Jump to content


Photo

Popups Galore


  • This topic is locked This topic is locked
14 replies to this topic

#1 jbholsters

jbholsters

    Member

  • Members
  • PipPip
  • 10 posts

Posted 23 May 2007 - 10:38 PM

Just ran the software and created the hijack file. Any and all help would be greatly appriciated.

Logfile of HijackThis v1.99.1
Scan saved at 5:06:47 PM, on 5/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\smanager.7.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Joshua Bulman\My Documents\hijackthislog\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: (no name) - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [adwarealert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [{1F-FF-F6-64-ZN}] c:\windows\system32\dwdsregt.exe CHD001
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [System]
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\khigda.dll",realset
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Lookup Meaning - res://C:\Program Files\ieSpell\iespell.dll/LOOKUPMEANING.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.winantivirus.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...oad/tgctlcm.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\JOSHUA~1\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O20 - AppInit_DLLs: c:\windows\system32\pmkhhhi.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

#2 miekiemoes

miekiemoes

    Malware Killer Dog

  • Volunteer Security Advisor
  • PipPipPip
  • 4092 posts

Posted 24 May 2007 - 01:35 PM

Hello,

Please perform my instructions in the right order..

I see you have AdwareAlert installed. If you didn't purchase it, I suggest you uninstall it - because there are better scanners out there.
Also uninstall NewDotNet if still present.
Then reboot.

After reboot,

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O3 - Toolbar: (no name) - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - (no file)
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [{1F-FF-F6-64-ZN}] c:\windows\system32\dwdsregt.exe CHD001
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [System]
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\khigda.dll",realset
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O15 - Trusted Zone: *.winantivirus.com
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\JOSHUA~1\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O20 - AppInit_DLLs: c:\windows\system32\pmkhhhi.dll
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
DO NOT POST your problem or log in someone elses thread, even though you are having the same problems. This to avoid confusion. Start a new thread instead and someone will help you asap.
Bumping your thread won't help to receive help in a faster way, this since we always look at the posts with 0 replies first. If you bump your thread, we assume that someone is already helping you, so your thread may be ignored.

#3 jbholsters

jbholsters

    Member

  • Members
  • PipPip
  • 10 posts

Posted 24 May 2007 - 04:25 PM

I wasn't able to complete your instuctions. When I try to delete newdotnet I get the following windows prompt.prompt.jpg

What should I do?

Thanks

#4 miekiemoes

miekiemoes

    Malware Killer Dog

  • Volunteer Security Advisor
  • PipPipPip
  • 4092 posts

Posted 24 May 2007 - 04:28 PM

Did you uninstall it as I asked? And then rebooted? Because manually deleting won't indeed work.
Anyway, if that fails, just skip that step and deal with the next steps. Then we'll deal with it afterwards if still present.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
DO NOT POST your problem or log in someone elses thread, even though you are having the same problems. This to avoid confusion. Start a new thread instead and someone will help you asap.
Bumping your thread won't help to receive help in a faster way, this since we always look at the posts with 0 replies first. If you bump your thread, we assume that someone is already helping you, so your thread may be ignored.

#5 jbholsters

jbholsters

    Member

  • Members
  • PipPip
  • 10 posts

Posted 24 May 2007 - 09:11 PM

Thanks for all of the help so far!! I was able to remove NEWDOTNET. I did not remove AdWare. I have the full version.
Here are the log files you requested.

Logfile of HijackThis v1.99.1
Scan saved at 4:11:04 PM, on 5/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Joshua Bulman\My Documents\hijackthislog\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E86A50B-A7FF-4cae-B8B7-28A13B6D46F0} - C:\WINDOWS\system32\mprmem.dll
O2 - BHO: (no name) - {9858A660-B48C-4079-9E6B-4CEBED41490F} - C:\WINDOWS\system32\mprmem.dll
O2 - BHO: 0 - {B8DB0242-6120-467C-D4AD-0BFFEC130382} - C:\Program Files\MSN Gaming Zone\rycir.dll
O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\dnsersnd.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [adwarealert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Lookup Meaning - res://C:\Program Files\ieSpell\iespell.dll/LOOKUPMEANING.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.winantivirus.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...oad/tgctlcm.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\JOSHUA~1\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O20 - AppInit_DLLs: c:\windows\system32\pmkhhhi.dll
O20 - Winlogon Notify: mprmem - C:\WINDOWS\SYSTEM32\mprmem.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE




"Joshua Bulman" - 2007-05-24 16:03:23 Service Pack 2
ComboFix 07-05.24.7.V - Running from: "C:\Documents and Settings\Joshua Bulman\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bbakddtr.dll
C:\WINDOWS\system32\uoxuguni.dll
C:\WINDOWS\system32\awtqpnm.dll
C:\WINDOWS\system32\pmnomll.dll
C:\WINDOWS\system32\vturqqr.dll
C:\WINDOWS\system32\xxyxyyv.dll
C:\WINDOWS\system32\yaywuvs.dll
C:\WINDOWS\system32\pdkbymyi.exe
C:\WINDOWS\system32\winepi32.dll
C:\WINDOWS\system32\pqtss.bak1
C:\WINDOWS\system32\pqtss.bak2
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.bak1
C:\WINDOWS\system32\pqtss.bak2
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\rqrqpnn.dll
C:\WINDOWS\Config\bakad.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\cfg32a.exe"
"C:\Program Files\Common Files\Yazzle1162OinAdmin.exe"
"C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe"
"C:\WINDOWS\system32\~.exe"
"C:\WINDOWS\retadpu1000106.exe"
"C:\WINDOWS\retadpu1000272.exe"
"C:\WINDOWS\system32\tmp12.tmp.dll"
"C:\WINDOWS\system32\tmp14.tmp.dll"
"C:\WINDOWS\system32\tmp17.tmp.dll"
"C:\WINDOWS\system32\tmp1C.tmp.dll"
"C:\WINDOWS\system32\tmp1E.tmp.dll"
"C:\WINDOWS\system32\tmp1F.tmp.dll"
"C:\WINDOWS\system32\tmp20.tmp.dll"
"C:\WINDOWS\system32\tmp21.tmp.dll"
"C:\WINDOWS\system32\tmp22.tmp.dll"
"C:\WINDOWS\system32\tmp24.tmp.dll"
"C:\WINDOWS\system32\tmp2D.tmp.dll"
"C:\WINDOWS\system32\tmp30.tmp.dll"
"C:\WINDOWS\system32\tmp31.tmp.dll"
"C:\WINDOWS\system32\tmp32.tmp.dll"
"C:\WINDOWS\system32\tmp33.tmp.dll"
"C:\WINDOWS\system32\tmp35.tmp.dll"
"C:\WINDOWS\system32\tmp37.tmp.dll"
"C:\WINDOWS\system32\tmp39.tmp.dll"
"C:\WINDOWS\system32\tmp3C.tmp.dll"
"C:\WINDOWS\system32\tmp3D.tmp.dll"
"C:\WINDOWS\system32\tmp3E.tmp.dll"
"C:\WINDOWS\system32\tmp3F.tmp.dll"
"C:\WINDOWS\system32\tmp42.tmp.dll"
"C:\WINDOWS\system32\tmp46.tmp.dll"
"C:\WINDOWS\system32\tmp48.tmp.dll"
"C:\WINDOWS\system32\tmp4A.tmp.dll"
"C:\WINDOWS\system32\tmp4C.tmp.dll"
"C:\WINDOWS\system32\tmp52.tmp.dll"
"C:\WINDOWS\system32\tmp56.tmp.dll"
"C:\WINDOWS\system32\tmp5B.tmp.dll"
"C:\WINDOWS\system32\tmp5D.tmp.dll"
"C:\WINDOWS\system32\tmp61.tmp.dll"
"C:\WINDOWS\system32\tmp73.tmp.dll"
"C:\WINDOWS\system32\tmp78.tmp.dll"
"C:\WINDOWS\system32\tmp9F.tmp.dll"
"C:\Temp\17O7\tmpTF.log"
"C:\Program Files\Common Files\svchost.exe"
"C:\WINDOWS\svchost.exe"
"C:\WINDOWS\b122.exe"
"C:\WINDOWS\system32\dnsersnd.dll"
"C:\WINDOWS\cfg32r.dll"
"C:\WINDOWS\cfg32s.dll"
"C:\WINDOWS\sammy3.exe"
"C:\WINDOWS\rau001978.exe"
"C:\WINDOWS\Config\ntp2.ini"
"C:\WINDOWS\system32\smpi1"
"C:\Temp\17O7"


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NET_AGENT
-------\Net Agent


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-24 ))))))))))))))))))))))))))))))))))


