Member Panel

olddude

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:59 AM, on 5/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Intuit\Entitlement Client v2\Server\Intuit.Spc.Map.EntitlementClient.Server. Service.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Lin\LOCALS~1\Temp\Temporary Directory 2 for HiJackThis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = TOOLBAR - Comcast.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Comcast.net Home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = TOOLBAR - Comcast.net
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~2\scriptcl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [System] C:\WINDOWS\krln32.exe
O4 - HKLM\..\Run: [Windows Framework] C:\WINDOWS\system32\scvh0st.exe
O4 - HKLM\..\Run: [mmnext06] C:\Program Files\Common Files\trjdwnl.dll
O4 - HKLM\..\Run: [shellbn] C:\WINDOWS\shlext32.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...63/mcfscan.cab
O18 - Protocol: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\system32\QBPOSProtocol.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intuit Entitlement Service v2 - Intuit, Inc. - C:\Program Files\Common Files\Intuit\Entitlement Client v2\Server\Intuit.Spc.Map.EntitlementClient.Server. Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: QBPOS Database Extended Manager (QBPOSDBExtServices) - Intuit Inc. - C:\Program Files\Intuit\QuickBooks Point of Sale 5.0\DatabaseServer\QBPOSDBServiceEx.exe
--
End of file - 11093 bytes

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 9:56:05 AM 9/6/2007
+ Scan result:

