« previous next »
Pages: 1 [2] 3   Go Down

Author Topic: [Resolved]Spyware and Registry Errors  (Read 3144 times)

0 Members and 1 Guest are viewing this topic.

Offline RobotARM

  • Bronze Member
  • Posts: 17
Re: [Resolved]Spyware and Registry Errors
« Reply #15 on: August 24, 2009, 03:52:21 PM »
Alright,I tried clicking on the folder support.com - is this what you were looking for? I recognize some of this stuff - let me know if you need something else. Thanks

Activision
ACW
Adobe
AIM Toolbar
AIM95
AOD
AOL
ArcSoft
Auslogics
AWS
Classic PhoneTools
Common Files
ComPlus Applications
Creative
CyberLink
Databaser
Dell
Dell Computer
DellSupport
DIFX
Digital Line Detect
EA GAMES
Eidos
Electronic Arts
EPSON
ESPN
GameSpy Arcade
Google
hijackthis
Infogrames Interactive
intel
Internet Explorer
Jasc Software Inc
Java
JavaSoft
JGoodies
Kodak
LimeShop
LimeWire
Liquid Entertainment
Livestation
Malwarebytes' Anti-Malware
McAfee
McAfee.com
Messenger
Microsoft ActiveSync
Microsoft Encarta
microsoft frontpage
Microsoft Money
Microsoft Office
Microsoft Picture It! 7
Microsoft Script Control
Microsoft Streets & Trips
Microsoft Works
Microsoft Works Suite 2003
Modem Helper
Movie Maker
Mozilla Firefox
MSBuild
MSN
MSN Gaming Zone
MSXML 4.0
MUSICMATCH
NetMeeting
Nortel Networks
OfficeUpdate11
OLYMPUS
Online Services
OpenAL
Outlook Express
PIXELA
QuickTime
Raxco
Real
Reference Assemblies
Roxio
settings
Spybot - Search & Destroy 1.1
SpywareBlaster
Support.com
SystemRequirementsLab
Trend Micro
Turbo Tax Audit Support Center
user
Verizon
Verizon Broadband Firefox Toolbar
verizon_broad
War of the Ring Demo
Windows Media Connect 2
Windows Media Player
Windows NT
WinFavorites
XEROX
Yahoo!
YourWare Solutions

-----------

AcroReader51_ENU
Firefox Setup 1.0
hijackthis
IKEA Home Planner
Logged

Offline PCBruiser

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 7300
Re: [Resolved]Spyware and Registry Errors
« Reply #16 on: August 24, 2009, 04:00:01 PM »
Hi,

Frankly, I'm not sure how good the Verizon security software really is.  Those files look strange, as you said.  I think we had better do a full system scan using MBAM and then an online scanner.  MBAM's quick scan only scans the most likely entry points for malware, and that covers almost all that are usually used.  But a full system scan will look at everything (and take some time).

Open up MBAM, and update the definitions.  Then click on the scanner tab, check Do a full scan and then click on Scan.  Post the log file from that.

Next, please perform a BitDefender Online Virus and Malware Scan here:
http://www.bitdefender.com/scan8/ie.html
    * Click on I Agree.
    * An ActiveX warning box will appear, click on Install.
    * Under Select What You Want To Check For Viruses.
    * Please Check My Computer and Click Ok
    * Now Click On Click Here To Scan
    * Next, Click on Click here to export the scan report
    * Save it to your Desktop.
    * In your next reply, please include the BitDefender log and a fresh HijackThis log.
Logged
Don't Read?  Can't learn!

Offline PCBruiser

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 7300
Re: [Resolved]Spyware and Registry Errors
« Reply #17 on: August 24, 2009, 04:01:51 PM »
Hi,

We cross posted.  Go ahead and do these two scans anyway just to make sure.  Those folders are either installers or backups of some sort.  Let's see what these two scans tell us, then we can open some of those folders and see what is in them.
Logged
Don't Read?  Can't learn!

Offline RobotARM

  • Bronze Member
  • Posts: 17
Re: [Resolved]Spyware and Registry Errors
« Reply #18 on: August 24, 2009, 06:07:48 PM »
I just figured out what lime wire is - do we need to run another combo fix to get rid of this - I cannot believe they put two of them on here. Thanks for all your help - I will start the scans shortly, unless you think we need to run another combo fix to eliminate lime wire.
Logged

Offline PCBruiser

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 7300
Re: [Resolved]Spyware and Registry Errors
« Reply #19 on: August 25, 2009, 08:34:01 AM »
Hi,

I don't think that is actually a running copy of LimeWire.  I think that folder is some kind of backup.  After those two scans run, we can investigate that folder some more.  I think we may be able to delete it completely, so hold on for the moment doing anything with it.
Logged
Don't Read?  Can't learn!