2007-05-24 16:05 49,204 --a------ C:\WINDOWS\system32\htdpqmqk.dll
2007-05-24 15:48 106,425 --a------ C:\WINDOWS\ursrpo.dll
2007-05-24 15:14 106,575 --a------ C:\WINDOWS\byyxut.dll
2007-05-24 10:50 106,585 --a------ C:\WINDOWS\jkjhed.dll
2007-05-24 10:46 20,480 --a------ C:\WINDOWS\avp.exe
2007-05-23 15:13 106,324 --a------ C:\WINDOWS\wvwxxy.dll
2007-05-23 14:32 11,264 --a------ C:\WINDOWS\smanager.7.exe
2007-05-23 14:32 10,240 --a------ C:\WINDOWS\system32\klikalka.exe
2007-05-23 14:31 933 --a------ C:\WINDOWS\system32\winpfz32.sys
2007-05-23 14:31 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-05-23 14:31 217,276 --a------ C:\WINDOWS\Setup89.exe
2007-05-23 14:31 20,480 --a------ C:\WINDOWS\stub_mma2.exe
2007-05-23 14:31 20,480 --a------ C:\WINDOWS\stub_mma1.exe
2007-05-23 14:31 <DIR> d-------- C:\WINDOWS\system32\TQ0
2007-05-23 14:31 <DIR> d-------- C:\WINDOWS\system32\T6
2007-05-23 14:31 <DIR> d-------- C:\WINDOWS\system32\T4
2007-05-23 14:31 <DIR> d-------- C:\WINDOWS\system32\T3
2007-05-23 14:31 <DIR> d-------- C:\WINDOWS\system32\pog
2007-05-23 14:31 <DIR> d-------- C:\Program Files\Ofb11
2007-05-23 14:30 <DIR> d-------- C:\WINDOWS\system32\T5QaSQ
2007-05-23 14:30 <DIR> d-------- C:\Tempb9
2007-05-21 18:02 106,526 --a------ C:\WINDOWS\wvtqrq.dll
2007-05-20 17:40 106,387 --a------ C:\WINDOWS\qomnmm.dll
2007-05-14 19:07 106,768 --a------ C:\WINDOWS\yabcyw.dll
2007-05-07 14:04 106,768 --a------ C:\WINDOWS\wvtspn.dll
2007-05-05 14:12 106,768 --a------ C:\WINDOWS\rqrstq.dll
2007-04-27 15:27 967,993 --a------ C:\Temp\gorPUS.exe
2007-04-27 15:27 <DIR> d-------- C:\Temp
2007-04-27 13:21 106,752 --a------ C:\WINDOWS\awtqno.dll
2007-04-27 11:51 106,752 --a------ C:\WINDOWS\iihhfg.dll
2007-04-27 11:22 106,752 --a------ C:\WINDOWS\fccawt.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-23 19:47:44 -------- d-----w C:\Program Files\AdwareAlert
2007-05-23 18:31:44 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-05-14 22:34:47 106,768 ----a-w C:\WINDOWS\wvtspo.dll
2007-05-02 11:36:49 630,464 ----a-w C:\WINDOWS\system32\drivers\VetEFile.sys
2007-05-02 11:36:49 108,656 ----a-w C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-13 11:51:36 -------- d--h--w C:\DOCUME~1\JOSHUA~1\APPLIC~1\Gtek
2007-04-13 11:27:18 -------- d-----w C:\Program Files\DellSupport
2007-04-12 15:33:36 -------- d-----w C:\DOCUME~1\JOSHUA~1\APPLIC~1\ultra
2007-04-10 18:33:33 106,767 ----a-w C:\WINDOWS\pmlife.dll
2007-04-10 14:47:20 106,767 ----a-w C:\WINDOWS\yaaywu.dll
2007-04-09 17:58:53 106,767 ----a-w C:\WINDOWS\opqrop.dll
2007-04-09 11:03:37 106,767 ----a-w C:\WINDOWS\qonlmk.dll
2007-04-06 22:39:42 106,767 ----a-w C:\WINDOWS\mlmklk.dll
2007-04-06 19:03:52 106,767 ----a-w C:\WINDOWS\vtrpnm.dll
2007-03-30 21:14:47 -------- d-----w C:\Program Files\HP
2007-03-29 15:25:03 106,539 ----a-w C:\WINDOWS\gebxwx.dll
2007-03-28 18:11:41 106,539 ----a-w C:\WINDOWS\ssttts.dll
2007-03-25 23:51:28 106,539 ----a-w C:\WINDOWS\awusqr.dll
2007-03-24 19:52:51 106,539 ----a-w C:\WINDOWS\urrppo.dll
2007-03-23 11:09:56 106,539 ----a-w C:\WINDOWS\pmklmn.dll
2007-03-21 11:38:59 105,656 ----a-w C:\WINDOWS\tuvwtr.dll
2007-03-21 11:25:34 -------- d-----w C:\Program Files\Messenger
2007-03-21 11:23:25 -------- d-----w C:\Program Files\Common Files\Webroot Shared
2007-03-19 10:52:38 87,248 ----a-w C:\DOCUME~1\JOSHUA~1\APPLIC~1\antivirus.exe
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 13:45:40 105,656 ----a-w C:\WINDOWS\yabbcy.dll
2007-03-13 14:57:00 136,992 ----a-w C:\DOCUME~1\JOSHUA~1\APPLIC~1\privprotect.exe
2007-03-12 17:05:50 105,656 ----a-w C:\WINDOWS\byyyvs.dll
2007-03-12 11:03:14 40,518 ----a-w C:\WINDOWS\nsreg.dat
2007-03-10 23:40:12 105,656 ----a-w C:\WINDOWS\yaxwvu.dll
2007-03-09 17:32:18 105,656 ----a-w C:\WINDOWS\jkhhii.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-07 19:07:55 -------- d-----w C:\Program Files\USPSShippingAssistant
2007-03-07 16:37:20 87,760 ----a-w C:\DOCUME~1\JOSHUA~1\APPLIC~1\errsafer.exe
2007-03-06 23:06:52 -------- d-----w C:\Program Files\QuickTime
2007-03-06 22:50:45 105,656 ----a-w C:\WINDOWS\urstst.dll
2007-03-06 18:15:55 105,656 ----a-w C:\WINDOWS\efcyyw.dll
2007-03-03 23:26:30 105,288 ----a-w C:\WINDOWS\ssrpnk.dll
2007-03-01 16:08:54 95,696 ----a-w C:\DOCUME~1\JOSHUA~1\APPLIC~1\sysdoctor.exe
2007-02-25 01:45:11 105,288 ----a-w C:\WINDOWS\efdaba.dll
2007-02-23 22:31:28 105,288 ----a-w C:\WINDOWS\jkkjkh.dll
2007-02-23 22:01:35 124,112 ----a-w C:\DOCUME~1\JOSHUA~1\APPLIC~1\drvcleaner.exe
2007-02-23 01:23:34 105,288 ----a-w C:\WINDOWS\jkkjhe.dll
2007-02-19 22:48:26 105,130 ----a-w C:\WINDOWS\yaawxu.dll
2007-02-19 21:55:54 105,130 ----a-w C:\WINDOWS\opqoml.dll
2007-02-19 20:33:04 105,130 ----a-w C:\WINDOWS\wvwxwt.dll
2007-02-19 18:13:40 105,130 ----a-w C:\WINDOWS\yaaxxx.dll
2007-02-17 20:41:34 105,130 ----a-w C:\WINDOWS\iihhef.dll
2007-02-17 00:59:39 105,130 ----a-w C:\WINDOWS\jkhifd.dll
2007-02-16 19:10:53 105,130 ----a-w C:\WINDOWS\ursqpq.dll
2007-02-14 18:47:48 105,130 ----a-w C:\WINDOWS\wvwxww.dll
2007-02-13 22:59:55 105,130 ----a-w C:\WINDOWS\iiighh.dll
2007-02-13 18:24:59 105,130 ----a-w C:\WINDOWS\opooon.dll
2007-02-13 00:08:10 105,130 ----a-w C:\WINDOWS\rqpmlj.dll
2007-02-12 21:03:40 105,130 ----a-w C:\WINDOWS\jkhffd.dll
2007-02-08 20:31:24 105,130 ----a-w C:\WINDOWS\qopoom.dll
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
2007-02-05 18:02:25 105,130 ----a-w C:\WINDOWS\dddebb.dll
2006-11-16 05:28:18 -------- --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-11-16 05:28:16 -------- --sh--r C:\WINDOWS\system32\5ADE550AF6.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4E86A50B-A7FF-4cae-B8B7-28A13B6D46F0}=C:\WINDOWS\system32\mprmem.dll [2006-09-23 11:52]
{9858A660-B48C-4079-9E6B-4CEBED41490F}=C:\WINDOWS\system32\mprmem.dll [2006-09-23 11:52]
{B8DB0242-6120-467C-D4AD-0BFFEC130382}=C:\Program Files\MSN Gaming Zone\rycir.dll [2007-05-23 14:31]
{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}=C:\WINDOWS\system32\dnsersnd.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 21:51]
"SigmatelSysTrayApp"="stsystra.exe" []
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 03:12]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"@"="" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 12:35]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 13:20]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 12:03]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-30 19:29]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2006-08-08 02:03]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2006-08-08 02:03]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2005-06-16 23:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-25 08:05]
"adwarealert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [2006-11-30 19:03]
"avp"="C:\WINDOWS\avp.exe" [2007-05-24 10:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"=C:\WINDOWS\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mprmem]
mprmem.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\pmkhhhi.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070524-160015-568
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)

