI] "C:\PROGRA~1\McAfee\MHN\McENUI.exe" /hide
    O4 - HKLM\..\Run: [MBkLogOnHook] "C:\Program Files\McAfee\MBK\LogOnHook.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SystemTray.exe] "C:\Program Files\Ezdental\SystemTray.exe"
    O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1186845659562
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5187/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8DAB8C45-1878-4A83-A68E-67CAB8B29172}: NameServer = 68.237.161.12,71.243.0.12
    O20 - Winlogon Notify: byxxxxv - byxxxxv.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 8724 bytes
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Open Notepad and copy and paste the text in the quote box below into it:

    Save the file to you desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]

    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.


    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download (save and select your desktop to save it to) SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive and all other fixed drives..
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.
     
  5. richie445

    richie445 Thread Starter

    Joined:
    Apr 12, 2008
    Messages:
    5
    Here are the results of the scans I did. I am sorry I took soo long to reply.

    Can you tell me about what you found and what has been removed. Why are soo much programs needed to remove this malware.

    Thanks

    richie445

    ComboFix Log
    ------------------------------------------------------------------------------------------------------

    ComboFix 08-04-11.8 - Dr. Daniel MacDonald 2008-04-21 18:04:37.3 - NTFSx86
    Running from: C:\Documents and Settings\Dr. Daniel MacDonald\My Documents\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Dr. Daniel MacDonald\My Documents\CFScript.txt
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))
    .

    2008-04-21 17:56 . 2008-04-21 17:56 <DIR> d-------- C:\WINDOWS\LastGood
    2008-04-12 16:21 . 2008-04-12 16:21 <DIR> d-------- C:\Documents and Settings\Dr. Daniel MacDonald\Application Data\McAfee
    2008-04-12 16:14 . 2008-04-21 17:49 10,066 --a------ C:\WINDOWS\SYSTEM32\Config.MPF
    2008-04-12 16:10 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
    2008-04-12 16:10 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
    2008-04-12 16:10 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
    2008-04-12 16:09 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
    2008-04-12 16:09 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
    2008-04-12 16:09 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
    2008-04-12 16:08 . 2008-04-12 16:08 <DIR> d-------- C:\Program Files\McAfee.com
    2008-04-12 16:08 . 2008-04-12 17:21 <DIR> d-------- C:\Program Files\Common Files\McAfee
    2008-04-12 16:07 . 2008-04-21 17:56 <DIR> d-------- C:\Program Files\McAfee
    2008-04-12 16:04 . 2008-04-12 16:04 <DIR> d-------- C:\Documents and Settings\Dr. Daniel MacDonald\Application Data\SiteAdvisor
    2008-04-12 16:04 . 2008-04-21 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
    2008-04-12 16:02 . 2008-04-12 16:02 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
    2008-04-12 16:02 . 2008-04-12 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
    2008-04-12 15:48 . 2008-04-12 15:50 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-04-12 10:38 . 2008-04-12 10:58 <DIR> d-------- C:\Documents and Settings\Dr. Daniel MacDonald\Application Data\U3
    2008-04-12 10:29 . 2008-04-12 10:33 <DIR> d-------- C:\fixwareout
    2008-04-05 15:25 . 2008-04-05 15:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
    2008-04-05 15:25 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
    2008-04-05 15:25 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
    2008-04-05 15:25 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
    2008-04-05 15:25 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
    2008-04-05 15:25 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0BB9.sys
    2008-04-05 15:24 . 2008-04-05 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
    2008-04-05 15:24 . 2008-04-05 15:24 164 --a------ C:\install.dat
    2008-04-05 13:49 . 2008-04-07 19:24 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-05 13:33 . 2008-04-07 19:19 <DIR> d-------- C:\Program Files\SpywareBlaster
    2008-04-05 12:16 . 2008-04-05 12:16 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-04-05 12:16 . 2008-04-05 12:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-05 12:09 . 2008-04-05 12:09 <DIR> d-------- C:\Program Files\CCleaner
    2008-04-05 10:35 . 2008-04-05 10:36 <DIR> d-------- C:\Program Files\Panda Security
    2008-04-05 10:13 . 2008-04-05 10:19 3,408 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
    2008-04-05 10:11 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
    2008-04-05 10:11 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
    2008-04-05 10:11 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe
    2008-04-05 10:11 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
    2008-04-05 10:11 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
    2008-04-05 10:11 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
    2008-03-27 17:30 . 2008-03-27 17:30 <DIR> d-------- C:\Program Files\Webroot
    2008-03-27 17:30 . 2008-03-27 17:30 <DIR> d-------- C:\Documents and Settings\Dr. Daniel MacDonald\Application Data\Webroot
    2008-03-22 13:13 . 2008-03-22 13:13 <DIR> d-------- C:\Program Files\Lavasoft
    2008-03-22 13:13 . 2008-03-22 13:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-22 13:12 . 2008-03-22 13:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-22 12:58 . 2008-03-22 12:58 <DIR> d-------- C:\Documents and Settings\Dr. Daniel MacDonald\Application Data\PC Tools
    2008-03-22 12:43 . 2008-03-22 12:43 51,072 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikhlayer.sys
    2008-03-22 12:43 . 2008-03-22 12:43 30,592 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikhfile.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-21 21:49 --------- d-----w C:\Program Files\DynDNS Updater
    2008-04-12 20:13 --------- d-----w C:\Program Files\SiteAdvisor
    2008-04-05 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Retrospect
    2008-03-22 17:15 12,632 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe
    2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
    2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
    2008-03-01 22:36 3,591,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
    2008-02-29 08:55 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
    2008-02-29 08:55 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
    2008-02-22 10:00 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
    2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
    2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
    2008-02-20 05:32 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll
    2008-02-20 05:32 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
    2008-02-15 05:44 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
    .