Offline RobotARM

  • Bronze Member
  • Posts: 17
Re: [Resolved]Spyware and Registry Errors
« Reply #20 on: August 26, 2009, 05:52:00 PM »
PCB, Sorry for the delay - I cannot run the internet scan that you requested - I did run the malaware scan - the report is listed below.

From the link that you provided to the internet scan, the site said that the scan is only available to updated version's of internet explorer - so I connected to their link to update my version (I had originally attempted to run the scan while using Firefox).  After the update, I was instructed to restart my computer, so I did. Internet explorer will not run now and I get an error report every time that I attempt. 

Is there another scan we can run? Or, can you help me troubleshoot my difficulty running internet explorer? My computer is acting very sluggish again.

Here is the MAMB log:

Malwarebytes' Anti-Malware 1.40
Database version: 2691
Windows 5.1.2600 Service Pack 3

8/25/2009 5:31:25 PM
mbam-log-2009-08-25 (17-31-25).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 427217
Time elapsed: 3 hour(s), 18 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thanks for your help and your patients - it must be hard on you to work with a novice like myself.
Logged

Offline RobotARM

  • Bronze Member
  • Posts: 17
Re: [Resolved]Spyware and Registry Errors
« Reply #21 on: August 27, 2009, 05:28:31 AM »
PCB, good news - I figured it out - below is the scan report.  Let me know how to proceed. Thanks


BitDefender:




BitDefender Online Scanner
   

 
   

 

Scan report generated at: Thu, Aug 27, 2009 - 00:57:30

 
   

 
   

 

Scan path: A:\;C:\;D:\;E:\;F:\;
   

 
   

 

 
   

 
   

 

Statistics

Time
   

04:58:27

Files
   

1114796

Folders
   

114141

Boot Sectors
   

0

Archives
   

126546

Packed Files
   

40628
   

 
   

 

Results

Identified Viruses
   

2

Infected Files
   

6

Suspect Files
   

24

Warnings
   

0

Disinfected
   

0

Deleted Files
   

30
   

 
   

 

Engines Info

Virus Definitions
   

3914118

Engine build
   

AVCORE v2.1 Windows/i386 11.0.0.26 (Jul 24 2009)

Scan plugins
   

17

Archive plugins
   

45

Unpack plugins
   

7

E-mail plugins
   

6

System plugins
   

4
   

 
   

 

Scan Settings

First Action
   

Disinfect

Second Action
   

Delete

Heuristics
   

Yes

Enable Warnings
   

Yes

Scanned Extensions
   

*;

Exclude Extensions
   

 

Scan Emails
   

Yes

Scan Archives
   

Yes

Scan Packed
   

Yes

Scan Files
   

Yes

Scan Boot
   

Yes
   

 
   

 
 

Scanned File
   

 Status

C:\Program Files\InstallShield Installation Information\{4CB90CB9-DD58-4CCC-A053-08FA70A42941}\RPS Ksdk.msi=>(Embedded CAB)=>udinstaller32.exe
   

Infected with: Trojan.Generic.IS.597508

C:\Program Files\InstallShield Installation Information\{4CB90CB9-DD58-4CCC-A053-08FA70A42941}\RPS Ksdk.msi=>(Embedded CAB)=>udinstaller32.exe
   

Deleted

C:\Program Files\InstallShield Installation Information\{4CB90CB9-DD58-4CCC-A053-08FA70A42941}\RPS Ksdk.msi=>(Embedded CAB)
   

Update failed

C:\Program Files\InstallShield Installation Information\{4CB90CB9-DD58-4CCC-A053-08FA70A42941}\udinstaller32.exe
   

Infected with: Trojan.Generic.IS.597508

C:\Program Files\InstallShield Installation Information\{4CB90CB9-DD58-4CCC-A053-08FA70A42941}\udinstaller32.exe
   

Deleted

C:\Program Files\Support.com\backup\0A\0A6F1864d01\101249_501133f3c_=>0A6F1864d01=>(JAVASCRIPT 47)
   

Suspected of: Trojan.IFrame.GZ

C:\Program Files\Support.com\backup\0A\0A6F1864d01\101249_501133f3c_=>0A6F1864d01=>(JAVASCRIPT 47)
   