backup-20070524-160005-608
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\JOSHUA~1\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab

?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????=????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

backup-20070524-160005-408
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

???????????????????????????????????????????4??????????????????????????????????4???=????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????=??

backup-20070524-160005-786
O15 - Trusted Zone: *.winantivirus.com

backup-20070524-160005-669
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

???????????????????????????????????????????4??????????????????????????????????4???=????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????=??

backup-20070524-160004-675
O4 - HKLM\..\Run: [System]

backup-20070524-155113-138
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)

backup-20070524-155054-918
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\JOSHUA~1\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab

?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????=????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

backup-20070524-155054-676
O15 - Trusted Zone: *.winantivirus.com

backup-20070524-155054-810
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

???????????????????????????????????????????4??????????????????????????????????4???=????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????=??

backup-20070524-155054-222
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

???????????????????????????????????????????4??????????????????????????????????4???=????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????=??

backup-20070524-155054-485
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\byyxut.dll",realset

backup-20070524-155054-730
O4 - HKLM\..\Run: [System]

backup-20070524-155054-737
O4 - HKLM\..\Run: [SManager] smanager.7.exe

backup-20070524-155054-932
O4 - HKLM\..\Run: [{1F-FF-F6-64-ZN}] c:\windows\system32\mqdsregn.exe CHD001

backup-20070524-155054-665
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

backup-20070524-155054-632
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com

backup-20070524-155054-853
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html

backup-20070524-155054-842
O3 - Toolbar: (no name) - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - (no file)

backup-20070524-155054-936
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-24 16:07:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-24 16:09:28 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-24 16:09

