Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 25

Thread: Help! Infected with Smitfraud.c and others?

  1. #11
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    we will use hjt once more:

    start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"

    O4 - HKCU\..\RunOnce: [SpybotDeletingD1196] "C:\WINDOWS\system32\cmd.exe" /c del "C:\DOCUME~1\Deon\LOCALS~1\Temp\csrssc.exe"

    O4 - HKCU\..\RunOnce: [SpybotDeletingB9336] "C:\WINDOWS\system32\COMMAND.COM" /c del "C:\DOCUME~1\Deon\LOCALS~1\Temp\csrssc.exe"

    O4 - HKCU\..\RunOnce: [SpybotDeletingB9551] "C:\WINDOWS\system32\COMMAND.COM" /c del "C:\DOCUME~1\Deon\LOCALS~1\Temp\csrssc.exe"

    O4 - HKCU\..\RunOnce: [SpybotDeletingD4996] "C:\WINDOWS\system32\cmd.exe" /c del "C:\WINDOWS\SYSTEM32\kdcmi.exe"

    O4 - HKCU\..\RunOnce: [SpybotDeletingD6258] "C:\WINDOWS\system32\cmd.exe" /c del "C:\DOCUME~1\Deon\LOCALS~1\Temp\csrssc.exe"


    some malware apps can prevent the home page from being changed. they can also put restrictions on options as shown here in the hjt log:

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    might be a setting in spybot, windows defender or your webroot software poke around and see if you can find anything in the software.
    How Can I Reduce My Risk?

  2. #12
    Junior Member
    Join Date
    Nov 2008
    Posts
    24

    Default

    after, do you want me to post a new HJT log?

    Thanks

  3. #13
    Junior Member
    Join Date
    Nov 2008
    Posts
    24

    Default

    Quote Originally Posted by confusedpharm View Post
    after, do you want me to post a new HJT log?

    Thanks
    I decided to post the most recent HJT log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:34:52 PM, on 11/28/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\McAfee\VirusScan\McShield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wwSecure.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
    C:\WINDOWS\SM1BG.EXE
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Sony Handheld\HOTSYNC.EXE
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\system32\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://phoenix.cox.net/cci/home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\system32\blank.htm
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r21.mchsi.com:8000
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r21.mchsi.com
    O2 - BHO: (no name) - {C5BF49A2-94F3-42BD-F434-3604812C897D} - (no file)
    O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [SM1BG] "C:\WINDOWS\SM1BG.EXE"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [MimBoot] "C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdcmi.exe] C:\WINDOWS\system32\kdcmi.exe
    O4 - HKLM\..\Run: [285c5b64] "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\gndhofiv.dll",b
    O4 - HKLM\..\Run: [BM2b6f68f8] "C:\WINDOWS\system32\Rundll32.exe" "C:\WINDOWS\system32\mumqrfev.dll",s
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
    O4 - HKCU\..\Run: [Systray] "C:\WINDOWS\system32\rundll32.exe" sockins32.dll,RunMain
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/f...trol_en_US.cab
    O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
    O16 - DPF: {21F16767-8DA7-4113-BEB0-F161B313407F} (XMirage Control) - http://www.myfamily.com/plugins/ue/Install_UE.exe
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/appl...orLauncher.cab
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis...n/mgaxctrl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1135792330859
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-27-0.cab
    O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/...l/gtdownde.cab
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: hpdj00 - Unknown owner - C:\DOCUME~1\Deon\LOCALS~1\Temp\hpdj00.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

    --
    End of file - 13435 bytes


    Do I need to be concerned about
    O4 - HKLM\..\Run: [285c5b64] "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\gndhofiv.dll",b;
    or
    O4 - HKLM\..\Run: [BM2b6f68f8] "C:\WINDOWS\system32\Rundll32.exe" "C:\WINDOWS\system32\mumqrfev.dll",s;
    or
    O4 - HKCU\..\Run: [Systray] "C:\WINDOWS\system32\rundll32.exe" sockins32.dll,RunMain

    THanks again

  4. #14
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    You still have malware. we will use combofix this time. please read through this guide, it looks like a lot but really only requires a few things on your part. Mainly installing the MS recovery console. post the log from it, then rescan and post a new hjt log also.

    link/ directions:

    http://www.bleepingcomputer.com/comb...o-use-combofix
    How Can I Reduce My Risk?

  5. #15
    Junior Member
    Join Date
    Nov 2008
    Posts
    24

    Default

    I ran combofix per instructions in the link provided, All seemed to go well. It had to reboot and after rebooting, the program stated that it could not produce a log and posted a window with a header of Windows -No Disk and gives a message of "Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c" with options of Cancel Try Again, and COntinue.

    I first selected Try Again, I did nothing, just reposted the above window/block, I tried Continue and Cancel with the same results.

    What do I do now??????

  6. #16
    Junior Member
    Join Date
    Nov 2008
    Posts
    24

    Default

    Ok,
    I reran Combofix ... It got to the same spot and I just happened to notice that the computer was trying to read drive a, my floppy drive at the same time it posted the window I mentioned in the previous post. I put a blank disk in and I was able to get the combofix.txt file

    ComboFix 08-11-28.02 - Deon 2008-11-28 22:07:38.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.658 [GMT -7:00]
    Running from: c:\documents and settings\Deon\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\24094.exe
    C:\25697.exe
    C:\26087.exe
    C:\27291.exe
    C:\27498.exe
    C:\30264.exe
    C:\35454.exe
    C:\40386.exe
    C:\44105.exe
    C:\49475.exe
    C:\50407.exe
    C:\57837.exe
    C:\60176.exe
    C:\76781.exe
    C:\77911.exe
    C:\81467.exe
    C:\90020.exe
    C:\93300.exe
    C:\96218.exe
    C:\97028.exe
    c:\windows\IE4 Error Log.txt

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_CLBDRIVER


    ((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 )))))))))))))))))))))))))))))))
    .

    2008-11-27 08:11 . 2008-11-27 08:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-11-27 08:11 . 2008-11-27 08:11 <DIR> d-------- c:\documents and settings\Deon\Application Data\Malwarebytes
    2008-11-27 08:11 . 2008-11-27 08:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-11-27 08:11 . 2008-10-22 16:10 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
    2008-11-27 08:11 . 2008-10-22 16:10 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
    2008-11-24 18:46 . 2008-11-24 18:46 <DIR> d-------- c:\program files\Trend Micro
    2008-11-24 15:59 . 2008-11-24 15:59 88,524 --a------ C:\smitfrau.reg
    2008-11-24 15:59 . 2006-05-27 19:03 16,824 --a------ C:\replace.cmd
    2008-11-24 15:59 . 2008-11-24 15:59 1,458 --a------ C:\smitfra.reg
    2008-11-23 20:25 . 2008-11-23 20:25 27,904 --a------ c:\windows\SYSTEM32\DRIVERS\ndisprot.sys
    2008-11-23 20:23 . 2008-11-23 20:28 180 --a------ C:\olyalcbs.exe
    2008-11-23 20:23 . 2008-11-23 20:28 180 --a------ C:\ltljrg.exe
    2008-11-23 20:23 . 2008-11-23 20:28 180 --a------ C:\cohdejrg.exe
    2008-11-23 20:23 . 2008-11-23 20:28 180 --a------ C:\aqdr.exe
    2008-11-23 20:22 . 2008-11-23 20:22 <DIR> d-------- c:\program files\IESurfBar
    2008-11-23 20:22 . 2008-11-23 20:28 2 --a------ C:\677141451
    2008-11-11 21:47 . 2008-10-24 04:21 455,296 --------- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
    2008-11-11 21:46 . 2008-09-04 10:15 1,106,944 --------- c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
    2008-11-11 20:01 . 2008-11-11 20:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-28 11:15 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
    2008-11-26 16:25 --------- d-----w c:\program files\BitTorrent
    2008-11-26 16:25 --------- d-----w c:\documents and settings\Deon\Application Data\BitTorrent
    2008-11-24 22:51 --------- d-----w c:\program files\IrfanView
    2008-11-24 22:50 --------- d-----w c:\program files\SlySoft
    2008-11-24 05:43 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-11-24 05:28 --------- d-----w c:\program files\Spybot - Search & Destroy
    2008-11-24 05:11 --------- d-----w c:\documents and settings\Deon\Application Data\DNA
    2008-11-24 03:38 --------- d-----w c:\program files\DNA
    2008-11-24 02:59 --------- d-----w c:\program files\Elaborate Bytes
    2008-11-20 19:15 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
    2008-11-01 08:56 --------- d-----w c:\program files\McAfee
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-21 16:50 --------- d-----w c:\program files\Microsoft Silverlight
    2008-10-16 21:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
    2008-10-16 21:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
    2008-10-16 21:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
    2008-10-16 21:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
    2008-10-16 21:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
    2008-10-16 21:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
    2008-10-16 21:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
    2008-10-16 21:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
    2008-10-16 21:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
    2008-10-16 21:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
    2008-10-16 21:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
    2008-10-16 21:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
    2008-10-16 21:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
    2008-10-16 21:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
    2008-10-16 21:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
    2008-10-16 21:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
    2008-10-16 21:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
    2008-10-15 17:10 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
    2008-10-15 16:34 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
    2008-10-03 17:41 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
    2008-09-30 23:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
    2008-09-29 17:08 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
    2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
    2008-09-15 12:12 1,846,400 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
    2008-09-10 01:14 1,307,648 ----a-w c:\windows\SYSTEM32\msxml6.dll
    2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\DLLCACHE\msxml6.dll
    2008-09-08 10:41 333,824 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
    2008-09-04 17:15 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll
    2007-09-26 20:42 1,940 ----a-w c:\documents and settings\Deon\Application Data\ViewerApp.dat
    2003-08-27 21:19 36,963 ----a-r c:\program files\Common Files\SM1updtr.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-11-28_21.02.34.70 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-11-29 04:57:42 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_3c8.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    "Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2005-04-20 894464]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
    "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [BU]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
    "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-13 98304]
    "RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-04-13 1470464]
    "SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-10 180269]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
    "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-19 11776]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-06 200704]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [BU]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
    "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-20 443968]
    "SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-08-09 5418864]

    c:\documents and settings\Deon\Start Menu\Programs\Startup\
    HotSync Manager.lnk - c:\program files\Sony Handheld\HOTSYNC.EXE [2005-02-04 299008]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-30 113664]
    Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2006-12-26 1466384]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-01-13 24576]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
    HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
    Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-04-25 151552]
    Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-04-25 106496]
    Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2007-05-10 1073152]
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.VGPX"= vgpix32d.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
    "c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6881:TCP"= 6881:TCP:*:Disabled:b
    "6881:UDP"= 6881:UDP:*:Disabled:b

    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2008-08-09 29808]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-09-29 203280]
    S1 bde6c860;bde6c860;c:\windows\system32\drivers\bde6c860.sys []
    S2 hpdj00;hpdj00;c:\docume~1\Deon\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Photosmart 2600 series -product=aio []
    S3 mamm9000mi00;mamm9000mi00;c:\windows\system32\Drivers\ma9kmi00.sys [2007-01-08 48724]
    S3 mamm9000mi01;mamm9000mi01;c:\windows\system32\Drivers\ma9kmi01.sys [2007-01-08 48724]
    S3 ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-23 27904]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5846d842-ee07-11db-886c-001111aa2201}]
    \Shell\AutoRun\command - H:\Installer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65241164-b189-11db-8834-001111aa2201}]
    \Shell\AutoRun\command - Installer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6602778a-cc68-11dc-88e6-0013204d7cfe}]
    \Shell\AutoRun\command - H:\Installer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd0007b6-bfcd-11db-8848-001111aa2201}]
    \Shell\AutoRun\command - f:\wd_windows_tools\setup.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2005-01-20 c:\windows\Tasks\ISP signup reminder 1.job
    - c:\windows\system32\OOBE\OOBEBALN.EXE [2008-04-13 17:12]

    2008-11-15 c:\windows\Tasks\McDefragTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

    2008-10-01 c:\windows\Tasks\McQcTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

    2008-11-29 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

    2008-11-28 c:\windows\Tasks\WebReg Photosmart C5100 series.job
    - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-06-07 16:45]

    2008-11-28 c:\windows\Tasks\wrSpySweeperFullSweep.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

    2008-11-28 c:\windows\Tasks\wrSpySweeperFullSweep.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

    2008-11-28 c:\windows\Tasks\wrSpySweeperFullSweep.job
    - a:\","c:\","d:\","e:\" []

    2008-11-24 c:\windows\Tasks\wrSpySweeperTrialSweep.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

    2008-11-24 c:\windows\Tasks\wrSpySweeperTrialSweep.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

    2008-11-24 c:\windows\Tasks\wrSpySweeperTrialSweep.job
    - a:\","c:\","d:\","e:\" []

    2008-11-24 c:\windows\Tasks\wrSpySweeper_LB07E22D8B67744E3A011BEF6B4C32D9A.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

    2008-11-24 c:\windows\Tasks\wrSpySweeper_LB07E22D8B67744E3A011BEF6B4C32D9A.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

    2008-11-24 c:\windows\Tasks\wrSpySweeper_LB07E22D8B67744E3A011BEF6B4C32D9A.job
    - a:\","c:\","d:\","e:\" []

    2008-11-17 c:\windows\Tasks\wrSpySweeper_LEBEC86276D5F48E68990251E02778136.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

    2008-11-17 c:\windows\Tasks\wrSpySweeper_LEBEC86276D5F48E68990251E02778136.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

    2008-11-17 c:\windows\Tasks\wrSpySweeper_LEBEC86276D5F48E68990251E02778136.job
    - a:\","c:\","d:\","e:\","f:\","j:\" []
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-c:\windows\system32\kdcmi.exe - c:\windows\system32\kdcmi.exe


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://phoenix.cox.net/cci/home
    uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
    uInternet Settings,ProxyServer = sas.r21.mchsi.com:8000
    uInternet Settings,ProxyOverride = *.r21.mchsi.com

    c:\windows\SYSTEM32\unicows.dll - c:\windows\Downloaded Program Files\LPUploader45.ocx
    O16 -: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE}
    hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
    c:\windows\Downloaded Program Files\LPUploader45.inf

    O16 -: {21F16767-8DA7-4113-BEB0-F161B313407F} - hxxp://www.myfamily.com/plugins/ue/Install_UE.exe

    c:\windows\Downloaded Program Files\ConnectorLauncher.dll - O16 -: {50647AB5-18FD-4142-82B0-5852478DD0D5}
    hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab

    c:\windows\Downloaded Program Files\EPUWALcontrol.dll - O16 -: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}
    hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
    c:\windows\Downloaded Program Files\EPUWALcontrol.inf

    c:\windows\system32\gtdownde_110.ocx - O16 -: {E856B973-45FD-4559-8F82-EAB539144667}
    hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
    c:\windows\Downloaded Program Files\gtdownde_110.inf
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-28 22:33:31
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(2032)
    c:\program files\McAfee\SiteAdvisor\saHook.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
    .
    Completion time: 2008-11-28 22:47:31
    ComboFix-quarantined-files.txt 2008-11-29 05:47:06

    Pre-Run: 31,364,038,656 bytes free
    Post-Run: 31,340,253,184 bytes free

    281 --- E O F --- 2008-11-28 08:49:24



    and here is the current HJT:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:55:02 PM, on 11/28/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
    C:\WINDOWS\SM1BG.EXE
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\McAfee\VirusScan\McShield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wwSecure.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Sony Handheld\HOTSYNC.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://phoenix.cox.net/cci/home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r21.mchsi.com:8000
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r21.mchsi.com
    O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [SM1BG] "C:\WINDOWS\SM1BG.EXE"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [MimBoot] "C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/f...trol_en_US.cab
    O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
    O16 - DPF: {21F16767-8DA7-4113-BEB0-F161B313407F} (XMirage Control) - http://www.myfamily.com/plugins/ue/Install_UE.exe
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/appl...orLauncher.cab
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis...n/mgaxctrl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1135792330859
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-27-0.cab
    O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/...l/gtdownde.cab
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: hpdj00 - Unknown owner - C:\DOCUME~1\Deon\LOCALS~1\Temp\hpdj00.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

    --
    End of file - 12261 bytes

  7. #17
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    ok thanks for the info. i have never see that error msg. combofix dosnt require that drives be loaded. i wonder if it has anything to do with those mountpoints in the log.
    anyway we will use combofix now;

    as a precaution, before using combofix:

    Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    close any open windows.

    Click Start, then Run and type Notepad and click OK.
    Copy/paste the text in the code box below into notepad:


    Code:
    File::
    C:\olyalcbs.exe
    C:\ltljrg.exe
    C:\cohdejrg.exe
    C:\aqdr.exe
    C:\677141451
    
    Folder::
    c:\program files\IESurfBar
    
    Driver:
    ma9kmi00.sys
    
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5846d842-ee07-11db-886c-001111aa2201}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65241164-b189-11db-8834-001111aa2201}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6602778a-cc68-11dc-88e6-0013204d7cfe}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd0007b6-bfcd-11db-8848-001111aa2201}]

    Name the Notepad file CFScript.txt and Save it to your desktop.
    now locate the file you just saved and the combofix icon, both on your desktop:

    using your mouse drag the CFScript right on top of the combofix icon and release, combofix will run and produce a new log
    please post the new combofix log and a new hjt log.

    FYI:
    I do not recommend the use of file sharing software. There is plenty
    of malware distibuted on p2p networks. Files can be named anything,
    have malware in them or be nothing but malware. Not to mention that
    the sharing of copyrighted material is protected by laws.
    How Can I Reduce My Risk?

  8. #18
    Junior Member
    Join Date
    Nov 2008
    Posts
    24

    Default

    New Combofix

    ComboFix 08-11-30.01 - Deon 2008-11-30 18:59:54.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.515 [GMT -7:00]
    Running from: c:\documents and settings\Deon\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Deon\Desktop\CFScript.txt

    FILE ::
    C:\677141451
    C:\aqdr.exe
    C:\cohdejrg.exe
    C:\ltljrg.exe
    C:\olyalcbs.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\677141451
    C:\aqdr.exe
    C:\cohdejrg.exe
    C:\ltljrg.exe
    C:\olyalcbs.exe
    c:\program files\IESurfBar
    c:\program files\IESurfBar\SurfLite Toolbar\autosearch_plugin.dll
    c:\program files\IESurfBar\SurfLite Toolbar\basis.xml
    c:\program files\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.crc
    c:\program files\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll
    c:\program files\IESurfBar\SurfLite Toolbar\favicon.ico
    c:\program files\IESurfBar\SurfLite Toolbar\icons.bmp
    c:\program files\IESurfBar\SurfLite Toolbar\info.txt
    c:\program files\IESurfBar\SurfLite Toolbar\logo.png
    c:\program files\IESurfBar\SurfLite Toolbar\siteActiv_plugin.dll
    c:\program files\IESurfBar\SurfLite Toolbar\siteActivation_URLs.txt
    c:\program files\IESurfBar\SurfLite Toolbar\uninstall.exe
    c:\program files\IESurfBar\SurfLite Toolbar\version.txt
    c:\program files\IESurfBar\SurfLite Toolbar\your_logo.bmp
    c:\program files\IESurfBar\SurfLite Toolbar\your_logo.png

    .
    ((((((((((((((((((((((((( Files Created from 2008-11-01 to 2008-12-01 )))))))))))))))))))))))))))))))
    .

    2008-11-27 08:11 . 2008-11-27 08:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-11-27 08:11 . 2008-11-27 08:11 <DIR> d-------- c:\documents and settings\Deon\Application Data\Malwarebytes
    2008-11-27 08:11 . 2008-11-27 08:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-11-27 08:11 . 2008-10-22 16:10 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
    2008-11-27 08:11 . 2008-10-22 16:10 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
    2008-11-24 18:46 . 2008-11-24 18:46 <DIR> d-------- c:\program files\Trend Micro
    2008-11-24 15:59 . 2008-11-24 15:59 88,524 --a------ C:\smitfrau.reg
    2008-11-24 15:59 . 2006-05-27 19:03 16,824 --a------ C:\replace.cmd
    2008-11-24 15:59 . 2008-11-24 15:59 1,458 --a------ C:\smitfra.reg
    2008-11-23 20:25 . 2008-11-23 20:25 27,904 --a------ c:\windows\SYSTEM32\DRIVERS\ndisprot.sys
    2008-11-11 21:47 . 2008-10-24 04:21 455,296 --------- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
    2008-11-11 21:46 . 2008-09-04 10:15 1,106,944 --------- c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
    2008-11-11 20:01 . 2008-11-11 20:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-01 01:24 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
    2008-11-26 16:25 --------- d-----w c:\program files\BitTorrent
    2008-11-26 16:25 --------- d-----w c:\documents and settings\Deon\Application Data\BitTorrent
    2008-11-24 22:51 --------- d-----w c:\program files\IrfanView
    2008-11-24 22:50 --------- d-----w c:\program files\SlySoft
    2008-11-24 05:43 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-11-24 05:28 --------- d-----w c:\program files\Spybot - Search & Destroy
    2008-11-24 05:11 --------- d-----w c:\documents and settings\Deon\Application Data\DNA
    2008-11-24 03:38 --------- d-----w c:\program files\DNA
    2008-11-24 02:59 --------- d-----w c:\program files\Elaborate Bytes
    2008-11-20 19:15 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
    2008-11-01 08:56 --------- d-----w c:\program files\McAfee
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-21 16:50 --------- d-----w c:\program files\Microsoft Silverlight
    2008-10-16 21:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
    2008-10-16 21:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
    2008-10-16 21:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
    2008-10-16 21:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
    2008-10-16 21:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
    2008-10-16 21:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
    2008-10-16 21:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
    2008-10-16 21:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
    2008-10-16 21:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
    2008-10-16 21:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
    2008-10-16 21:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
    2008-10-16 21:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
    2008-10-16 21:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
    2008-10-16 21:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
    2008-10-16 21:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
    2008-10-16 21:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
    2008-10-16 21:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
    2008-10-15 17:10 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
    2008-10-15 16:34 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
    2008-10-03 17:41 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
    2008-09-30 23:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
    2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
    2008-09-15 12:12 1,846,400 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
    2008-09-10 01:14 1,307,648 ----a-w c:\windows\SYSTEM32\msxml6.dll
    2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\DLLCACHE\msxml6.dll
    2008-09-08 10:41 333,824 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
    2008-09-04 17:15 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll
    2007-09-26 20:42 1,940 ----a-w c:\documents and settings\Deon\Application Data\ViewerApp.dat
    2003-08-27 21:19 36,963 ----a-r c:\program files\Common Files\SM1updtr.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-11-28_21.02.34.70 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-11-29 01:57:19 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
    + 2008-12-01 01:18:29 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
    - 2008-11-29 01:57:19 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-12-01 01:18:29 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-12-01 01:18:29 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-12-01 01:10:31 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5a0.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    "Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2005-04-20 894464]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
    "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [BU]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
    "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-13 98304]
    "RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-04-13 1470464]
    "SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-10 180269]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
    "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-19 11776]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-06 200704]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [BU]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
    "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-20 443968]
    "SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-08-09 5418864]

    c:\documents and settings\Deon\Start Menu\Programs\Startup\
    HotSync Manager.lnk - c:\program files\Sony Handheld\HOTSYNC.EXE [2005-02-04 299008]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-30 113664]
    Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2006-12-26 1466384]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-01-13 24576]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
    HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
    Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-04-25 151552]
    Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-04-25 106496]
    Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2007-05-10 1073152]
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.VGPX"= vgpix32d.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
    "c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6881:TCP"= 6881:TCP:*:Disabled:b
    "6881:UDP"= 6881:UDP:*:Disabled:b

    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2008-08-09 29808]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-09-29 203280]
    S1 bde6c860;bde6c860;c:\windows\system32\drivers\bde6c860.sys []
    S2 hpdj00;hpdj00;c:\docume~1\Deon\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Photosmart 2600 series -product=aio []
    S3 mamm9000mi00;mamm9000mi00;c:\windows\system32\Drivers\ma9kmi00.sys [2007-01-08 48724]
    S3 mamm9000mi01;mamm9000mi01;c:\windows\system32\Drivers\ma9kmi01.sys [2007-01-08 48724]
    S3 ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-23 27904]
    .
    Contents of the 'Scheduled Tasks' folder