Disinfection failed

C:\Program Files\Support.com\backup\0A\0A6F1864d01\101249_501133f3c_=>0A6F1864d01=>(JAVASCRIPT 47)
   

Deleted

C:\Program Files\Support.com\backup\0A\0A6F1864d01\101249_501133f3c_=>0A6F1864d01
   

Updated

C:\Program Files\Support.com\backup\0A\0A6F1864d01\101249_501133f3c_
   

Update failed

C:\Program Files\Support.com\backup\11\1117AA15d01\105805_5581ba068_=>1117AA15d01=>(JAVASCRIPT 47)
   

Suspected of: Trojan.IFrame.GZ

C:\Program Files\Support.com\backup\11\1117AA15d01\105805_5581ba068_=>1117AA15d01=>(JAVASCRIPT 47)
   

Disinfection failed

C:\Program Files\Support.com\backup\11\1117AA15d01\105805_5581ba068_=>1117AA15d01=>(JAVASCRIPT 47)
   

Deleted

C:\Program Files\Support.com\backup\11\1117AA15d01\105805_5581ba068_=>1117AA15d01
   

Updated

C:\Program Files\Support.com\backup\11\1117AA15d01\105805_5581ba068_
   

Update failed

C:\Program Files\Support.com\backup\21\21048DDEd01\120208_5bd0128b2_=>21048DDEd01=>(JAVASCRIPT 97)
   

Suspected of: Trojan.IFrame.GZ

C:\Program Files\Support.com\backup\21\21048DDEd01\120208_5bd0128b2_=>21048DDEd01=>(JAVASCRIPT 97)
   

Disinfection failed

C:\Program Files\Support.com\backup\21\21048DDEd01\120208_5bd0128b2_=>21048DDEd01=>(JAVASCRIPT 97)
   

Deleted

C:\Program Files\Support.com\backup\21\21048DDEd01\120208_5bd0128b2_=>21048DDEd01
   

Updated

C:\Program Files\Support.com\backup\21\21048DDEd01\120208_5bd0128b2_
   

Update failed

C:\Program Files\Support.com\backup\24\24F62CCBd01\100214_5adcb59ab_=>24F62CCBd01=>(JAVASCRIPT 41)
   

Suspected of: Trojan.IFrame.GZ

C:\Program Files\Support.com\backup\24\24F62CCBd01\100214_5adcb59ab_=>24F62CCBd01=>(JAVASCRIPT 41)
   

Disinfection failed

C:\Program Files\Support.com\backup\24\24F62CCBd01\100214_5adcb59ab_=>24F62CCBd01=>(JAVASCRIPT 41)
   

Deleted

C:\Program Files\Support.com\backup\24\24F62CCBd01\100214_5adcb59ab_=>24F62CCBd01
   

Updated

C:\Program Files\Support.com\backup\24\24F62CCBd01\100214_5adcb59ab_
   

Update failed

C:\Program Files\Support.com\backup\32\32C1BB58d01\104466_58eed7294_=>32C1BB58d01=>(JAVASCRIPT 51)
   

Suspected of: Trojan.IFrame.GZ

C:\Program Files\Support.com\backup\32\32C1BB58d01\104466_58eed7294_=>32C1BB58d01=>(JAVASCRIPT 51)
   

Disinfection failed

C:\Program Files\Support.com\backup\32\32C1BB58d01\104466_58eed7294_=>32C1BB58d01=>(JAVASCRIPT 51)
   

Deleted

C:\Program Files\Support.com\backup\32\32C1BB58d01\104466_58eed7294_=>32C1BB58d01
   

Updated

C:\Program Files\Support.com\backup\32\32C1BB58d01\104466_58eed7294_
   

Update failed

C:\Program Files\Support.com\backup\36\362464B6d01\111255_56b6d1b61_=>362464B6d01=>(JAVASCRIPT 48)
   

Suspected of: Trojan.IFrame.GZ

C:\Program Files\Support.com\backup\36\362464B6d01\111255_56b6d1b61_=>362464B6d01=>(JAVASCRIPT 48)
   

Disinfection failed

C:\Program Files\Support.com\backup\36\362464B6d01\111255_56b6d1b61_=>362464B6d01=>(JAVASCRIPT 48)
   

Deleted

C:\Program Files\Support.com\backup\36\362464B6d01\111255_56b6d1b61_=>362464B6d01
   

Updated

C:\Program Files\Support.com\backup\36\362464B6d01\111255_56b6d1b61_
   

Update failed

C:\Program Files\Support.com\backup\4A\4AF61098d01\96140_521dbc4de_=>4AF61098d01=>(JAVASCRIPT 44)
   

Suspected of: Trojan.IFrame.GZ

C:\Program Files\Support.com\backup\4A\4AF61098d01\96140_521dbc4de_=>4AF61098d01=>(JAVASCRIPT 44)
   

Disinfection failed

C:\Program Files\Support.com\backup\4A\4AF61098d01\96140_521dbc4de_=>4AF61098d01=>(JAVASCRIPT 44)
   

Deleted

C:\Program Files\Support.com\backup\4A\4AF61098d01\96140_521dbc4de_=>4AF61098d01
   

Updated

C:\Program Files\Support.com\backup\4A\4AF61098d01\96140_521dbc4de_
   

Update failed

C:\Program Files\Support.com\backup\5F\5F0454E5d01\170634_5071a41f2_=>5F0454E5d01=>(JAVASCRIPT 97)
   

Suspected of: Trojan.IFrame.GZ

C:\Program Files\Support.com\backup\5F\5F0454E5d01\170634_5071a41f2_=>5F0454E5d01=>(JAVASCRIPT 97)
   

Disinfection failed

C:\Program Files\Support.com\backup\5F\5F0454E5d01\170634_5071a41f2_=>5F0454E5d01=>(JAVASCRIPT 97)
   

Deleted

C:\Program Files\Support.com\backup\5F\5F0454E5d01\170634_5071a41f2_=>5F0454E5d01
   

Updated

C:\Program Files\Support.com\backup\5F\5F0454E5d01\170634_5071a41f2_
   

Update failed

C:\Program Files\Support.com\backup\68\68C16D65d01\101103_59b6a2c63_=>68C16D65d01=>(JAVASCRIPT 51)
   

Suspected of: Trojan.IFrame.GZ

C:\Program Files\Support.com\backup\68\68C16D65d01\101103_59b6a2c63_=>68C16D65d01=>(JAVASCRIPT 51)
   

Disinfection failed

C:\Program Files\Support.com\backup\68\68C16D65d01\101103_59b6a2c63_=>68C16D65d01=>(JAVASCRIPT 51)
   

Deleted

C:\Program Files\Support.com\backup\68\68C16D65d01\101103_59b6a2c63_=>68C16D65d01
   

Updated

C:\Program Files\Support.com\backup\68\68C16D65d01\101103_59b6a2c63_
   

Update failed

C:\Program Files\Support.com\backup\68\68C16F0Ed01\106748_56cdca367_=>68C16F0Ed01=>(JAVASCRIPT 51)
   

Suspected of: Trojan.IFrame.GZ

C:\Program Files\Support.com\backup\68\68C16F0Ed01\106748_56cdca367_=>68C16F0Ed01=>(JAVASCRIPT 51)
   

Disinfection failed

C:\Program Files\Support.com\backup\68\68C16F0Ed01\106748_56cdca367_=>68C16F0Ed01=>(JAVASCRIPT 51)
   

Deleted

C:\Program Files\Support.com\backup\68\68C16F0Ed01\106748_56cdca367_=>68C16F0Ed01
   

Updated

C:\Program Files\Support.com\backup\68\68C16F0Ed01\106748_56cdca367_
   

Update failed

C:\Program Files\Support.com\backup\68\68D7E83Fd01\114423_54dd115c9_=>68D7E83Fd01=>(JAVASCRIPT 52)
   

Suspected of: Trojan.IFrame.GZ

C:\Program Files\Support.com\backup\68\68D7E83Fd01\114423_54dd115c9_=>68D7E83Fd01=>(JAVASCRIPT 52)
   

Disinfection failed

C:\Program Files\Support.com\backup\68\68D7E83Fd01\114423_54dd115c9_=>68D7E83Fd01=>(JAVASCRIPT 52)
   

Deleted

C:\Program Files\Support.com\backup\68\68D7E83Fd01\114423_54dd115c9_=>68D7E83Fd01
   

Updated

C:\Program Files\Support.com\backup\68\68D7E83Fd01\114423_54dd115c9_
   

Update failed

C:\Program Files\Support.com\backup\6D\6DB72BE9d01\107825_5d0d3eb41_=>6DB72BE9d01=>(JAVASCRIPT 50)
   

Suspected of: Trojan.IFrame.GZ

C:\Program Files\Support.com\backup\6D\6DB72BE9d01\107825_5d0d3eb41_=>6DB72BE9d01=>(JAVASCRIPT 50)
   

Disinfection failed

C:\Program Files\Support.com\backup\6D\6DB72BE9d01\107825_5d0d3eb41_=>6DB72BE9d01=>(JAVASCRIPT 50)
   

Deleted

C:\Program Files\Support.com\backup\6D\6DB72BE9d01\107825_5d0d3eb41_=>6DB72BE9d01
   

Updated

C:\Program Files\Support.com\backup\6D\6DB72BE9d01\107825_5d0d3eb41_
   

Update failed

C:\Program Files\Support.com\backup\88\880FDAFCd01\110063_5221237c9_=>880FDAFCd01=>(JAVASCRIPT 50)
   

Suspected of: Trojan.IFrame.GZ

C:\Program Files\Support.com\backup\88\880FDAFCd01\110063_5221237c9_=>880FDAFCd01=>(JAVASCRIPT 50)
   

Disinfection failed

C:\Program Files\Support.com\backup\88\880FDAFCd01\110063_5221237c9_=>880FDAFCd01=>(JAVASCRIPT 50)
   

Deleted

C:\Program Files\Support.com\backup\88\880FDAFCd01\110063_5221237c9_=>880FDAFCd01
   

Updated

C:\Program Files\Support.com\backup\88\880FDAFCd01\110063_5221237c9_
   

Update failed

C:\Program Files\Support.com\backup\88\88C19975d01\102433_5c36fbb3f_=>88C19975d01=>(JAVASCRIPT 54)
   

Suspected of: Trojan.IFrame.GZ

C:\Program Files\Support.com\backup\88\88C19975d01\102433_5c36fbb3f_=>88C19975d01=>(JAVASCRIPT 54)
   

Disinfection failed

C:\Program Files\Support.com\backup\88\88C19975d01\102433_5c36fbb3f_=>88C19975d01=>(JAVASCRIPT 54)
   

Deleted

C:\Program Files\Support.com\backup\88\88C19975d01\102433_5c36fbb3f_=>88C19975d01
   

Updated

C:\Program Files\Support.com\backup\88\88C19975d01\102433_5c36fbb3f_
   

Update failed

C:\Program Files\Support.com\backup\AA\AA3634F8d01\120205_56ead2988_=>AA3634F8d01=>(JAVASCRIPT 95)
   

Suspected of: Trojan.IFrame.GZ

C:\Program Files\Support.com\backup\AA\AA3634F8d01\120205_56ead2988_=>AA3634F8d01=>(JAVASCRIPT 95)
   

Disinfection failed

C:\Program Files\Support.com\backup\AA\AA3634F8d01\120205_56ead2988_=>AA3634F8d01=>(JAVASCRIPT 95)
   

Deleted

C:\Program Files\Support.com\backup\AA\AA3634F8d01\120205_56ead2988_=>AA3634F8d01
   

Updated

C:\Program Files\Support.com\backup\AA\AA3634F8d01\120205_56ead2988_
   

Update failed

C:\Program Files\Support.com\backup\B3\B3F9E67Ad01\81938_5a64ad153_=>B3F9E67Ad01=>(JAVASCRIPT 45)
   

Suspected of: Trojan.IFrame.GZ

C:\Program Files\Support.com\backup\B3\B3F9E67Ad01\81938_5a64ad153_=>B3F9E67Ad01=>(JAVASCRIPT 45)
   

Disinfection failed

C:\Program Files\Support.com\backup\B3\B3F9E67Ad01\81938_5a64ad153_=>B3F9E67Ad01=>(JAVASCRIPT 45)
   

Deleted

C:\Program Files\Support.com\backup\B3\B3F9E67Ad01\81938_5a64ad153_=>B3F9E67Ad01
   

Updated

C:\Program Files\Support.com\backup\B3\B3F9E67Ad01\81938_5a64ad153_
   

Update failed

C:\Program Files\Support.com\backup\B6\B65A93BAd01\86962_5cd72e5c5_=>B65A93BAd01=>(JAVASCRIPT 44)
   

Suspected of: Trojan.IFrame.GZ

C:\Program Files\Support.com\backup\B6\B65A93BAd01\86962_5cd72e5c5_=>B65A93BAd01=>(JAVASCRIPT 44)
   

Disinfection failed

C:\Program Files\Support.com\backup\B6\B65A93BAd01\86962_5cd72e5c5_=>B65A93BAd01=>(JAVASCRIPT 44)
   

Deleted

C:\Program Files\Support.com\backup\B6\B65A93BAd01\86962_5cd72e5c5_=>B65A93BAd01
   

Updated

C:\Program Files\Support.com\backup\B6\B65A93BAd01\86962_5cd72e5c5_
   

Update failed

C:\Program Files\Support.com\backup\B6\B65AC836d01\87602_59ae4bd07_=>B65AC836d01=>(JAVASCRIPT 46)
   

Suspected of: Trojan.IFrame.GZ

C:\Program Files\Support.com\backup\B6\B65AC836d01\87602_59ae4bd07_=>B65AC836d01=>(JAVASCRIPT 46)
   

Disinfection failed

C:\Program Files\Support.com\backup\B6\B65AC836d01\87602_59ae4bd07_=>B65AC836d01=>(JAVASCRIPT 46)
   

Deleted

C:\Program Files\Support.com\backup\B6\B65AC836d01\87602_59ae4bd07_=>B65AC836d01
   

Updated

C:\Program Files\Support.com\backup\B6\B65AC836d01\87602_59ae4bd07_
   

Update failed

C:\Program Files\Support.com\backup\B6\B65ADEB0d01\84796_5b0ed8ada_=>B65ADEB0d01=>(JAVASCRIPT 45)
   

Suspected of: Trojan.IFrame.GZ

C:\Program Files\Support.com\backup\B6\B65ADEB0d01\84796_5b0ed8ada_=>B65ADEB0d01=>(JAVASCRIPT 45)
   

Disinfection failed

C:\Program Files\Support.com\backup\B6\B65ADEB0d01\84796_5b0ed8ada_=>B65ADEB0d01=>(JAVASCRIPT 45)
   

Deleted

C:\Program Files\Support.com\backup\B6\B65ADEB0d01\84796_5b0ed8ada_=>B65ADEB0d01
   

Updated

C:\Program Files\Support.com\backup\B6\B65ADEB0d01\84796_5b0ed8ada_
   

Update failed

C:\Program Files\Support.com\backup\B6\B65AFBF0d01\87230_5661b04c9_=>B65AFBF0d01=>(JAVASCRIPT 45)
   

Suspected of: Trojan.IFrame.GZ

C:\Program Files\Support.com\backup\B6\B65AFBF0d01\87230_5661b04c9_=>B65AFBF0d01=>(JAVASCRIPT 45)
   

Disinfection failed

C:\Program Files\Support.com\backup\B6\B65AFBF0d01\87230_5661b04c9_=>B65AFBF0d01=>(JAVASCRIPT 45)
   

Deleted

C:\Program Files\Support.com\backup\B6\B65AFBF0d01\87230_5661b04c9_=>B65AFBF0d01
   

Updated

C:\Program Files\Support.com\backup\B6\B65AFBF0d01\87230_5661b04c9_
   

Update failed

C:\Program Files\Support.com\backup\B6\B65AFF94d01\87400_5f55f67ea_=>B65AFF94d01=>(JAVASCRIPT 45)
   

Suspected of: Trojan.IFrame.GZ

C:\Program Files\Support.com\backup\B6\B65AFF94d01\87400_5f55f67ea_=>B65AFF94d01=>(JAVASCRIPT 45)
   

Disinfection failed

C:\Program Files\Support.com\backup\B6\B65AFF94d01\87400_5f55f67ea_=>B65AFF94d01=>(JAVASCRIPT 45)
   

Deleted

C:\Program Files\Support.com\backup\B6\B65AFF94d01\87400_5f55f67ea_=>B65AFF94d01
   

Updated

C:\Program Files\Support.com\backup\B6\B65AFF94d01\87400_5f55f67ea_
   

Update failed

C:\Program Files\Support.com\backup\C6\C6C0DC16d01\117619_51ff863d3_=>C6C0DC16d01=>(JAVASCRIPT 53)
   

Suspected of: Trojan.IFrame.GZ

C:\Program Files\Support.com\backup\C6\C6C0DC16d01\117619_51ff863d3_=>C6C0DC16d01=>(JAVASCRIPT 53)
   

Disinfection failed

C:\Program Files\Support.com\backup\C6\C6C0DC16d01\117619_51ff863d3_=>C6C0DC16d01=>(JAVASCRIPT 53)
   

Deleted

C:\Program Files\Support.com\backup\C6\C6C0DC16d01\117619_51ff863d3_=>C6C0DC16d01
   

Updated

C:\Program Files\Support.com\backup\C6\C6C0DC16d01\117619_51ff863d3_
   

Update failed

C:\Program Files\Support.com\backup\C6\C6C182ADd01\104773_543d58f19_=>C6C182ADd01=>(JAVASCRIPT 52)
   

Suspected of: Trojan.IFrame.GZ

C:\Program Files\Support.com\backup\C6\C6C182ADd01\104773_543d58f19_=>C6C182ADd01=>(JAVASCRIPT 52)
   

Disinfection failed

C:\Program Files\Support.com\backup\C6\C6C182ADd01\104773_543d58f19_=>C6C182ADd01=>(JAVASCRIPT 52)
   

Deleted

C:\Program Files\Support.com\backup\C6\C6C182ADd01\104773_543d58f19_=>C6C182ADd01
   

Updated

C:\Program Files\Support.com\backup\C6\C6C182ADd01\104773_543d58f19_
   

Update failed

C:\Program Files\Support.com\backup\F0\F015CCD5d01\124601_507225548_=>F015CCD5d01=>(JAVASCRIPT 58)
   

Suspected of: Trojan.IFrame.GZ

C:\Program Files\Support.com\backup\F0\F015CCD5d01\124601_507225548_=>F015CCD5d01=>(JAVASCRIPT 58)
   

Disinfection failed

C:\Program Files\Support.com\backup\F0\F015CCD5d01\124601_507225548_=>F015CCD5d01=>(JAVASCRIPT 58)
   

Deleted

C:\Program Files\Support.com\backup\F0\F015CCD5d01\124601_507225548_=>F015CCD5d01
   

Updated

C:\Program Files\Support.com\backup\F0\F015CCD5d01\124601_507225548_
   

Update failed

C:\Program Files\Verizon\Verizon Internet Security Suite\Kav\udinstaller32.exe
   

Infected with: Trojan.Generic.IS.597508

C:\Program Files\Verizon\Verizon Internet Security Suite\Kav\udinstaller32.exe
   

Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2521\A0202156.exe
   

Infected with: Trojan.Generic.IS.597508

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2521\A0202156.exe
   

Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2521\A0202158.exe
   

Infected with: Trojan.Generic.IS.597508

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2521\A0202158.exe
   

Deleted

C:\zj.chm=>/d_zj.exe
   

Infected with: Trojan.Dialer.CE

C:\zj.chm=>/d_zj.exe
   

Deleted

C:\zj.chm
   

Update failed
   

 

 
   

 
   

 

 
   

 
   

 

 
Logged

Offline RobotARM

  • Bronze Member
  • Posts: 17
Re: [Resolved]Spyware and Registry Errors
« Reply #22 on: August 27, 2009, 06:09:02 AM »
My mistake, I forgot the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:35 AM, on 8/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\Verizon Internet Security Suite\rps.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3413828574-3775816593-2614016962-1006\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User '?')
O4 - HKUS\S-1-5-21-3413828574-3775816593-2614016962-1006\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win (User '?')
O4 - HKUS\S-1-5-21-3413828574-3775816593-2614016962-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - S-1-5-21-3413828574-3775816593-2614016962-1006 Startup: PowerReg Scheduler V3.exe (User '?')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
O23 - Service: Verizon Internet Security Suite SafeConnectAgent (RadialpointSafeConnectAgent) - Sana Security - C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

--
End of file - 10561 bytes
Logged

Offline PCBruiser

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 7300
Re: [Resolved]Spyware and Registry Errors
« Reply #23 on: August 27, 2009, 03:43:22 PM »
Hi,

OK, let's get rid of that folder - clearly it is infected.  We'll use ComboFix to do that.  Run ComboFix again using the drag and drop method, except this time use the following code for making the file CFScript.txt:

Code: [Select]

killall::

folder::
C:\Program Files\Support.com
C:\Program Files\InstallShield Installation Information\{4CB90CB9-DD58-4CCC-A053-08FA70A42941}


Please post the combofix.txt log and a fresh HJT as well.
Logged
Don't Read?  Can't learn!

Offline RobotARM

  • Bronze Member
  • Posts: 17
Re: [Resolved]Spyware and Registry Errors
« Reply #24 on: August 29, 2009, 05:09:53 PM »
PCB, sorry for the delay - I've tried to run combofix with the direction provided - I keep getting the message while it is deleting (I believe that it is attempting to delete) the files that we think are infected.

I have followed Microsoft's direction regarding how to increase virtual memory. After I increased the virtual memory and attempted to run combofix with your directions (the drag and drop method with the text provided), I get the message:

(Window title): CFScript Name Error

(within the window) "The name CFScript appears to be incorrectly spelt"

Any thoughts?

Thanks - and please accept my apology for the delay
Logged

Offline RobotARM

  • Bronze Member
  • Posts: 17
Re: [Resolved]Spyware and Registry Errors
« Reply #25 on: August 30, 2009, 01:16:12 PM »
PCB, I hope that you got my combo fix log alright, here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:48 PM, on 8/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\Verizon Internet Security Suite\rps.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaMonitor.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3413828574-3775816593-2614016962-1006\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User '?')
O4 - HKUS\S-1-5-21-3413828574-3775816593-2614016962-1006\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win (User '?')
O4 - HKUS\S-1-5-21-3413828574-3775816593-2614016962-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - S-1-5-21-3413828574-3775816593-2614016962-1006 Startup: PowerReg Scheduler V3.exe (User '?')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
O23 - Service: Verizon Internet Security Suite SafeConnectAgent (RadialpointSafeConnectAgent) - Sana Security - C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

--
End of file - 10463 bytes
Logged

Offline PCBruiser

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 7300
Re: [Resolved]Spyware and Registry Errors
« Reply #26 on: August 30, 2009, 02:24:07 PM »
Hi,

Yes, I received them.  I need to take a look at them and then I'll be back.  How is the system running now?
Logged
Don't Read?  Can't learn!

Offline PCBruiser

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 7300
Re: [Resolved]Spyware and Registry Errors
« Reply #27 on: August 30, 2009, 02:49:09 PM »
Hi,

BIG log, LOL!  OK, how is the system running now?  If it is good, you need to go to Start then click on Run and copy and paste the following into the Run box:

combofix /u

and tap <Enter>.  That should clean out all those files and delete ComboFix from your desktop.  If you are having any problems, post back and list them for me.  Do not do the combofix /u if there are problems remaining.
Logged
Don't Read?  Can't learn!

Offline RobotARM

  • Bronze Member
  • Posts: 17
Re: [Resolved]Spyware and Registry Errors
« Reply #28 on: August 31, 2009, 04:29:05 PM »
PCB, The computer is running better - the catch is that I was thinking about the other users on this computer (I was crazy enough to let them each setup their own user name on my machine), so I thought I'd run a HJT log for you on one of their accounts - would you mind looking at it and letting me know if it is any different user to user.  Below is my daughters HJT log, in the next post, I will provide an updated log on my user name.  I also ran a Malwarebytes and have listed the log for that below.

HJT Log: Daughter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:25:35 PM, on 8/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Verizon\McciBrowser.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://launch.yahoo.com/musicvideos/lists/top.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-21-3413828574-3775816593-2614016962-1009\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-3413828574-3775816593-2614016962-1009\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-3413828574-3775816593-2614016962-1009\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe (User '?')
O4 - HKUS\S-1-5-21-3413828574-3775816593-2614016962-1009\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (User '?')
O4 - HKUS\S-1-5-21-3413828574-3775816593-2614016962-1009\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (User '?')
O4 - HKUS\S-1-5-21-3413828574-3775816593-2614016962-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3413828574-3775816593-2614016962-1009\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User '?')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
O23 - Service: Verizon Internet Security Suite SafeConnectAgent (RadialpointSafeConnectAgent) - Sana Security - C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

--
End of file - 11832 bytes

Malawarebytes log:

Malwarebytes' Anti-Malware 1.40
Database version: 2691
Windows 5.1.2600 Service Pack 3

8/31/2009 6:21:35 PM
mbam-log-2009-08-31 (18-21-35).txt

Scan type: Quick Scan
Objects scanned: 110670
Time elapsed: 9 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{53e0b6e8-a51d-448b-b692-40b67b285543} (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I thought that because I was the administrator we would have caught everything - but it looks like that may not be the case. Thanks as always and I appreciate your thoughts.
Logged

Offline RobotARM

  • Bronze Member
  • Posts: 17
Re: [Resolved]Spyware and Registry Errors
« Reply #29 on: August 31, 2009, 04:35:46 PM »
Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:33:03 PM, on 8/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3413828574-3775816593-2614016962-1006\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User '?')
O4 - HKUS\S-1-5-21-3413828574-3775816593-2614016962-1006\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win (User '?')
O4 - HKUS\S-1-5-21-3413828574-3775816593-2614016962-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - S-1-5-21-3413828574-3775816593-2614016962-1006 Startup: PowerReg Scheduler V3.exe (User '?')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
O23 - Service: Verizon Internet Security Suite SafeConnectAgent (RadialpointSafeConnectAgent) - Sana Security - C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

--
End of file - 10152 bytes
Logged
Pages: 1 [2] 3   Go Up
« previous next »