--- E O F ---

#6 jbholsters

jbholsters

    Member

  • Members
  • PipPip
  • 10 posts

Posted 24 May 2007 - 09:20 PM

I noticed that some of the entires that I checked off on HijackThis are still present in the current log that I have posted above, which was created after removing them and then running combofix
Thanks
Josh

#7 miekiemoes

miekiemoes

    Malware Killer Dog

  • Volunteer Security Advisor
  • PipPipPip
  • 4092 posts

Posted 24 May 2007 - 09:50 PM

I see more malware present on this system than anything else :D
What a mess here. I am actually wondering if your Yahoo Antivirus even recognised them - apparently not, otherwise it should already delete them as well... :D

Malware damages a lot and the more malware, the more damage, so I cannot guarantee that we will be able to fix all damage it already caused though...

But First, In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Then, Do next please..

Open notepad and copy/paste the entire text in the quotebox below into it, so EVERYTHING present in the quotebox:

File::
C:\WINDOWS\system32\mprmem.dll
C:\WINDOWS\system32\htdpqmqk.dll
c:\windows\system32\pmkhhhi.dll
C:\WINDOWS\svchost.exe
C:\Program Files\MSN Gaming Zone\rycir.dll
C:\WINDOWS\ursrpo.dll
C:\WINDOWS\byyxut.dll
C:\WINDOWS\jkjhed.dll
C:\WINDOWS\avp.exe
C:\WINDOWS\wvwxxy.dll
C:\WINDOWS\smanager.7.exe
C:\WINDOWS\system32\klikalka.exe
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\Setup89.exe
C:\WINDOWS\stub_mma2.exe
C:\WINDOWS\stub_mma1.exe
C:\WINDOWS\wvtqrq.dll
C:\WINDOWS\qomnmm.dll
C:\WINDOWS\yabcyw.dll
C:\WINDOWS\wvtspn.dll
C:\WINDOWS\rqrstq.dll
C:\WINDOWS\awtqno.dll
C:\WINDOWS\iihhfg.dll
C:\WINDOWS\fccawt.dll
C:\WINDOWS\wvtspo.dll
C:\WINDOWS\pmlife.dll
C:\WINDOWS\yaaywu.dll
C:\WINDOWS\opqrop.dll
C:\WINDOWS\qonlmk.dll
C:\WINDOWS\mlmklk.dll
C:\WINDOWS\vtrpnm.dll
C:\WINDOWS\gebxwx.dll
C:\WINDOWS\ssttts.dll
C:\WINDOWS\awusqr.dll
C:\WINDOWS\urrppo.dll
C:\WINDOWS\pmklmn.dll
C:\WINDOWS\tuvwtr.dll
C:\DOCUME~1\JOSHUA~1\APPLIC~1\antivirus.exe
C:\WINDOWS\yabbcy.dll
C:\DOCUME~1\JOSHUA~1\APPLIC~1\privprotect.exe
C:\WINDOWS\byyyvs.dll
C:\WINDOWS\yaxwvu.dll
C:\WINDOWS\jkhhii.dll
C:\DOCUME~1\JOSHUA~1\APPLIC~1\errsafer.exe
C:\WINDOWS\urstst.dll
C:\WINDOWS\efcyyw.dll
C:\WINDOWS\ssrpnk.dll
C:\DOCUME~1\JOSHUA~1\APPLIC~1\sysdoctor.exe
C:\WINDOWS\efdaba.dll
C:\WINDOWS\jkkjkh.dll
C:\DOCUME~1\JOSHUA~1\APPLIC~1\drvcleaner.exe
C:\WINDOWS\jkkjhe.dll
C:\WINDOWS\yaawxu.dll
C:\WINDOWS\opqoml.dll
C:\WINDOWS\wvwxwt.dll
C:\WINDOWS\yaaxxx.dll
C:\WINDOWS\iihhef.dll
C:\WINDOWS\jkhifd.dll
C:\WINDOWS\ursqpq.dll
C:\WINDOWS\wvwxww.dll
C:\WINDOWS\iiighh.dll
C:\WINDOWS\opooon.dll
C:\WINDOWS\rqpmlj.dll
C:\WINDOWS\jkhffd.dll
C:\WINDOWS\qopoom.dll
C:\WINDOWS\dddebb.dll

Folder::
C:\Temp
C:\WINDOWS\system32\TQ0
C:\WINDOWS\system32\T6
C:\WINDOWS\system32\T4
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\pog
C:\Program Files\Ofb11
C:\WINDOWS\system32\T5QaSQ
C:\Tempb9

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E86A50B-A7FF-4cae-B8B7-28A13B6D46F0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9858A660-B48C-4079-9E6B-4CEBED41490F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8DB0242-6120-467C-D4AD-0BFFEC130382}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avp"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mprmem]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=""


Save this as ComboFix-Do.txt

Then drag the ComboFix-Do.txt into ComboFix.exe as you will see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
DO NOT POST your problem or log in someone elses thread, even though you are having the same problems. This to avoid confusion. Start a new thread instead and someone will help you asap.
Bumping your thread won't help to receive help in a faster way, this since we always look at the posts with 0 replies first. If you bump your thread, we assume that someone is already helping you, so your thread may be ignored.

