Link to home
Start Free TrialLog in
Avatar of mrchaos101
mrchaos101Flag for United States of America

asked on

Hijack This Log Cant remove SmitFraud-C.CoreService and Virtumonde

WIndows XP home with SP2

I have used
Spybot Search and Destroy 1.5
Adaware 2007
AVG Anti Spyware
Superantivirus

I still am geting pop ups and reports that SmiteFraud.C-CoreService and Virtumonde.

I tried a SmiteFraud removea tool but I guess it didnt work.

Here is my Hijack THis log.   Please help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:43:19 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\McAfee.com\Agent\MCAGEN~1.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc .exe
C:\Program Files\Windows Defender\MSASCui .exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv .exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\lpcywinp.exe,C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [0457b3d7] rundll32.exe "C:\WINDOWS\system32\cnhidtfg.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 8935 bytes
ASKER CERTIFIED SOLUTION
Avatar of rpggamergirl
rpggamergirl
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Barbulescu
Barbulescu
Flag of Romania image
I recommend you to download and install the trial version of Kaspersky antivirus.

http://www.kaspersky.com/anti-virus_trial

Activate your trial license, update the detection database and run a full scan of your system. Most likely KAV will be able to quickly identify and remove Virtumonde

Let me know if this works for you.
Avatar of mrchaos101
mrchaos101
Flag of United States of America image

ASKER

ComboFix 08-01-04.1 - chad.H 2008-01-05 16:17:29.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.520 [GMT -6:00]
Running from: C:\Documents and Settings\chad.H\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2007-12-05 to 2008-01-05  )))))))))))))))))))))))))))))))
.