C:\MIDASWIN\mrclnch.exe -> Backdoor.Small : No action taken.
C:\RECYCLER\NPROTECT\00057234.TXT -> TrackingCookie.2o7 : No action taken.
C:\RECYCLER\NPROTECT\00057247.TXT -> TrackingCookie.2o7 : No action taken.
C:\RECYCLER\NPROTECT\00057270.TXT -> TrackingCookie.2o7 : No action taken.
C:\RECYCLER\NPROTECT\00057298.TXT -> TrackingCookie.2o7 : No action taken.
C:\RECYCLER\NPROTECT\00058218.TXT -> TrackingCookie.2o7 : No action taken.
C:\RECYCLER\NPROTECT\00058233.TXT -> TrackingCookie.2o7 : No action taken.
C:\RECYCLER\NPROTECT\00058254.TXT -> TrackingCookie.2o7 : No action taken.
C:\RECYCLER\NPROTECT\00058292.TXT -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Lin\Cookies\lin@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Lin\Cookies\lin@ads.adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\RECYCLER\NPROTECT\00057284.TXT -> TrackingCookie.Addynamix : No action taken.
C:\RECYCLER\NPROTECT\00057285.TXT -> TrackingCookie.Addynamix : No action taken.
C:\RECYCLER\NPROTECT\00057288.TXT -> TrackingCookie.Addynamix : No action taken.
C:\RECYCLER\NPROTECT\00057306.TXT -> TrackingCookie.Addynamix : No action taken.
C:\RECYCLER\NPROTECT\00056732.TXT -> TrackingCookie.Adrevolver : No action taken.
C:\RECYCLER\NPROTECT\00056649.TXT -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\NPROTECT\00056656.TXT -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\NPROTECT\00056657.TXT -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\NPROTECT\00056722.TXT -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\NPROTECT\00056724.TXT -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\NPROTECT\00057120.TXT -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\NPROTECT\00057121.TXT -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\NPROTECT\00057127.TXT -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\NPROTECT\00057128.TXT -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\NPROTECT\00058269.TXT -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\NPROTECT\00058270.TXT -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\NPROTECT\00058271.TXT -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\NPROTECT\00058272.TXT -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\NPROTECT\00058278.TXT -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\NPROTECT\00058279.TXT -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\NPROTECT\00058280.TXT -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\NPROTECT\00058281.TXT -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Lin\Cookies\lin@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\RECYCLER\NPROTECT\00056694.TXT -> TrackingCookie.Bluestreak : No action taken.
C:\RECYCLER\NPROTECT\00057122.TXT -> TrackingCookie.Bridgetrack : No action taken.
C:\RECYCLER\NPROTECT\00057123.TXT -> TrackingCookie.Bridgetrack : No action taken.
C:\RECYCLER\NPROTECT\00057124.TXT -> TrackingCookie.Bridgetrack : No action taken.
C:\RECYCLER\NPROTECT\00057141.TXT -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Lin\Cookies\lin@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Lin\Cookies\lin@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Lin\Cookies\lin@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\RECYCLER\NPROTECT\00056736.TXT -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\NPROTECT\00056737.TXT -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\NPROTECT\00056739.TXT -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\NPROTECT\00056747.TXT -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\NPROTECT\00056748.TXT -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\NPROTECT\00056749.TXT -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\NPROTECT\00056770.TXT -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\NPROTECT\00056771.TXT -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\NPROTECT\00056772.TXT -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\NPROTECT\00056773.TXT -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\NPROTECT\00056774.TXT -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\NPROTECT\00056775.TXT -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\NPROTECT\00056776.TXT -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\NPROTECT\00056777.TXT -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\NPROTECT\00056779.TXT -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\NPROTECT\00056780.TXT -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\NPROTECT\00056781.TXT -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\NPROTECT\00057129.TXT -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\NPROTECT\00057130.TXT -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\NPROTECT\00057131.TXT -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\NPROTECT\00057136.TXT -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\NPROTECT\00057138.TXT -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\NPROTECT\00057139.TXT -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\NPROTECT\00057142.TXT -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Diane\Local Settings\Temp\Cookies\diane@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Lin\Cookies\lin@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\RECYCLER\NPROTECT\00056727.TXT -> TrackingCookie.Fastclick : No action taken.
C:\RECYCLER\NPROTECT\00056728.TXT -> TrackingCookie.Fastclick : No action taken.
C:\RECYCLER\NPROTECT\00056786.TXT -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Lin\Cookies\lin@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Lin\Cookies\lin@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\RECYCLER\NPROTECT\00057299.TXT -> TrackingCookie.Questionmarket : No action taken.
C:\RECYCLER\NPROTECT\00057300.TXT -> TrackingCookie.Questionmarket : No action taken.
C:\RECYCLER\NPROTECT\00056697.TXT -> TrackingCookie.Realmedia : No action taken.
C:\RECYCLER\NPROTECT\00056698.TXT -> TrackingCookie.Realmedia : No action taken.
C:\RECYCLER\NPROTECT\00056714.TXT -> TrackingCookie.Realmedia : No action taken.
C:\RECYCLER\NPROTECT\00056715.TXT -> TrackingCookie.Realmedia : No action taken.
C:\RECYCLER\NPROTECT\00056718.TXT -> TrackingCookie.Realmedia : No action taken.
C:\RECYCLER\NPROTECT\00056719.TXT -> TrackingCookie.Realmedia : No action taken.
C:\RECYCLER\NPROTECT\00056723.TXT -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Lin\Cookies\lin@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Lin\Cookies\lin@specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Diane\Local Settings\Temp\Cookies\diane@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Lin\Cookies\lin@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\RECYCLER\NPROTECT\00056671.TXT -> TrackingCookie.Trafficmp : No action taken.
C:\RECYCLER\NPROTECT\00056672.TXT -> TrackingCookie.Trafficmp : No action taken.
C:\RECYCLER\NPROTECT\00056673.TXT -> TrackingCookie.Trafficmp : No action taken.
C:\RECYCLER\NPROTECT\00056674.TXT -> TrackingCookie.Trafficmp : No action taken.
C:\RECYCLER\NPROTECT\00056675.TXT -> TrackingCookie.Trafficmp : No action taken.
C:\RECYCLER\NPROTECT\00056688.TXT -> TrackingCookie.Trafficmp : No action taken.
C:\RECYCLER\NPROTECT\00056689.TXT -> TrackingCookie.Trafficmp : No action taken.
C:\RECYCLER\NPROTECT\00056690.TXT -> TrackingCookie.Trafficmp : No action taken.
C:\RECYCLER\NPROTECT\00056691.TXT -> TrackingCookie.Trafficmp : No action taken.
C:\RECYCLER\NPROTECT\00056692.TXT -> TrackingCookie.Trafficmp : No action taken.
C:\RECYCLER\NPROTECT\00056693.TXT -> TrackingCookie.Trafficmp : No action taken.
C:\RECYCLER\NPROTECT\00056708.TXT -> TrackingCookie.Trafficmp : No action taken.
C:\RECYCLER\NPROTECT\00056709.TXT -> TrackingCookie.Trafficmp : No action taken.
C:\RECYCLER\NPROTECT\00056710.TXT -> TrackingCookie.Trafficmp : No action taken.
C:\RECYCLER\NPROTECT\00056711.TXT -> TrackingCookie.Trafficmp : No action taken.
C:\RECYCLER\NPROTECT\00056712.TXT -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Lin\Cookies\lin@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\RECYCLER\NPROTECT\00056659.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056660.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056665.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056666.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056668.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056669.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056678.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056679.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056680.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056681.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056682.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056684.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056685.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056695.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056700.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056706.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056729.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056750.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056758.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056759.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056760.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056761.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056762.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056778.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056783.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056784.TXT -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00056785.TXT -> TrackingCookie.Yieldmanager : No action taken.

::Report end

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!
Generated 05/20/2008 at 09:57 AM
Application Version : 4.0.1154
Core Rules Database Version : 3301
Trace Rules Database Version: 1307
Scan type : Complete Scan
Total Scan Time : 00:35:53
Memory items scanned : 182
Memory threats detected : 0
Registry items scanned : 4576
Registry threats detected : 0
File items scanned : 12846
File threats detected : 2
Adware.Tracking Cookie
C:\Documents and Settings\Lin\Cookies\lin@adopt.specificclick[1].txt
C:\Documents and Settings\Lin\Cookies\lin@specificclick[1].txt

It all started when I was searching internet and I think I downloaded something by mistake. As soon as I did it I shut down IE explorer and cleaned my temp internet files, deleted cookies and history. I also ran all three of my anti spam and virus programs. I have AVG, SuperantiSpyware and McAfee. My updates are up to date.

The problem I have had is that everytime I click to go to another page while on the internet the page I am looking for gets redirected and some advertising page comes up. Also while this is going on the pages are very slow to load and while I am trying to type on a forum discussion board my cursor keeps disapearing and I can't type. Also sometimes when I close a page everything quits, all I end up with is my background. My desktop is gone and I have to pull the plug to restart the computer because the start menu is gone.

After I ran all 4 programs about a bazillion times the popups have slowed down a little but all these other problems have gotten worst. Can you see anythingin any of my logs that could be causing this? Thanks!!

apple_head15

Might be a ray of light but try
Downloading and using Adaware or Spybot.

Hope this works

valis

hello olddude, and welcome to the forums....you've got a few infections going on there, so let's start with a complete scan.

We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.
Please visit this webpage for download links, and instructions for running ComboFix

When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Thanks,

v

olddude

Thanks, but I have to head off for work now but I'll do this when I get home this evening. Thanks so much for the help.

valis

no worries.....I will not have a chance to check it tonight, but we can tag-team this thing until we beat it to death.

thanks,

v

olddude

OK, I downloaded the new program and Here is the log it printed out. Let me know what to do next....but, be kind please.LOL

ComboFix 08-05-20.5 - Lin 2008-05-21 18:41:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.526 [GMT -4:00]
Running from: C:\Documents and Settings\Lin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lin\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\salesmonitor
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FOPN

((((((((((((((((((((((((( Files Created from 2008-04-21 to 2008-05-21 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-21 22:47 --------- d-----w C:\Program Files\Lx_cats
2008-05-20 21:47 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-14 10:59 --------- d-----w C:\Documents and Settings\Diane\Application Data\ComcastToolbar
2008-05-09 13:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\sxencbmv
2008-04-22 22:51 --------- d-----w C:\Program Files\McAfee
2008-04-17 11:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-14 22:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\ogwmczlk
2008-04-14 22:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\dufcjgxi
2008-04-01 21:50 --------- d-----w C:\Documents and Settings\Guest\Application Data\COMCASTTOOLBAR
2008-04-01 13:33 --------- d-----w C:\Program Files\Common Files\McAfee
2008-04-01 13:11 --------- d-----w C:\Documents and Settings\Guest\Application Data\McAfee
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-20 17:47 1510640]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 17:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 17:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 17:36 114688]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 21:42 1404928]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48 32881]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248]
"D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2004-10-27 16:07 987136]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-10-14 10:17 45056]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2007-01-11 13:57 291760]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2006-07-10 22:30 294912]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2006-06-07 02:05 98304]
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X 86\3\LXCTtime.dll" [2006-11-21 08:27 106496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18 270648]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39 136768]
"DoNotDelete"="C:\WINDOWS\system32\explore.exe " [ ]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]
"System"="C:\WINDOWS\krln32.exe" [ ]
"Windows Framework"="C:\WINDOWS\system32\scvh0st.exe" [ ]
"mmnext06"="C:\Program Files\Common Files\trjdwnl.dll" [ ]
"shellbn"="C:\WINDOWS\shlext32.exe" [ ]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-06-13 06:20 127036]
"combofix"="C:\WINDOWS\system32\CF4148.exe" [2004-08-04 07:00 388608]
C:\Documents and Settings\Lin\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-11-16 10:25:22 344064]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-12-28 08:28:25 24576]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-10-17 18:36:00 811008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"DisableRegistryTools"= 1 (0x1)
"DisableTaskMgr"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-20 17:47 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Intuit\\QuickBooks Point of Sale 5.0\\DatabaseServer\\QBDBMgrN.exe"=
"C:\\WINDOWS\\system32\\lxctcoms.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNT IO.sys [2004-03-05 18:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM. sys [2004-03-05 18:09]
R3 A5AGU

-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2004-10-06 10:39]
S3 ATHFMWDL

-Link predator Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2004-10-04 06:28]
.
Contents of the 'Scheduled Tasks' folder
"2008-05-15 11:21:23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-16 22:30:01 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (FRONTCOUNTER-Diane).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-05-15 05:00:01 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-05-01 05:00:07 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 18:48:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Intuit\Entitlement Client v2\Server\Intuit.Spc.Map.EntitlementClient.Server. Service.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe
C:\PROGRA~1\McAfee\VIRUSS~2\Mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\verclsid.exe
.
************************************************** ************************
.
Completion time: 2008-05-21 18:50:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-21 22:50:45
Pre-Run: 66,280,235,008 bytes free
Post-Run: 66,591,506,432 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
178 --- E O F --- 2008-05-16 07:02:59

I hope everything went ok, I saw a few times my McAfee was doing strange things cause I couldn't figure out how to disable it. Thanks!!

valis

can you post a new hjt log?

thanks,

v

Member Panel

Sponsors and Ads

Noticeboard