#8 jbholsters

jbholsters

    Member

  • Members
  • PipPip
  • 10 posts

Posted 24 May 2007 - 10:49 PM

What would be a good program to install that would detect the malware? Thanks again!

here is the log file:

"Joshua Bulman" - 2007-05-24 17:40:57 Service Pack 2
ComboFix 07-05.24.7.V - Running from: "C:\Documents and Settings\Joshua Bulman\"
Command switches used :: ""C:\Documents and Settings\Joshua Bulman\Desktop\ComboFix-Do.txt""


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\htdpqmqk.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\Temp\gorPUS.exe"
"C:\Tempb9\tmpTF.log"
"C:\WINDOWS\system32\TQ0\dl52.exe"
"C:\WINDOWS\system32\T6\dlwr.exe"
"C:\WINDOWS\system32\T3\dlltk67.exe"
"C:\Program Files\Ofb11\Ofb11.dll"
"C:\Program Files\Ofb11\sites.ini"
"C:\WINDOWS\system32\T5QaSQ\T5QaSQ1083.exe"
"C:\WINDOWS\system32\htdpqmqk.dll"
"C:\Program Files\MSN Gaming Zone\rycir.dll"
"C:\WINDOWS\ursrpo.dll"
"C:\WINDOWS\byyxut.dll"
"C:\WINDOWS\jkjhed.dll"
"C:\WINDOWS\avp.exe"
"C:\WINDOWS\wvwxxy.dll"
"C:\WINDOWS\smanager.7.exe"
"C:\WINDOWS\system32\klikalka.exe"
"C:\WINDOWS\system32\winpfz32.sys"
"C:\WINDOWS\Setup89.exe"
"C:\WINDOWS\stub_mma2.exe"
"C:\WINDOWS\stub_mma1.exe"
"C:\WINDOWS\wvtqrq.dll"
"C:\WINDOWS\qomnmm.dll"
"C:\WINDOWS\yabcyw.dll"
"C:\WINDOWS\wvtspn.dll"
"C:\WINDOWS\rqrstq.dll"
"C:\WINDOWS\awtqno.dll"
"C:\WINDOWS\iihhfg.dll"
"C:\WINDOWS\fccawt.dll"
"C:\WINDOWS\wvtspo.dll"
"C:\DOCUME~1\JOSHUA~1\APPLIC~1\antivirus.exe"
"C:\DOCUME~1\JOSHUA~1\APPLIC~1\privprotect.exe"
"C:\DOCUME~1\JOSHUA~1\APPLIC~1\errsafer.exe"
"C:\DOCUME~1\JOSHUA~1\APPLIC~1\sysdoctor.exe"
"C:\DOCUME~1\JOSHUA~1\APPLIC~1\drvcleaner.exe"
"C:\WINDOWS\Config\ntp2.ini"
"C:\Temp"
"C:\WINDOWS\system32\TQ0"
"C:\WINDOWS\system32\T6"
"C:\WINDOWS\system32\T4"
"C:\WINDOWS\system32\T3"
"C:\WINDOWS\system32\pog"
"C:\Program Files\Ofb11"
"C:\WINDOWS\system32\T5QaSQ"
"C:\WINDOWS\system32\mprmem.dll"
"c:\windows\system32\pmkhhhi.dll"


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-24 ))))))))))))))))))))))))))))))))))


2007-05-24 16:09 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-23 14:31 8,464 --a------ C:\WINDOWS\system32\sporder.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-24 21:42:08 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-05-23 19:47:44 -------- d-----w C:\Program Files\AdwareAlert
2007-05-02 11:36:49 630,464 ----a-w C:\WINDOWS\system32\drivers\VetEFile.sys
2007-05-02 11:36:49 108,656 ----a-w C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-13 11:51:36 -------- d--h--w C:\DOCUME~1\JOSHUA~1\APPLIC~1\Gtek
2007-04-13 11:27:18 -------- d-----w C:\Program Files\DellSupport
2007-04-12 15:33:36 -------- d-----w C:\DOCUME~1\JOSHUA~1\APPLIC~1\ultra
2007-03-30 21:14:47 -------- d-----w C:\Program Files\HP
2007-03-21 11:25:34 -------- d-----w C:\Program Files\Messenger
2007-03-21 11:23:25 -------- d-----w C:\Program Files\Common Files\Webroot Shared
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-12 11:03:14 40,518 ----a-w C:\WINDOWS\nsreg.dat
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-07 19:07:55 -------- d-----w C:\Program Files\USPSShippingAssistant
2007-03-06 23:06:52 -------- d-----w C:\Program Files\QuickTime
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
2006-11-16 05:28:18 -------- --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-11-16 05:28:16 -------- --sh--r C:\WINDOWS\system32\5ADE550AF6.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 21:51]
"SigmatelSysTrayApp"="stsystra.exe" []
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 03:12]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"@"="" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 12:35]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 13:20]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 12:03]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-30 19:29]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2006-08-08 02:03]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2006-08-08 02:03]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2005-06-16 23:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-25 08:05]
"adwarealert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [2006-11-30 19:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe


********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-24 17:43:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-24 17:45:23 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-24 17:45
C:\ComboFix2.txt ... 2007-05-24 16:09

--- E O F ---

#9 miekiemoes

miekiemoes

    Malware Killer Dog

  • Volunteer Security Advisor
  • PipPipPip
  • 4092 posts

Posted 24 May 2007 - 11:12 PM

Hi,

Can you also post a new HijackThislog please?

Edit.. Overlooked your previous question

What would be a good program to install that would detect the malware? Thanks again!

Well, it certainly looks like Yahoo Antivirus isn't that good in detection and when it doesn't detect, it won't remove either. Unless you never update your Yahoo Antivirus.
But, I suggest you install a more powerful Antivirus instead. Look in my signature under Antivirusscanners for the ones I recommend. My personal Favorite is Avira which is free and great in detection and removal.
Keep in mind, if you decide to install another Antivirus, you have to uninstall your Yahoo Antivirus first.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
DO NOT POST your problem or log in someone elses thread, even though you are having the same problems. This to avoid confusion. Start a new thread instead and someone will help you asap.
Bumping your thread won't help to receive help in a faster way, this since we always look at the posts with 0 replies first. If you bump your thread, we assume that someone is already helping you, so your thread may be ignored.

#10 jbholsters

jbholsters

    Member

  • Members
  • PipPip
  • 10 posts

Posted 24 May 2007 - 11:44 PM

here is the hijack log file you requested.

Logfile of HijackThis v1.99.1
Scan saved at 6:45:56 PM, on 5/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Joshua Bulman\My Documents\hijackthislog\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [adwarealert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Joshua Bulman"
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Lookup Meaning - res://C:\Program Files\ieSpell\iespell.dll/LOOKUPMEANING.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.winantivirus.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...oad/tgctlcm.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\JOSHUA~1\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

#11 miekiemoes

miekiemoes

    Malware Killer Dog

  • Volunteer Security Advisor
  • PipPipPip
  • 4092 posts

Posted 24 May 2007 - 11:52 PM

Hi,

I would love to have some samples afterwards as well from the combofix quarantined, so can you post the contents of the following log in your next reply please ?

C:\ComboFix-quarantined-files.txt

From that log, It's easier for me to gather the right paths for later upload.

In a meanwhile, I'll analyze your HijackThislog and post instructions.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
DO NOT POST your problem or log in someone elses thread, even though you are having the same problems. This to avoid confusion. Start a new thread instead and someone will help you asap.
Bumping your thread won't help to receive help in a faster way, this since we always look at the posts with 0 replies first. If you bump your thread, we assume that someone is already helping you, so your thread may be ignored.

#12 miekiemoes

miekiemoes

    Malware Killer Dog

  • Volunteer Security Advisor
  • PipPipPip
  • 4092 posts

Posted 25 May 2007 - 12:28 AM

Hi,

Ignore my previous post, the ComboFix-quarantined-files.txt is actually not needed.

Let's collect some files now from the quarantine. We'll have to do this in two attempts, this because the cabfiles it will create will be too big otherwise.
So do next:

* Please download the Suspicious File Packer from here:
http://www.safer-net...g/files/sfp.zip
Unzip it to the desktop and run it.

Paste the following bold part into the Suspicious File Packer window:

C:\Qoobox\Quarantine\C\WINDOWS\system32\htdpqmqk.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\ursrpo.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\byyxut.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\jkjhed.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\wvwxxy.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\smanager.7.exe.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\klikalka.exe.vir
C:\Qoobox\Quarantine\C\WINDOWS\Setup89.exe.vir
C:\Qoobox\Quarantine\C\WINDOWS\stub_mma1.exe.vir
C:\Qoobox\Quarantine\C\WINDOWS\avp.exe.vir


Allow SFP to pack the file. This will generate a CAB archive on your desktop.
The cab file will be called requested-files[*].cab (the * stands for the date and hour)

Then, open Suspicious File Packer again and paste the following part in the Window:

C:\Qoobox\Quarantine\C\WINDOWS\wvtqrq.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\qomnmm.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\yabcyw.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\awtqno.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\pmlife.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\gebxwx.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\tuvwtr.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\ssrpnk.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\opooon.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\rqpmlj.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\jkhffd.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\qopoom.dll.vir


Another cab file will be created on your desktop.

Then,
Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, click the browse button next to the second field and browse to one of the requested-files[*].cab that was been created on your desktop.

Then click the Send File button below.

Do the same for the other cab file present on your desktop. So you have to upload each requested-files[*].cab one by one.
Once you've uploaded them, delete them.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O15 - Trusted Zone: *.winantivirus.com
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\JOSHUA~1\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Then, Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Let me know in your next reply how things are now..;
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
DO NOT POST your problem or log in someone elses thread, even though you are having the same problems. This to avoid confusion. Start a new thread instead and someone will help you asap.
Bumping your thread won't help to receive help in a faster way, this since we always look at the posts with 0 replies first. If you bump your thread, we assume that someone is already helping you, so your thread may be ignored.

#13 jbholsters

jbholsters

    Member

  • Members
  • PipPip
  • 10 posts

Posted 29 May 2007 - 06:27 PM

Thanks again for all of the help. The PC seems to be fine now. Here are the hijackthis and combofix log files.

Logfile of HijackThis v1.99.1
Scan saved at 1:38:38 PM, on 5/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Joshua Bulman\My Documents\hijackthislog\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [adwarealert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Joshua Bulman"
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Lookup Meaning - res://C:\Program Files\ieSpell\iespell.dll/LOOKUPMEANING.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...oad/tgctlcm.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE



"Joshua Bulman" - 2007-05-29 13:38:55 Service Pack 2
ComboFix 07-05.24.7.V - Running from: "C:\Documents and Settings\Joshua Bulman\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-29 ))))))))))))))))))))))))))))))))))


2007-05-25 13:39 <DIR> d-------- C:\DOCUME~1\JOSHUA~1\.SunDownloadManager
2007-05-24 16:09 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-23 14:31 8,464 --a------ C:\WINDOWS\system32\sporder.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-25 20:01:07 -------- d-----w C:\DOCUME~1\JOSHUA~1\APPLIC~1\Yahoo!
2007-05-24 21:42:08 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-05-23 19:47:44 -------- d-----w C:\Program Files\AdwareAlert
2007-05-02 11:36:49 630,464 ----a-w C:\WINDOWS\system32\drivers\VetEFile.sys
2007-05-02 11:36:49 108,656 ----a-w C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-13 11:51:36 -------- d--h--w C:\DOCUME~1\JOSHUA~1\APPLIC~1\Gtek
2007-04-13 11:27:18 -------- d-----w C:\Program Files\DellSupport
2007-04-12 15:33:36 -------- d-----w C:\DOCUME~1\JOSHUA~1\APPLIC~1\ultra
2007-03-30 21:14:47 -------- d-----w C:\Program Files\HP
2007-03-21 11:25:34 -------- d-----w C:\Program Files\Messenger
2007-03-21 11:23:25 -------- d-----w C:\Program Files\Common Files\Webroot Shared
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-12 11:03:14 40,518 ----a-w C:\WINDOWS\nsreg.dat
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-07 19:07:55 -------- d-----w C:\Program Files\USPSShippingAssistant
2007-03-06 23:06:52 -------- d-----w C:\Program Files\QuickTime
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
2006-11-16 05:28:18 -------- --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-11-16 05:28:16 -------- --sh--r C:\WINDOWS\system32\5ADE550AF6.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-09-29 12:53]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll [2006-10-31 15:33]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}=C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03 17:07]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 21:51]
"SigmatelSysTrayApp"="stsystra.exe" []
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 03:12]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"@"="" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 12:35]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 13:20]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-30 19:29]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2006-08-08 02:03]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2006-08-08 02:03]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2005-06-16 23:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-25 08:05]
"adwarealert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [2006-11-30 19:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe


********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-29 13:39:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-29 13:40:25
C:\ComboFix-quarantined-files.txt ... 2007-05-29 13:40
C:\ComboFix2.txt ... 2007-05-29 13:38
C:\ComboFix3.txt ... 2007-05-24 17:45

--- E O F ---

#14 miekiemoes

miekiemoes

    Malware Killer Dog

  • Volunteer Security Advisor
  • PipPipPip
  • 4092 posts

Posted 29 May 2007 - 07:05 PM

Hi,

I was almost going to close this thread since there was no reply anymore.. :)

Anyway, your logs look clean again and good to hear your problems are gone.
Now delete the C:\Qoobox folder and delete the cab files present on your desktop (in case you didn't delete them already).

Next entries in HijackThis are not required either, so you may fix them as well:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com

Glad I could help. :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
DO NOT POST your problem or log in someone elses thread, even though you are having the same problems. This to avoid confusion. Start a new thread instead and someone will help you asap.
Bumping your thread won't help to receive help in a faster way, this since we always look at the posts with 0 replies first. If you bump your thread, we assume that someone is already helping you, so your thread may be ignored.

#15 miekiemoes

miekiemoes

    Malware Killer Dog

  • Volunteer Security Advisor
  • PipPipPip
  • 4092 posts

Posted 30 May 2007 - 10:44 PM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
DO NOT POST your problem or log in someone elses thread, even though you are having the same problems. This to avoid confusion. Start a new thread instead and someone will help you asap.
Bumping your thread won't help to receive help in a faster way, this since we always look at the posts with 0 replies first. If you bump your thread, we assume that someone is already helping you, so your thread may be ignored.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users