2008-01-05 15:43 . 2008-01-05 15:43      <DIR>      d--------      C:\WINDOWS\LastGood
2008-01-05 11:23 . 2000-08-31 08:00      51,200      --a------      C:\WINDOWS\NirCmd.exe
2008-01-03 18:44 . 2008-01-03 18:48      1,938      --a------      C:\WINDOWS\system32\tmp.reg
2008-01-03 18:43 . 2007-09-05 23:22      289,144      --a------      C:\WINDOWS\system32\VCCLSID.exe
2008-01-03 18:43 . 2006-04-27 16:49      288,417      --a------      C:\WINDOWS\system32\SrchSTS.exe
2008-01-03 18:43 . 2007-12-19 22:57      81,920      --a------      C:\WINDOWS\system32\IEDFix.exe
2008-01-03 18:43 . 2004-07-31 17:50      51,200      --a------      C:\WINDOWS\system32\dumphive.exe
2008-01-03 18:43 . 2007-10-03 23:36      25,600      --a------      C:\WINDOWS\system32\WS2Fix.exe
2008-01-03 10:03 . 2008-01-03 13:36      <DIR>      d-a------      C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-03 09:37 . 2008-01-03 09:37      <DIR>      d--------      C:\Program Files\Trend Micro
2008-01-03 08:52 . 2008-01-03 08:57      <DIR>      d--------      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-02 16:05 . 2008-01-02 16:05      <DIR>      d--------      C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-02 16:04 . 2008-01-05 11:49      <DIR>      d--------      C:\Program Files\SUPERAntiSpyware
2008-01-02 16:04 . 2008-01-02 16:04      <DIR>      d--------      C:\Documents and Settings\chad.H\Application Data\SUPERAntiSpyware.com
2008-01-02 16:03 . 2008-01-02 16:03      <DIR>      d--------      C:\Program Files\Common Files\Wise Installation Wizard
2008-01-02 15:35 . 2008-01-02 15:35      <DIR>      d--------      C:\Program Files\RcvSystem
2007-12-27 23:44 . 2008-01-05 11:49      <DIR>      d--------      C:\Program Files\Windows Defender
2007-12-27 19:18 . 2007-12-27 19:18      <DIR>      d--------      C:\Program Files\Lavasoft
2007-12-27 13:14 . 2007-12-27 13:14      348,160      --a------      C:\WINDOWS\system32\RCX2D4.tmp
2007-12-27 00:25 . 2008-01-05 16:18      11,505      --a------      C:\WINDOWS\system32\Config.MPF
2007-12-27 00:23 . 2007-12-28 10:53      <DIR>      d--------      C:\Program Files\SiteAdvisor
2007-12-27 00:23 . 2007-12-28 00:00      <DIR>      d--------      C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-12-27 00:23 . 2007-12-27 00:48      <DIR>      d--------      C:\Documents and Settings\chad.H\Application Data\SiteAdvisor
2007-12-27 00:23 . 2007-12-27 00:23      <DIR>      d--------      C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-27 00:19 . 2007-07-24 12:02      33,800      --a------      C:\WINDOWS\system32\drivers\mferkdk.sys
2007-12-27 00:18 . 2007-07-21 09:08      201,288      --a------      C:\WINDOWS\system32\drivers\mfehidk.sys
2007-12-27 00:18 . 2007-07-13 09:20      113,952      --a------      C:\WINDOWS\system32\drivers\Mpfp.sys
2007-12-27 00:18 . 2007-07-24 07:40      79,304      --a------      C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-12-27 00:18 . 2007-07-21 09:08      40,488      --a------      C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-12-27 00:18 . 2007-07-21 09:08      35,240      --a------      C:\WINDOWS\system32\drivers\mfebopk.sys
2007-12-27 00:15 . 2007-12-27 00:16      <DIR>      d--------      C:\Program Files\McAfee.com
2007-12-27 00:15 . 2007-12-27 00:18      <DIR>      d--------      C:\Program Files\Common Files\McAfee
2007-12-26 23:39 . 2007-12-26 23:39      40,734      --a------      C:\WINDOWS\system32\superiorads-uninst.exe
2007-12-26 23:23 . 2007-12-28 10:50      212,992      --a------      C:\WINDOWS\troy44 .exe
2007-12-26 20:05 . 2007-12-26 20:05      4,286      --a------      C:\WINDOWS\system32\MobileSidewalk.ico
2007-12-26 19:47 . 2008-01-03 12:55      <DIR>      d--------      C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-26 19:47 . 2007-12-26 19:47      4      --a------      C:\WINDOWS\system32\jpewocmz.ini
2007-12-26 19:45 . 2008-01-02 16:15      <DIR>      d--hs----      C:\WINDOWS\Y2hhZC5I
2007-12-26 19:45 . 2008-01-02 15:59      39,936      --a------      C:\WINDOWS\mrofinu77.exe.tmp
2007-12-26 19:44 . 2008-01-02 16:59      <DIR>      d--------      C:\WINDOWS\system32\to9
2007-12-26 19:44 . 2008-01-02 17:24      <DIR>      d--------      C:\WINDOWS\system32\dj2
2007-12-26 19:44 . 2007-12-26 23:19      <DIR>      d--------      C:\WINDOWS\system32\bbc9
2007-12-26 19:44 . 2008-01-02 16:53      <DIR>      d--------      C:\WINDOWS\system32\ardCo02
2007-12-26 19:44 . 2007-12-26 19:45      <DIR>      d--------      C:\Temp\cEeer12
2007-12-21 19:20 . 2007-12-21 19:20      <DIR>      d--h-----      C:\Temp\pt8q3khslw
2007-12-21 19:19 . 2007-12-21 19:19      <DIR>      d--------      C:\Program Files\Verizon Wireless
2007-12-21 19:19 . 2007-12-21 19:19      <DIR>      d--------      C:\Program Files\LG Electronics
2007-12-21 19:19 . 2007-12-27 13:20      2,691,072      --a------      C:\WINDOWS\MEDB.mdb
2007-12-21 19:19 . 2007-05-01 16:23      528,384      --a------      C:\WINDOWS\system32\VZWDownManager.exe
2007-12-21 19:19 . 2007-05-01 16:23      49,152      --a------      C:\WINDOWS\system32\VZWDLManager.dll
2007-12-21 19:19 . 2007-04-09 09:55      22,912      --a------      C:\WINDOWS\system32\drivers\lgusbmodem.sys
2007-12-21 19:19 . 2007-04-09 09:56      21,248      --a------      C:\WINDOWS\system32\drivers\lgusbdiag.sys
2007-12-21 19:19 . 2007-04-09 09:53      12,672      --a------      C:\WINDOWS\system32\drivers\lgusbbus.sys
2007-12-21 19:19 . 2007-05-02 02:34      375      --a------      C:\WINDOWS\system32\VZWDLManager.inf

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 21:43      ---------      d-----w      C:\Program Files\McAfee
2008-01-05 17:49      ---------      d-----w      C:\Program Files\QuickTime
2008-01-05 17:49      ---------      d-----w      C:\Program Files\NetWaiting
2008-01-05 17:49      ---------      d-----w      C:\Program Files\iTunes
2008-01-05 17:49      ---------      d-----w      C:\Program Files\DellSupport
2007-12-27 07:14      62      ----a-w      C:\Program Files\uninstall.log
2007-12-27 06:26      ---------      d-----w      C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-27 06:18      246      ----a-w      C:\Program Files\Common Files\xukad
2007-12-26 23:16      ---------      d-----w      C:\Documents and Settings\chad.H\Application Data\LimeWire
2007-12-22 01:19      ---------      d--h--w      C:\Program Files\InstallShield Installation Information
2007-12-16 21:38      ---------      d-----w      C:\Program Files\Modem Helper
2007-12-04 03:40      ---------      d-----w      C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-12-04 03:38      ---------      d-----w      C:\Program Files\AIM6
2007-12-04 03:32      ---------      d-----w      C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-04 03:12      ---------      d-----w      C:\Program Files\Common Files\AOL
2007-11-28 06:21      ---------      d-----w      C:\Documents and Settings\chad.H\Application Data\acccore
2007-11-28 06:20      ---------      d-----w      C:\Documents and Settings\All Users\Application Data\AOL
2007-11-28 06:19      ---------      d-----w      C:\Program Files\Common Files\aolshare
2007-11-28 05:57      ---------      d-----w      C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-26 17:51      ---------      d-----w      C:\Documents and Settings\chad.H\Application Data\AdobeUM
2007-11-20 20:38      ---------      d-----w      C:\Program Files\Photo Pos Pro
2007-11-16 19:16      ---------      d-----w      C:\Program Files\iPod
2007-11-16 19:09      ---------      d-----w      C:\Program Files\Apple Software Update
2007-11-16 19:08      ---------      d-----w      C:\Program Files\Common Files\Apple
2007-11-16 19:08      ---------      d-----w      C:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 10:25      20,480      ----a-w      C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 23:42      3,590,656      ------w      C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:35      1,287,680      ----a-w      C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35      1,287,680      ------w      C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 23:40      222,720      ----a-w      C:\WINDOWS\system32\wmasf.dll
2007-10-27 23:40      222,720      ------w      C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34      8,460,288      ----a-w      C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-17 17:23      10,752      ----a-w      C:\WINDOWS\system32\WhoisCL.exe
2007-10-10 23:56      824,832      ------w      C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56      232,960      ------w      C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56      1,159,680      ------w      C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55      671,232      ------w      C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55      63,488      ------w      C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55      6,065,664      ------w      C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55      52,224      ------w      C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55      478,208      ------w      C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55      459,264      ------w      C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55      44,544      ------w      C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55      384,512      ------w      C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55      383,488      ------w      C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55      27,648      ------w      C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55      267,776      ------w      C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55      230,400      ------w      C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55      214,528      ------w      C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55      193,024      ------w      C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55      153,088      ------w      C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55      132,608      ------w      C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55      124,928      ------w      C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55      105,984      ------w      C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55      102,400      ------w      C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 10:59      70,656      ------w      C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59      625,152      ------w      C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59      13,824      ------w      C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46      161,792      ------w      C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-12 06:11      88      --sh--r      C:\WINDOWS\system32\4AA31C5FF2.sys
2007-08-07 16:44      56      -csh--r      C:\WINDOWS\system32\F25F1CA34A.sys
2007-08-07 16:44      6,580      -csha-w      C:\WINDOWS\system32\KGyGaAvL.sys
.
[code]<pre>
----a-w         1,694,208 2007-12-27 05:23:59  C:\Program Files\Messenger\msmsgs .exe
----a-w           212,992 2007-12-28 16:50:53  C:\WINDOWS\troy44 .exe
</pre>[/code]


(((((((((((((((((((((((((((((   snapshot@2008-01-05_11.53.11.46   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-02 23:52:58      32,768      -c--a-w      C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-05 21:42:52      32,768      -c--a-w      C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-02 23:52:58      32,768      -c--a-w      C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-01-05 21:42:52      32,768      -c--a-w      C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-01-02 23:52:58      32,768      -c--a-w      C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-05 21:42:52      32,768      -c--a-w      C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-05 11:16 761947]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-01-05 11:16 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-01-05 11:16 696320]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-05 11:16 866584]
"RegistryMechanic"="" []
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]