    ((((((((((((((((((((((((((((( [email protected]_14.35.54.00 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-05 18:32:08 16,384 ----a-w C:\WINDOWS\assembly\GAC\Arbus.Interfacing.Library\1.0.0.27362__2be3a081d8c94867\Arbus.Interfacing.Library.dll
    + 2008-04-21 21:52:26 16,384 ----a-w C:\WINDOWS\assembly\GAC\Arbus.Interfacing.Library\1.0.0.27362__2be3a081d8c94867\Arbus.Interfacing.Library.dll
    - 2008-04-05 18:32:08 16,384 ----a-w C:\WINDOWS\assembly\GAC\ArbusApplicationController\1.0.2563.27362__da57d5d39b1d6dd8\ArbusApplicationController.dll
    + 2008-04-21 21:52:26 16,384 ----a-w C:\WINDOWS\assembly\GAC\ArbusApplicationController\1.0.2563.27362__da57d5d39b1d6dd8\ArbusApplicationController.dll
    + 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
    + 2007-12-19 23:01:06 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
    + 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
    + 2007-12-07 02:21:45 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
    + 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
    + 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
    + 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
    + 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
    + 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
    + 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
    + 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
    + 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
    + 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
    + 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
    + 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
    + 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
    + 2007-12-07 02:21:47 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
    + 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
    + 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
    + 2007-12-08 14:51:48 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
    + 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
    + 2007-12-07 02:21:48 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
    + 2007-12-07 02:21:48 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
    + 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
    + 2008-01-11 05:53:32 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
    + 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
    + 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
    + 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
    + 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
    + 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
    - 2007-12-07 02:21:45 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
    + 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
    - 2008-04-12 12:40:02 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
    + 2008-04-21 21:56:35 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
    - 2008-04-12 12:40:02 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
    + 2008-04-21 21:56:35 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
    - 2008-04-12 12:40:02 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
    + 2008-04-21 21:56:35 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
    - 2007-12-07 02:21:45 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
    + 2008-03-01 13:06:20 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
    - 2007-12-19 23:01:06 347,136 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
    + 2008-03-01 13:06:21 347,136 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
    - 2007-12-07 02:21:45 214,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
    + 2008-03-01 13:06:21 214,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
    - 2007-12-07 02:21:45 133,120 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
    + 2008-03-01 13:06:21 133,120 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
    - 2007-12-07 02:21:45 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
    + 2008-03-01 13:06:21 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
    - 2007-12-07 02:21:45 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
    + 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
    - 2007-12-07 02:21:45 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
    + 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
    - 2007-12-07 02:21:45 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
    + 2008-03-01 13:06:22 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
    - 2007-12-07 02:21:45 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
    + 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
    - 2007-12-07 02:21:46 6,066,176 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
    + 2008-03-01 13:06:24 6,066,176 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
    - 2007-12-07 02:21:46 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
    + 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
    - 2007-12-07 02:21:46 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
    + 2008-03-01 13:06:25 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
    - 2007-12-07 02:21:47 27,648 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
    + 2008-03-01 13:06:25 27,648 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
    - 2007-12-07 02:21:47 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
    + 2008-03-01 13:06:26 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
    - 2007-12-07 02:21:47 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
    + 2008-03-01 13:06:26 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
    - 2007-12-07 02:21:47 478,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
    + 2008-03-01 13:06:28 478,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
    - 2007-12-07 02:21:48 193,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
    + 2008-03-01 13:06:28 193,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
    - 2007-12-07 02:21:48 671,232 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
    + 2008-03-01 13:06:29 671,232 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
    - 2007-12-07 02:21:48 102,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
    + 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
    - 2008-01-11 05:53:32 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
    + 2008-03-01 13:06:29 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
    - 2007-12-07 02:21:48 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
    + 2008-03-01 13:06:29 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
    - 2007-12-07 02:21:48 1,159,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
    + 2008-03-01 13:06:30 1,159,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
    - 2007-12-07 02:21:48 233,472 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
    + 2008-03-01 13:06:30 233,472 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
    - 2007-12-07 02:21:48 824,832 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
    + 2008-03-01 13:06:31 826,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
    - 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\SYSTEM32\dnsapi.dll
