Options

Spyware I cant remove.

Unknown
edited August 2008 in Spyware & Virus Removal
hello again I got another on for you guys, I fixed most of them already. First I had that desktop warning that said " You are infected with spywere" I ran MBAM and fixed that one, but here is the next problem the Internet works fine but most of my spyware programs wont do updates it seems theres a problem with them checking 4 updates (spybot, MBAM, and Superantispyware) they keep having errors conecting to internet, but I can surf fine.
I inclded combo fix and Hijack logs Thanks for you help.

ComboFix 08-08-10.06 - Jose 2008-08-18 10:37:44.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.258 [GMT -7:00]
Running from: C:\Documents and Settings\Jose\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Jose\Application Data\macromedia\Flash Player\#SharedObjects\MFBFUBAK\interclick.com
C:\Documents and Settings\Jose\Application Data\macromedia\Flash Player\#SharedObjects\MFBFUBAK\interclick.com\ud.sol
C:\Documents and Settings\Jose\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Jose\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\system32\bszip.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\Service_sysrest.sys

((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.
2008-08-18 10:11 . 2008-08-18 10:18 <DIR> d
C:\Program Files\Your Uninstaller 2008
2008-08-18 10:11 . 2008-08-18 10:11 <DIR> d
C:\Documents and Settings\Jose\Application Data\URSoft
2008-08-18 10:11 . 2008-08-18 10:12 <DIR> d-a
C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-15 16:37 . 2008-08-15 16:39 <DIR> d
C:\Program Files\Malwarebytes' Anti-Malware
2008-08-15 16:37 . 2008-08-15 16:37 <DIR> d
C:\Documents and Settings\Jose\Application Data\Malwarebytes
2008-08-15 16:37 . 2008-08-15 16:37 <DIR> d
C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-15 16:37 . 2008-07-30 20:07 38,472 --a
C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-15 16:37 . 2008-07-30 20:07 17,144 --a
C:\WINDOWS\system32\drivers\mbam.sys
2008-08-15 15:43 . 2008-08-15 15:43 <DIR> d
C:\Program Files\Spybot - Search & Destroy
2008-08-15 15:43 . 2008-08-15 15:44 <DIR> d
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-15 15:01 . 2008-08-15 15:01 <DIR> d
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-15 15:00 . 2008-08-15 15:00 <DIR> d
C:\Program Files\SUPERAntiSpyware
2008-08-15 15:00 . 2008-08-15 15:00 <DIR> d
C:\Program Files\Common Files\Wise Installation Wizard
2008-08-15 15:00 . 2008-08-15 15:00 <DIR> d
C:\Documents and Settings\Jose\Application Data\SUPERAntiSpyware.com
2008-08-15 14:55 . 2001-08-17 11:48 12,160 --a
C:\WINDOWS\system32\drivers\mouhid.sys
2008-08-15 14:55 . 2001-08-17 11:48 12,160 --a
C:\WINDOWS\system32\dllcache\mouhid.sys
2008-08-15 14:54 . 2008-04-13 11:45 10,368 --a
C:\WINDOWS\system32\drivers\hidusb.sys
2008-08-15 14:54 . 2008-04-13 11:45 10,368 --a
C:\WINDOWS\system32\dllcache\hidusb.sys
2008-08-15 06:35 . 2008-05-01 07:33 331,776
C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-15 06:34 . 2008-04-11 12:04 691,712
C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-10 20:04 . 2008-08-10 20:04 <DIR> d---s---- C:\Documents and Settings\Lupe\UserData
2008-08-10 09:58 . 2008-08-10 09:58 54,156 --ah
C:\WINDOWS\QTFont.qfn
2008-08-10 09:58 . 2008-08-10 09:58 1,409 --a
C:\WINDOWS\QTFont.for
2008-08-08 14:18 . 2008-08-08 14:18 <DIR> d
C:\Program Files\FriendFinder
2008-07-24 15:10 . 2008-07-24 15:10 <DIR> d
C:\WINDOWS\system32\scripting
2008-07-24 15:10 . 2008-07-24 15:10 <DIR> d
C:\WINDOWS\system32\en
2008-07-24 15:10 . 2008-07-24 15:10 <DIR> d
C:\WINDOWS\system32\bits
2008-07-24 15:10 . 2008-07-24 15:10 <DIR> d
C:\WINDOWS\l2schemas
2008-07-24 15:06 . 2008-07-24 15:11 <DIR> d
C:\WINDOWS\ServicePackFiles
2008-07-24 14:58 . 2008-07-24 14:58 <DIR> d
C:\WINDOWS\EHome
2008-07-24 14:52 . 2008-04-13 17:12 712,704
C:\WINDOWS\system32\windowscodecs.dll
2008-07-24 14:52 . 2008-04-13 17:12 346,112
C:\WINDOWS\system32\windowscodecsext.dll
2008-07-24 14:52 . 2008-04-13 17:12 276,992
C:\WINDOWS\system32\wmphoto.dll
2008-07-24 14:52 . 2008-04-13 17:12 69,120
C:\WINDOWS\system32\wlanapi.dll
2008-07-24 14:50 . 2004-08-03 20:41 1,041,536
C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-07-24 14:49 . 2008-04-13 17:11 1,888,992
C:\WINDOWS\system32\ati3duag.dll
2008-07-24 13:21 . 2008-07-24 13:21 <DIR> d
C:\Program Files\MSXML 4.0
2008-07-24 12:34 . 2008-06-13 04:05 272,128
C:\WINDOWS\system32\drivers\bthport.sys
2008-07-24 12:34 . 2008-06-13 04:05 272,128
C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-24 12:25 . 2008-05-08 07:02 203,136
C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-22 16:17 . 2005-07-19 06:52 <DIR> d
C:\Documents and Settings\Guest\Application Data\Jasc Software Inc
2008-07-22 16:17 . 2005-07-19 06:44 <DIR> d
C:\Documents and Settings\Guest\Application Data\Intel
2008-07-22 16:17 . 2005-07-19 06:52 <DIR> d--h
C:\Documents and Settings\Guest\Application Data\Gtek
2008-07-22 16:17 . 2008-07-22 16:19 <DIR> d
C:\Documents and Settings\Guest
2008-07-22 07:43 . 2007-08-10 18:46 26,488 --a
C:\WINDOWS\system32\spupdsvc.exe
2008-07-22 07:35 . 2007-07-30 17:19 271,224 --a
C:\WINDOWS\system32\mucltui.dll
2008-07-22 07:35 . 2007-07-30 17:19 30,072 --a
C:\WINDOWS\system32\mucltui.dll.mui
2008-07-22 07:34 . 2007-07-30 17:19 43,352 --a
C:\WINDOWS\system32\wups2.dll
2008-07-22 07:34 . 2007-07-30 17:18 34,136 --a
C:\WINDOWS\system32\wucltui.dll.mui
2008-07-22 07:34 . 2007-07-30 17:19 25,944 --a
C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-07-22 07:34 . 2007-07-30 17:19 25,944 --a
C:\WINDOWS\system32\wuapi.dll.mui
2008-07-22 07:34 . 2007-07-30 17:18 20,312 --a
C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-22 07:10 . 2008-08-08 12:49 10,752 --a
C:\WINDOWS\DCEBoot.exe
2008-07-20 22:55 . 2008-07-20 22:55 <DIR> d
C:\Documents and Settings\Lupe\Application Data\Smith Micro
2008-07-20 22:46 . 2005-07-19 06:52 <DIR> d
C:\Documents and Settings\Lupe\Application Data\Jasc Software Inc
2008-07-20 22:46 . 2005-07-19 06:44 <DIR> d
C:\Documents and Settings\Lupe\Application Data\Intel
2008-07-20 22:46 . 2005-07-19 06:52 <DIR> d--h
C:\Documents and Settings\Lupe\Application Data\Gtek
2008-07-20 22:46 . 2008-08-10 20:04 <DIR> d
C:\Documents and Settings\Lupe
2008-07-20 17:25 . 2008-07-20 17:25 <DIR> d
C:\Documents and Settings\Jose\Application Data\Sonic
2008-07-20 17:24 . 2008-07-20 17:24 <DIR> d
C:\Documents and Settings\Jose\Application Data\Leadertech
2008-07-20 16:06 . 2008-07-20 16:07 <DIR> d
C:\Documents and Settings\Jose\Application Data\CyberLink
2008-07-19 06:04 . 2008-07-19 06:04 <DIR> d---s---- C:\Documents and Settings\Jose\UserData
2008-07-19 05:33 . 2008-07-19 05:33 <DIR> d
C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-07-19 05:33 . 2008-07-18 16:51 1,195,448 --a
C:\WINDOWS\system32\drivers\vsapint.sys
2008-07-19 05:33 . 2006-12-28 23:53 288,848 --a
C:\WINDOWS\system32\drivers\TM_CFW.sys
2008-07-19 05:33 . 2008-07-18 17:08 205,328 --a
C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-07-19 05:33 . 2006-12-28 23:53 111,888 --a
C:\WINDOWS\system32\drivers\tm_mbd_c.sys
2008-07-19 05:33 . 2006-12-28 23:53 75,088 --a
C:\WINDOWS\system32\drivers\tmtdi.sys
2008-07-19 05:33 . 2008-07-18 17:08 36,368 --a
C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-07-19 05:31 . 2008-07-19 05:31 <DIR> d
C:\Program Files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-29 05:05
d
w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-07-19 12:27
d
w C:\Program Files\McAfee.com
2008-07-14 17:49
d
w C:\Program Files\Common Files\SWF Studio
2008-07-14 02:57
d
w C:\Documents and Settings\Jose\Application Data\Smith Micro
2008-07-14 02:55
d
w C:\Program Files\Verizon Wireless
2008-07-14 02:55
d
w C:\Program Files\PANTECH
2008-07-13 17:39
d
w C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2008-07-13 17:39
d
w C:\Documents and Settings\Jose\Application Data\McAfee.com Personal Firewall
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952
w C:\WINDOWS\system32\dllcache\es.dll
2008-06-26 08:15 619,520
w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-06-26 08:15 1,499,136
w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240
w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 15:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-23 15:09 666,112
w C:\WINDOWS\system32\dllcache\wininet.dll
2008-06-23 15:09 3,067,392
w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248
w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968
w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:51 361,600
w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:40 138,496
w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 11:08 225,856
w C:\WINDOWS\system32\dllcache\tcpip6.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 14:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Jose^Start Menu^Programs^Startup^VZAccess Manager.lnk]
path=C:\Documents and Settings\Jose\Start Menu\Programs\Startup\VZAccess Manager.lnk
backup=C:\WINDOWS\pss\VZAccess Manager.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a
2004-09-13 14:33 155648 C:\Program Files\Apoint\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bacstray]
--a
2004-08-18 10:26 118784 C:\Program Files\Broadcom\BACS\BacsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a
2005-03-04 09:26 606208 C:\Program Files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a
2004-07-19 05:51 306688 C:\Program Files\Dell Support\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a
2004-12-05 23:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 14:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a
2005-02-15 13:02 126976 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a
2005-02-15 13:02 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a
2004-10-30 12:59 385024 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a
2004-07-27 14:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a
2004-07-27 14:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a
2004-09-14 06:50 53248 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a
2004-09-14 06:50 131072 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a
2008-04-13 17:12 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
--a
2007-01-22 23:26 3429904 C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-11 18:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a
2005-07-19 06:58 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a
2005-07-19 06:57 26112 C:\Program Files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a
2003-11-19 15:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;C:\WINDOWS\system32\DRIVERS\PTDMBus.sys [2007-08-17 18:56]
S3 PTDMMdm;PANTECH USB Modem Drivers ;C:\WINDOWS\system32\DRIVERS\PTDMMdm.sys [2007-08-17 18:56]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;C:\WINDOWS\system32\DRIVERS\PTDMVsp.sys [2007-08-17 18:56]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;C:\WINDOWS\system32\DRIVERS\PTDMWWAN.sys [2007-08-17 18:56]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-IMC - C:\Program Files\FriendFinder\FriendFinder Messenger 40\imc.exe
MSConfigStartUp-SMrhcn5gj0e9br - C:\Program Files\rhcn5gj0e9br\rhcn5gj0e9br.exe

.
Supplementary Scan
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKLM-Main,Start Page = hxxp://www.dell4me.com/myway
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.vzam.net/download/download.aspx?productid=526&upd=t
O9 -: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 10:46:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Other Running Processes
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
.
**************************************************************************
.
Completion time: 2008-08-18 10:48:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-18 17:48:24
Pre-Run: 65,843,539,968 bytes free
Post-Run: 66,056,740,864 bytes free
246 --- E O F --- 2008-08-15 14:51:26


Logfile of HijackThis v1.99.1
Scan saved at 11:17:51 AM, on 8/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jose\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.vzam.net/download/download.aspx?productid=526&upd=t
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1216737135156
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1216737239015
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Comments

  • rian101
    edited August 2008
    Also here is a log from Active Scan, Kaspersky came back clean, im going to try AVG next.

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2008-08-18 12:32:05
    PROTECTIONS: 2
    MALWARE: 6
    SUSPECTS: 1
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    Trend Micro PC-Cillin Internet Security 2007 15.30.1151 No Yes
    Trend Micro Internet Security 2008 15.30.1151 No No
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Jose\Cookies\jose@doubleclick[1].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Jose\Cookies\jose@atdmt[2].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jose\Cookies\jose@advertising[2].txt
    00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Lupe\Cookies\lupe@target[1].txt
    01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP21\A0004270.EXE
    02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP21\A0004259.sys
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location
    ;===================================================================================================================================================================================
    No C:\Documents and Settings\Jose\Desktop\ComboFix.exe
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
  • rian101
    edited August 2008
    Aha I finaly figured it out, it was Trend Micro, I went into msconfig to turnoff startup programs, trend was off but some how its firewall was still running and blocked the updates from working, I reenabled trend and I got a warning about program was trying to access the internet and it was MBAM after I hit update, so I said yes or OK to access internet and then it updated. I still think I may have a bug so if you see some thing let me know. Thanks
Sign In or Register to comment.