C:\Documents and Settings\chad.H\Start Menu\Programs\Startup\
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-12-21 19:19:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnapDetect.lnk]
backup=C:\WINDOWS\pss\SnapDetect.lnkCommon Startup
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
                  C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-10 04:00      15360      --a------      C:\WINDOWS\system32\ctfmon.exe
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-12-06 09:45      839680      --a------      C:\Program Files\Dell\QuickSet\quickset.exe
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
                  C:\Program Files\DellSupport\DSAgnt.exe /startup
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2008-01-02 15:30      127035      --a------      C:\WINDOWS\system32\dla\tfswctrl.exe
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2008-01-02 15:30      49152      --a------      C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
                  C:\WINDOWS\ehome\ehtray.exe
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2008-01-02 15:30      50792      --a------      C:\Program Files\Common Files\AOL\1196230799\ee\AOLSoftware.exe
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-12-15 11:18      49152      --a--c---      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
2008-01-02 15:30      124520      --a------      C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
                  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm          .exe -startup
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
                  C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-01-02 15:30      267048      --a------      C:\Program Files\iTunes\iTunesHelper.exe
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
                  C:\WINDOWS\system32\gebya.exe
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
                  C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]
                  C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
                  C:\Program Files\NetWaiting\netWaiting .exe
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
                  C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack11]
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
                  C:\Program Files\QuickTime\QTTask          .exe -atboottime
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]
                  
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
                  stsystra.exe
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
2008-01-05 11:18      36640      --a------      C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-04-13 03:48      36975      --a--c---      C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2008-01-05 11:16      1318912      --a------      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
                  
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
                  C:\Program Files\Windows Defender\MSASCui.exe -hide

S2 0058031199569456mcinstcleanup;McAfee Application Installer Cleanup (0058031199569456);C:\WINDOWS\TEMP\[u]0[/u]05803~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38abfdc4-11dc-11db-9148-00038a000015}]
\Shell\AutoRun\command - E:\SafeGuard\Windows\SafeGuard20.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-23 03:53:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-27 06:17:04 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2007-12-27 06:17:03 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-01-05 17:59:20 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 16:21:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-05 16:22:06
ComboFix-quarantined-files.txt  2008-01-05 22:22:04
ComboFix2.txt  2008-01-05 17:53:34
.
2008-01-04 19:56:16      --- E O F ---  
Avatar of mrchaos101
mrchaos101
Flag of United States of America image

ASKER

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:48 PM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0058031199569456) (0058031199569456mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\005803~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 8660 bytes
Avatar of rpggamergirl
rpggamergirl
Flag of Australia image
It looked like you run Combofix twice, did you?

You had the vundo file infector that infects legit files, the first CF log would've shown what was infected and what was replaced, the log you posted it seems combofix was not able to replace C:\Program Files\Messenger\msmsgs.exe.
After running the CFScript and if Messenger still not working just reinstall it.
Combofix should neutralize the infection but if there are other programs not working properly just reinstall them.


Open notepad and copy/paste the text inside the lines below into it.
--------------------------------------------------------------
File::
C:\WINDOWS\system32\RCX2D4.tmp
C:\WINDOWS\system32\superiorads-uninst.exe
C:\WINDOWS\troy44 .exe
C:\WINDOWS\system32\jpewocmz.ini
C:\WINDOWS\mrofinu77.exe.tmp

Folder::
C:\WINDOWS\Y2hhZC5I
C:\WINDOWS\system32\bbc9
C:\WINDOWS\system32\ardCo02
C:\Temp\cEeer12
C:\Temp\pt8q3khslw
C:\WINDOWS\system32\to9
C:\WINDOWS\system32\dj2

RENV::
C:\Program Files\Messenger\msmsgs .exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

--------------------------------------------------------------
Save this as CFScript in the same location as ComboFix.exe
then drag CFScript.txt into ComboFix.exe

This will start ComboFix again. Follow the prompts. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


You can fix these entries in Hijackthis:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Avatar of rpggamergirl
rpggamergirl
Flag of Australia image
You closed the question, so I assume the problem is solved?

Thanks!