    + 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\SYSTEM32\dnsapi.dll
    - 2006-03-03 16:07:02 143,360 ----a-w C:\WINDOWS\SYSTEM32\dunzip32.dll
    + 2006-03-03 12:07:02 143,360 ----a-w C:\WINDOWS\SYSTEM32\dunzip32.dll
    - 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
    + 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
    - 2007-12-07 02:21:45 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
    + 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
    - 2007-12-07 02:21:45 133,120 ------w C:\WINDOWS\SYSTEM32\extmgr.dll
    + 2008-03-01 13:06:21 133,120 ------w C:\WINDOWS\SYSTEM32\extmgr.dll
    - 2007-08-11 15:39:21 257,456 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
    + 2008-04-12 19:51:51 257,456 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
    - 2007-12-07 02:21:45 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
    + 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
    - 2007-12-06 11:00:57 70,656 ------w C:\WINDOWS\SYSTEM32\ie4uinit.exe
    + 2008-02-29 08:55:23 70,656 ------w C:\WINDOWS\SYSTEM32\ie4uinit.exe
    - 2007-12-07 02:21:45 153,088 ------w C:\WINDOWS\SYSTEM32\ieakeng.dll
    + 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\SYSTEM32\ieakeng.dll
    - 2007-12-07 02:21:45 230,400 ------w C:\WINDOWS\SYSTEM32\ieaksie.dll
    + 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\SYSTEM32\ieaksie.dll
    - 2007-12-06 04:59:51 161,792 ------w C:\WINDOWS\SYSTEM32\ieakui.dll
    + 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\SYSTEM32\ieakui.dll
    - 2007-12-07 02:21:45 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
    + 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
    - 2007-12-07 02:21:45 384,512 ------w C:\WINDOWS\SYSTEM32\iedkcs32.dll
    + 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\SYSTEM32\iedkcs32.dll
    - 2007-12-07 02:21:46 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
    + 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
    - 2007-12-07 02:21:46 44,544 ------w C:\WINDOWS\SYSTEM32\iernonce.dll
    + 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\SYSTEM32\iernonce.dll
    - 2007-12-07 02:21:46 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
    + 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
    - 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
    + 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
    - 2007-12-07 02:21:47 27,648 ------w C:\WINDOWS\SYSTEM32\jsproxy.dll
    + 2008-03-01 13:06:25 27,648 ------w C:\WINDOWS\SYSTEM32\jsproxy.dll
    - 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
    + 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
    - 2007-12-07 02:21:47 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
    + 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
    - 2007-12-07 02:21:47 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
    + 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
    - 2007-12-08 14:51:48 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
    + 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
    - 2007-12-07 02:21:47 478,208 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
    + 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
    - 2007-12-07 02:21:48 193,024 ------w C:\WINDOWS\SYSTEM32\msrating.dll
    + 2008-03-01 13:06:28 193,024 ------w C:\WINDOWS\SYSTEM32\msrating.dll
    - 2007-12-07 02:21:48 671,232 ------w C:\WINDOWS\SYSTEM32\mstime.dll
    + 2008-03-01 13:06:29 671,232 ------w C:\WINDOWS\SYSTEM32\mstime.dll
    - 2007-12-07 02:21:48 102,912 ------w C:\WINDOWS\SYSTEM32\occache.dll
    + 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\SYSTEM32\occache.dll
    - 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
    + 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
    - 2007-12-07 02:21:48 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
    + 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
    - 2007-12-07 02:21:48 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
    + 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
    - 2007-12-07 02:21:48 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
    + 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
    - 2007-12-07 02:21:48 824,832 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
    + 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
    + 2008-04-21 21:48:57 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_194.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sonic RecordNow!"="" []
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
    "SystemTray.exe"="C:\Program Files\Ezdental\SystemTray.exe" [2005-03-11 13:04 126976]
    "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2008-01-04 20:56 3572592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 02:19 155648]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 02:07 114688]
    "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 05:59 122880 C:\WINDOWS\BCMSMMSG.exe]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 03:04 114741]
    "StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 03:01 155648]
    "DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 12:27 28672]
    "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 21:47 204800]
    "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-12-02 09:06 26112]
    "DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2005-10-13 23:26 69632]
    "MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 15:30 45056]
    "MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2003-04-07 18:09 118784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-10-30 10:38 77824]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 17:57 36640]
    "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
    "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
    "McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
    "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
    PCANotify.dll 2003-10-31 11:01 8704 C:\WINDOWS\SYSTEM32\PCANotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Symantec\\pcAnywhere\\Winaw32.exe"=
    "C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
    "C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\INSTALL.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{894b5582-4b7a-11dc-9234-00038a000015}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    *Newly Created Service* - MBACKMONITOR
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-04-15 05:39:59 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe'
    "2008-04-12 20:09:02 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe
    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-21 18:06:33
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    McAfee Backup = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\SiteAdvisor\6253\saHook.dll
    .
    Completion time: 2008-04-21 18:07:21
    ComboFix-quarantined-files.txt 2008-04-21 22:07:14
    ComboFix2.txt 2008-04-12 19:12:58
    ComboFix3.txt 2008-04-12 18:36:44
    Pre-Run: 70,120,701,952 bytes free
    Post-Run: 70,106,636,288 bytes free
    .
    2008-04-20 00:52:23 --- E O F ---
    -------------------------------------------------------------------------------------------------------
     
  6. richie445

    richie445 Thread Starter

    Joined:
    Apr 12, 2008
    Messages:
    5
    SuperAnitSpyware log
    -------------------------------------------------------------------------------------------------------

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 04/21/2008 at 06:40 PM

    Application Version : 4.0.1154

    Core Rules Database Version : 3443
    Trace Rules Database Version: 1435

    Scan type : Complete Scan
    Total Scan Time : 00:27:54

    Memory items scanned : 556
    Memory threats detected : 0
    Registry items scanned : 5598
    Registry threats detected : 4
    File items scanned : 22012
    File threats detected : 0

    Rogue.TrustedAntiVirus
    HKU\S-1-5-21-564768495-3239364292-2131759171-1009\Software\TrustedAntivirusDownloader
    HKLM\Software\TrustedAntivirusDownloader
    HKLM\Software\TrustedAntivirusDownloader#TotalSize
    HKLM\Software\TrustedAntivirusDownloader#SeekPos
    -----------------------------------------------------------------------------------------------------

    Hijackthis log
    ----------------------------------------------------------------------------------------------------
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:04:07 PM, on 4/21/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    C:\Program Files\McAfee\MBK\MBackMonitor.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\DynDNS Updater\DynDNS.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    C:\WINDOWS\MXOALDR.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Ezdental\SystemTray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\America Online 8.0\aoltray.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Dr. Daniel MacDonald\My Documents\HiJackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [DwlClient] "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
    O4 - HKLM\..\Run: [McENUI] "C:\PROGRA~1\McAfee\MHN\McENUI.exe" /hide
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
    O4 - HKLM\..\Run: [MBkLogOnHook] "C:\Program Files\McAfee\MBK\LogOnHook.exe"
    O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SystemTray.exe] "C:\Program Files\Ezdental\SystemTray.exe"
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1186845659562
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5187/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8DAB8C45-1878-4A83-A68E-67CAB8B29172}: NameServer = 68.237.161.12,71.243.0.12
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: McAfee Application Installer Cleanup (0184821208814985) (0184821208814985mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\018482~1.EXE (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 9087 bytes
    ------------------------------------------------------------------------------------------------------
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Log looks good. Are you having any problems now?
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/702984

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice