View Full Version : Smitfraud/Virtumonde, again...
gearjammer75
2007-07-06, 06:23
Apparently I'm not the only one with problems...
So, here's my HiJackThis Log...
gearjammer75
2007-07-06, 06:25
Logfile HijackThis v1.99.1
Scan saved 10:58:20 PM, 7/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
gearjammer75
2007-07-06, 06:26
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Cherith\My Documents\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3311B611-D04F-4F55-AE73-D5071E6146D2} - \
O2 - BHO: (no name) - {4B96F083-D579-46FA-AF38-7991B7EC86D9} - C:\WINDOWS\system32\ssqpo.dll (file missing)
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {fc2feb89-7bfe-4926-a409-a2e120296a9e} - C:\WINDOWS\system32\hhwjcfr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ymetray.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/omaha/omaha-en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.6.5.22/aces/aces-en_US.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.5.2.33/slots/alibaba-en_US.cab
O16 - DPF: Animal Ark by pogo - http://www.pogo.com/applet-6.5.2.26/animal/animal-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.6.5.22/backgammon/backgammon-en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.6.5.31/battlephlinx/battlephlinx-en_US.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://game1.pogo.com/applet-6.5.2.33/roulette/roulette-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.5.3.37/blackjack/blackjack-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.5.31/cascade/cascade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.6.3.34/bowling/bowling-en_US.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.5.3.37/videoblackjack/videoblackjack-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.7.3.30/canasta/canasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.7.3.30/checkers2/checkers-en_US.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.5.3.44/chess2/chess2-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.7.3.30/cribbage/cribbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-6.7.3.30/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.2.21/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.5.5.29/domino/domino-en_US.cab
O16 - DPF: EA Sports Web Soccer by pogo - http://game1.pogo.com/applet-6.5.2.26/soccer/soccer-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.7.2.24/euchre/euchre-en_US.cab
O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.com/applet-6.5.3.37/bingo/bingoe-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.7.0.32/firstclass2/firstclass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.7.3.30/superbingo/superbingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.5.4.34/greenback/greenback-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.6.5.22/harvest/harvest-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.5.4.27/drawpoker/drawpoker-en_US.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.6.5.31/jigsaw/jigsaw-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.8.0.25/gin2/gin2-en_US.cab
O16 - DPF: Keno by pogo - http://game1.pogo.com/applet-6.5.2.33/keno/keno-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.7.5.28/mhpoker/mhpoker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.7.5.21/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.7.5.21/mahjong/mahjong-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.6.5.31/mlslots/mlslots-en_US.cab
O16 - DPF: NASCAR Web Racing by pogo - http://game1.pogo.com/applet-6.7.1.23/nascar/nascar-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.7.1.23/paigow/paigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.8.0.25/freecell/freecell-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.8.0.25/penguins/penguins-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.5.31/flinger/flinger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.5.2.33/pinochle/pinochle-en_US.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.5.2.33/piratesgold/piratesgold-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.7.3.23/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.5.5.36/poppazoppa/poppazoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.7.3.23/poppit2/poppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.7.4.35/hotstreak/hotstreak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.5.22/squares/squares-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.5.3.37/ride/ride-en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.6.5.31/slots/showbiz-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.6.2.21/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.7.1.23/spades2/spades2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.5.2.33/spider/spider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.4.21/squelchies/squelchies-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.7.3.30/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.7.3.23/sweeper/sweeper-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.5.1.24/sweettooth/sweettooth-en_US.cab
O16 - DPF: Tank Hunter by pogo - http://www.pogo.com/applet-6.7.4.35/tank/tank-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/holdem/holdem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.7.3.23/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.7.5.21/jumbee/jumbee-en_US.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.6.5.22/turbo21/turbo21-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-6.7.3.23/turbo22/turbo22-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.7.2.24/memories/memories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.8.4.51/wordwhomp2/whomp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.7.2.33/whackdown/whackdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.7.2.24/wordjong/wordjong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.5.3.44/worldclass/worldclass-en_US.cab
O16 - DPF: Yahoo! Pyramids - http://download2.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.vtbrowser.com/library/ActiveX/LPControl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124650838772
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://216.120.174.18/Cams/AxisCamControl.ocx
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v45/sol/sol.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.berkeley.edu/webcams/camera.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.pogo.com/game/deluxe/zuma/popcaploader_v6.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} - http://www.musicmatch.com/form/support/tech/diagnostics/cabs/DiagCollectionControl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
Sorry I had to do it this way, but messages are limited to 20000 characters
gearjammer75
2007-07-06, 06:40
"Cherith" - 2007-07-05 23:30:31 - ComboFix 07-07-04.4 - Service Pack 2
((((((((((((((((((((((((( Files Created from 2007-06-06 to 2007-07-06 )))))))))))))))))))))))))))))))
2007-07-05 20:21 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-05 20:02 <DIR> d-------- C:\VundoFix Backups
2007-07-05 19:53 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-05 19:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-05 17:25 50,708 --a------ C:\WINDOWS\system32\fhrmkque.exe
2007-07-04 13:54 172,032 --a------ C:\WINDOWS\system32\hhwjcfr.dll
2007-07-04 13:53 <DIR> d-------- C:\WINDOWS\system32\X9
2007-07-04 13:53 <DIR> d-------- C:\WINDOWS\system32\X5
2007-07-04 13:53 <DIR> d-------- C:\WINDOWS\system32\X4
2007-07-04 13:53 <DIR> d-------- C:\WINDOWS\system32\X3
2007-07-04 13:53 <DIR> d-------- C:\WINDOWS\system32\X2
2007-07-04 13:53 <DIR> d-------- C:\WINDOWS\system32\X1
2007-07-04 13:52 <DIR> d-------- C:\Temp
2007-06-26 11:22 0 --a------ C:\DOCUME~1\Kayla\APPLIC~1\wklnhst.dat
2007-06-06 13:49 <DIR> d-------- C:\Program Files\Snapshot Viewer
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-05 23:57:36 -------- d-----w C:\Program Files\Apple Software Update
2007-07-05 23:15:05 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-05 23:13:26 -------- d-----w C:\Program Files\Oberon Media
2007-07-05 23:13:10 -------- d-----w C:\Program Files\Yahoo! Games
2007-07-05 17:06:42 -------- d-----w C:\Program Files\BearShare Applications
2007-07-05 17:00:21 -------- d-----w C:\Program Files\Common Files\Scanner
2007-07-05 17:00:02 -------- d-----w C:\Program Files\Yahoo!
2007-07-05 09:36:59 630,200 ----a-w C:\WINDOWS\system32\drivers\VetEFile.sys
2007-07-05 09:36:59 108,392 ----a-w C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-06-29 14:32:20 2,204 ----a-w C:\DOCUME~1\Cherith\APPLIC~1\wklnhst.dat
2007-06-18 05:11:14 -------- d-----w C:\DOCUME~1\Cherith\APPLIC~1\Yahoo!
2007-06-16 14:59:55 -------- d-----w C:\Program Files\Puppy Luv
2007-05-27 19:36:24 -------- d-----w C:\Program Files\AoCClient
2007-05-20 05:51:15 -------- d-----w C:\Program Files\Quicken
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 18:38:18 68,950 ----a-w C:\WINDOWS\hpoins05.dat
2007-05-14 18:34:15 -------- d-----w C:\Program Files\HP
2007-05-14 18:31:47 -------- d-----w C:\Program Files\Common Files\HP
2007-05-14 18:28:30 -------- d-----w C:\Program Files\Hewlett-Packard
2007-05-14 18:26:48 -------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-05-14 15:09:22 -------- d-----w C:\Program Files\Peachtree
2007-05-14 15:07:19 -------- d-----w C:\Program Files\Stamps.com Internet Postage
2007-05-14 15:05:31 -------- d-----w C:\Program Files\Common Files\Peach
2007-05-14 04:30:19 -------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-05-14 04:29:28 -------- d-----w C:\Program Files\illiminable
2007-05-10 07:07:51 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-08 03:10:03 -------- d-----w C:\DOCUME~1\Cherith\APPLIC~1\SoundSpectrum
2007-05-08 02:42:28 5 ----a-w C:\WINDOWS\glhvz.dll
2007-05-06 19:01:49 -------- d-----w C:\Program Files\QuickTime
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 20:52:16 81,272 ----a-w C:\DOCUME~1\Cherith\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-10-26 10:28 440384 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3311B611-D04F-4F55-AE73-D5071E6146D2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B96F083-D579-46FA-AF38-7991B7EC86D9}]
C:\WINDOWS\system32\ssqpo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{502C3BA4-2C3E-4317-BC29-C0445E82B1F9}]
2006-01-26 12:15 102400 --a------ C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 02:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-10-31 16:33 198136 --a------ C:\Program Files\Yahoo!\common\yiesrvc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2005-05-31 05:33 118844 --a------ C:\WINDOWS\system32\dla\tfswshx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]
2005-02-03 17:07 124032 --a------ C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc2feb89-7bfe-4926-a409-a2e120296a9e}]
2007-07-04 13:54 172032 --a------ C:\WINDOWS\system32\hhwjcfr.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-20 22:25]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 11:43]
"Gnetmous"="C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe" [2002-11-26 16:30]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2006-11-17 19:39]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2006-11-17 19:39]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-27 15:22]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe
*Newly Created Service* - CATCHME
Contents of the 'Scheduled Tasks' folder
2007-07-05 23:58:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-02 07:38:15 C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-05 23:35:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-05 23:37:33
C:\ComboFix-quarantined-files.txt ... 2007-07-05 23:37
C:\ComboFix2.txt ... 2007-07-05 20:47
--- E O F ---
And there's my ComboFix log, VundoFix says there are no infected files
Hello.
Because of the amount of posts in your thread, helpers probably thought you were already being assisted. We ask for two logs only, the HJT and results of the on-line anti virus scan.
Our stickied forum topics:
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
The Waiting Room: Post here if waiting for help longer than four days (http://forums.spybot.info/forumdisplay.php?f=37)
This topic has been archived.
If you need it re-opened, please send me a private message (pm) and provide a link to the thread.
Applies only to the original poster, anyone else with similar problems please start a new topic.