    2005-01-20 c:\windows\Tasks\ISP signup reminder 1.job
    - c:\windows\system32\OOBE\OOBEBALN.EXE [2008-04-13 17:12]

    2008-11-15 c:\windows\Tasks\McDefragTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

    2008-10-01 c:\windows\Tasks\McQcTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

    2008-12-01 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

    2008-11-28 c:\windows\Tasks\WebReg Photosmart C5100 series.job
    - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-06-07 16:45]

    2008-11-28 c:\windows\Tasks\wrSpySweeperFullSweep.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

    2008-11-28 c:\windows\Tasks\wrSpySweeperFullSweep.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

    2008-11-28 c:\windows\Tasks\wrSpySweeperFullSweep.job
    - a:\","c:\","d:\","e:\" []

    2008-11-24 c:\windows\Tasks\wrSpySweeperTrialSweep.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

    2008-11-24 c:\windows\Tasks\wrSpySweeperTrialSweep.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

    2008-11-24 c:\windows\Tasks\wrSpySweeperTrialSweep.job
    - a:\","c:\","d:\","e:\" []

    2008-11-24 c:\windows\Tasks\wrSpySweeper_LB07E22D8B67744E3A011BEF6B4C32D9A.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

    2008-11-24 c:\windows\Tasks\wrSpySweeper_LB07E22D8B67744E3A011BEF6B4C32D9A.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

    2008-11-24 c:\windows\Tasks\wrSpySweeper_LB07E22D8B67744E3A011BEF6B4C32D9A.job
    - a:\","c:\","d:\","e:\" []

    2008-11-17 c:\windows\Tasks\wrSpySweeper_LEBEC86276D5F48E68990251E02778136.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

    2008-11-17 c:\windows\Tasks\wrSpySweeper_LEBEC86276D5F48E68990251E02778136.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

    2008-11-17 c:\windows\Tasks\wrSpySweeper_LEBEC86276D5F48E68990251E02778136.job
    - a:\","c:\","d:\","e:\","f:\","j:\" []
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-30 19:32:05
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\docume~1\Deon\LOCALS~1\Temp\catchme.dll 53248 bytes executable

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    Completion time: 2008-11-30 19:46:11
    ComboFix-quarantined-files.txt 2008-12-01 02:45:47
    ComboFix2.txt 2008-11-29 05:47:48

    Pre-Run: 31,341,588,480 bytes free
    Post-Run: 31,327,657,984 bytes free

    244 --- E O F --- 2008-11-28 08:49:24


    New HJT

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:55:30 AM, on 12/2/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\McAfee\VirusScan\McShield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wwSecure.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
    C:\WINDOWS\SM1BG.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Sony Handheld\HOTSYNC.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://phoenix.cox.net/cci/home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r21.mchsi.com:8000
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r21.mchsi.com
    O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [SM1BG] "C:\WINDOWS\SM1BG.EXE"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [MimBoot] "C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/f...trol_en_US.cab
    O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
    O16 - DPF: {21F16767-8DA7-4113-BEB0-F161B313407F} (XMirage Control) - http://www.myfamily.com/plugins/ue/Install_UE.exe
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/appl...orLauncher.cab
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis...n/mgaxctrl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1135792330859
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-27-0.cab
    O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/...l/gtdownde.cab
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: hpdj00 - Unknown owner - C:\DOCUME~1\Deon\LOCALS~1\Temp\hpdj00.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

    --
    End of file - 12155 bytes


    Thanks

  9. #19
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    ok thansk for the info. looks good. you can remove combofix like this:

    start.run and type in combofix /u
    click ok or enter
    note; there is a space after the x and before the slash (/)

    i may have already said this, i didnt go back and look; there is much malware shared on p2p networks.

    if all looks good on your end now we can finish it up.
    How Can I Reduce My Risk?

  10. #20
    Junior Member
    Join Date
    Nov 2008
    Posts
    24

    Default

    Combofix has been removed. ANything further? Everything seems to be working great. What was the script that I ran with combofix??

    Thanks again

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •