Travel Fans
Go Back   Computer Juice Computer Software Virus, Spyware & Security

Register

 Default 

Malware Removal - Help




Reply
 
Thread Tools
  #11  
Old 8th Apr 2008, 10:19
Donor VIP
Posts: 1,799
 
Ah good good least you know where it is in future.

  #12  
Old 8th Apr 2008, 10:21
Moderator
Posts: 7,557
 
Go to add/remove programs and uninstall
Windows live Messenger < This is not the right MSN Messenger
Get the right version HERE

Open Hijackthis and select Do a system scan only then place a check mark next to (if there)
  • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/frontiersidebar.jsp?p=CI
  • R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weather.wcco.com/cgi-bin/find...6251.001.99999
  • O2 - BHO: {31e8cbc1-30d8-bf99-0294-19db1acbcf74} - {47fcbca1-bd91-4920-99fb-8d031cbc8e13} - C:\WINDOWS\system32\xygpcrbt.dll
  • O2 - BHO: (no name) - {6A35C34E-EE48-425F-B809-C6D64566FE2A} - C:\WINDOWS\system32\khfDwuvw.dll
  • O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  • O2 - BHO: (no name) - {8E1BFC0E-8AD2-424D-AC8A-06038481516E} - C:\WINDOWS\system32\ljJDSihG.dll
  • O4 - HKLM\..\Run: [Windows live Messenger] msn.com
Now close all browser windows except for Hijackthis and click Fix checked

Exit Hijackthis.

----------

Download SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard).
  • Finally add the contents of the Report.txt in your next post along with a NEW Hijackthis log.
Let me know how things are now.
__________________

  #13  
Old 8th Apr 2008, 11:40
Full Member
Posts: 21
 
Things are still the same-some web pages load only halfway or not at all.

Here are the logs...



SDFix: Version 1.167
Run by Sandra on Tue 04/08/2008 at 01:08 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 13:18:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000045
"TracesSuccessful"=dword:00000007

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 5


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Disabled:WinMX Application"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\Sandra\\Desktop\\Dylan's Documents\\utorrent.exe"="C:\\Documents and Settings\\Sandra\\Desktop\\Dylan's Documents\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Documents and Settings\\Sandra\\Desktop\\My Documents\\FirmWares, Converters, Ext\\Morpheus\\Morpheus.exe"="C:\\Documents and Settings\\Sandra\\Desktop\\My Documents\\FirmWares, Converters, Ext\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 5 Apr 2008 39,424 ..SHR --- "C:\WINDOWS\msn.com"
Wed 22 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
Sat 10 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 2 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 7 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BITB.tmp"
Tue 27 Feb 2007 158,720 ...H. --- "C:\Documents and Settings\Sandra\Application Data\Microsoft\Templates\~WRL0004.tmp"
Mon 6 Aug 2007 185,856 ...H. --- "C:\Documents and Settings\Sandra\Application Data\Microsoft\Templates\~WRL0005.tmp"
Tue 4 Sep 2007 187,392 ...H. --- "C:\Documents and Settings\Sandra\Application Data\Microsoft\Templates\~WRL0682.tmp"
Wed 31 Jan 2007 152,576 ...H. --- "C:\Documents and Settings\Sandra\Application Data\Microsoft\Templates\~WRL3768.tmp"
Tue 11 Sep 2007 19,456 ...H. --- "C:\Documents and Settings\Sandra\Application Data\Microsoft\Word\~WRL0515.tmp"
Mon 12 Nov 2007 19,968 ...H. --- "C:\Documents and Settings\Sandra\Application Data\Microsoft\Word\~WRL1752.tmp"
Tue 11 Sep 2007 19,456 ...H. --- "C:\Documents and Settings\Sandra\Application Data\Microsoft\Word\~WRL1950.tmp"
Thu 31 May 2007 8 A..H. --- "C:\Documents and Settings\Sandra\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Thu 31 May 2007 8 A..H. --- "C:\Documents and Settings\Sandra\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Thu 31 May 2007 8 A..H. --- "C:\Documents and Settings\Sandra\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Thu 31 May 2007 8 A..H. --- "C:\Documents and Settings\Sandra\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

Finished!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:13 AM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\msn.com
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/frontiersidebar.jsp?p=CI
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weather.wcco.com/cgi-bin/find...6251.001.99999
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by En-Tel Communications, LLC
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {38E77F06-89FC-44f5-B3AB-11DDEB791947} - C:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {38E77F01-89FC-44f5-B3AB-11DDEB791947} - C:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll
O2 - BHO: {31e8cbc1-30d8-bf99-0294-19db1acbcf74} - {47fcbca1-bd91-4920-99fb-8d031cbc8e13} - C:\WINDOWS\system32\xygpcrbt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6A35C34E-EE48-425F-B809-C6D64566FE2A} - C:\WINDOWS\system32\khfDwuvw.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E1BFC0E-8AD2-424D-AC8A-06038481516E} - C:\WINDOWS\system32\ljJDSihG.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: FrontierBA BHO - {A93A3CC1-BA23-4d0d-9440-6A0148362B7E} - C:\Program Files\FrontierBA\BrowserAssistant\fbabar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Frontier Browser Assistant - {A93A3CC9-BA23-4d0d-9440-6A0148362B7E} - C:\Program Files\FrontierBA\BrowserAssistant\fbabar.dll
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [BMf7889183] Rundll32.exe "C:\WINDOWS\system32\vmptfdge.dll",s
O4 - HKLM\..\Run: [f4bba21f] rundll32.exe "C:\WINDOWS\system32\jmiaxofx.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.en-tel.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120134982093
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ljJDSihG - C:\WINDOWS\SYSTEM32\ljJDSihG.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 15124 bytes
  #14  
Old 8th Apr 2008, 12:13
Moderator
Posts: 7,557
 
Lets try a more thorough scan.

First

Open Hijackthis and select Do a system scan only.

Place a check mark next to the following entries: (if there)
  • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/frontiersidebar.jsp?p=CI
  • R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weather.wcco.com/cgi-bin/find...6251.001.99999
  • R3 - URLSearchHook: (no name) - {38E77F06-89FC-44f5-B3AB-11DDEB791947} - C:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll
  • O2 - BHO: {31e8cbc1-30d8-bf99-0294-19db1acbcf74} - {47fcbca1-bd91-4920-99fb-8d031cbc8e13} - C:\WINDOWS\system32\xygpcrbt.dll
  • O2 - BHO: (no name) - {6A35C34E-EE48-425F-B809-C6D64566FE2A} - C:\WINDOWS\system32\khfDwuvw.dll
  • O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  • O20 - Winlogon Notify: ljJDSihG - C:\WINDOWS\SYSTEM32\ljJDSihG.dll
Important: Close all windows except for Hijackthis and then click Fix checked.

Exit Hijackthis.

----------

Next

Download and install CleanUp!.exe

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
  • Click Options...
  • Move the arrow to Standard CleanUp!
  • Uncheck the following: (if checked)
    • Delete Newsgroup cache
    • Delete Newsgroup Subscriptions
  • Click OK
Click the CleanUp! button to start the program. Reboot/logoff when prompted.

Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!
If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility


----------

Last

Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)Important! Combofix.exe MUST be saved to and ran from the Desktop.
  • Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
  • Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
    • Click this link to see a list of security programs that should be disabled and how to disable them.
    • If yours is not listed and you don't know how to disable it, please ask.
  • Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
  • Double click combofix.exe & follow the prompts.
    • Choose Yes to accept the Disclaimers.[
  • When finished, it will produce a log for you.
  • Post that log in your next reply.
Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall
  • If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
  • Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.
----------

Next post add
Combofix log
__________________

  #15  
Old 9th Apr 2008, 09:05
Full Member
Posts: 21
 
Things seem to be working correctly..... here is the combofix log

ComboFix 08-04-08.7 - Sandra 2008-04-09 10:32:37.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.112 [GMT -5:00]
Running from: C:\Documents and Settings\Sandra\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMf7889183.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\anmedkya.dll
C:\WINDOWS\system32\dshkpygq.dll
C:\WINDOWS\SYSTEM32\dwjubiuh.ini
C:\WINDOWS\system32\fccbXoli.dll
C:\WINDOWS\system32\huibujwd.dll
C:\WINDOWS\system32\itedsrnx.dll
C:\WINDOWS\system32\jegekedq.dll
C:\WINDOWS\system32\jkkKbYsq.dll
C:\WINDOWS\system32\jygkeaeq.dll
C:\WINDOWS\system32\khfDwuvw.dll
C:\WINDOWS\system32\ljJDSihG.dll
C:\WINDOWS\system32\ljJDTMDu.dll
C:\WINDOWS\system32\lngsdhgv.dll
C:\WINDOWS\system32\pmnllihf.dll
C:\WINDOWS\system32\skdaaabc.dll
C:\WINDOWS\system32\strmihxj.dll
C:\WINDOWS\SYSTEM32\TCegffii.ini
C:\WINDOWS\SYSTEM32\TCegffii.ini2
C:\WINDOWS\system32\vmptfdge.dll
C:\WINDOWS\SYSTEM32\wvuwDfhk.ini
C:\WINDOWS\SYSTEM32\wvuwDfhk.ini2
C:\WINDOWS\system32\xxyvwUMF.dll
C:\WINDOWS\system32\xygpcrbt.dll
C:\WINDOWS\system32\ytqjsese.dll
.
---- Previous Run -------
.
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.

2008-04-08 18:33 . 2008-04-08 18:33 <DIR> d-------- C:\Program Files\CleanUp!
2008-04-08 13:02 . 2008-04-08 13:02 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-08 12:35 . 2008-04-08 12:35 244 --ah----- C:\sqmnoopt13.sqm
2008-04-08 12:35 . 2008-04-08 12:35 232 --ah----- C:\sqmdata13.sqm
2008-04-08 11:47 . 2008-04-08 11:47 244 --ah----- C:\sqmnoopt12.sqm
2008-04-08 11:47 . 2008-04-08 11:47 232 --ah----- C:\sqmdata12.sqm
2008-04-08 11:31 . 2008-04-08 11:31 3,648 --a------ C:\WINDOWS\SYSTEM32\plkphytq.dll
2008-04-08 11:28 . 2008-04-08 11:28 244 --ah----- C:\sqmnoopt11.sqm
2008-04-08 11:28 . 2008-04-08 11:28 232 --ah----- C:\sqmdata11.sqm
2008-04-08 11:18 . 1980-04-08 11:27 474 ---hs---- C:\WINDOWS\SYSTEM32\xfoxaimj.ini
2008-04-08 11:16 . 2008-04-08 11:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-08 11:12 . 2008-04-08 11:12 3,648 --a------ C:\WINDOWS\SYSTEM32\atbiglum.dll
2008-04-08 11:09 . 2008-04-08 11:09 244 --ah----- C:\sqmnoopt10.sqm
2008-04-08 11:09 . 2008-04-08 11:09 232 --ah----- C:\sqmdata10.sqm
2008-04-08 11:08 . 2008-04-08 11:08 294 ---hs---- C:\WINDOWS\SYSTEM32\bslllwjg.ini
2008-04-08 11:03 . 2008-04-08 11:03 3,648 --a------ C:\WINDOWS\SYSTEM32\vqavawye.dll
2008-04-08 11:00 . 2008-04-08 11:00 244 --ah----- C:\sqmnoopt09.sqm
2008-04-08 11:00 . 2008-04-08 11:00 232 --ah----- C:\sqmdata09.sqm
2008-04-08 10:51 . 2008-04-08 10:51 244 --ah----- C:\sqmnoopt08.sqm
2008-04-08 10:51 . 2008-04-08 10:51 232 --ah----- C:\sqmdata08.sqm
2008-04-08 10:49 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-04-08 10:24 . 2008-04-08 10:24 244 --ah----- C:\sqmnoopt07.sqm
2008-04-08 10:24 . 2008-04-08 10:24 232 --ah----- C:\sqmdata07.sqm
2008-04-08 10:03 . 2008-04-08 10:03 244 --ah----- C:\sqmnoopt06.sqm
2008-04-08 10:03 . 2008-04-08 10:03 232 --ah----- C:\sqmdata06.sqm
2008-04-08 09:18 . 2008-04-08 09:18 244 --ah----- C:\sqmnoopt05.sqm
2008-04-08 09:18 . 2008-04-08 09:18 232 --ah----- C:\sqmdata05.sqm
2008-04-08 09:08 . 2008-04-08 09:08 244 --ah----- C:\sqmnoopt04.sqm
2008-04-08 09:08 . 2008-04-08 09:08 232 --ah----- C:\sqmdata04.sqm
2008-04-08 09:05 . 2008-04-08 09:05 244 --ah----- C:\sqmnoopt03.sqm
2008-04-08 09:05 . 2008-04-08 09:05 232 --ah----- C:\sqmdata03.sqm
2008-04-08 08:59 . 2008-04-08 08:59 244 --ah----- C:\sqmnoopt02.sqm
2008-04-08 08:59 . 2008-04-08 08:59 232 --ah----- C:\sqmdata02.sqm
2008-04-08 08:35 . 2008-04-08 08:35 244 --ah----- C:\sqmnoopt01.sqm
2008-04-08 08:35 . 2008-04-08 08:35 232 --ah----- C:\sqmdata01.sqm
2008-04-08 08:34 . 2008-04-08 08:34 244 --ah----- C:\sqmnoopt00.sqm
2008-04-08 08:34 . 2008-04-08 08:34 232 --ah----- C:\sqmdata00.sqm
2008-04-07 17:49 . 2008-04-08 11:08 354 ---hs---- C:\WINDOWS\SYSTEM32\xhmwnbol.ini
2008-04-07 16:31 . 2008-04-07 16:31 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-07 16:31 . 2008-04-07 16:31 <DIR> d-------- C:\Documents and Settings\Sandra\Application Data\Malwarebytes
2008-04-07 16:31 . 2008-04-07 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-07 13:58 . 2008-04-07 13:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-07 13:58 . 2008-04-07 13:58 <DIR> d-------- C:\Documents and Settings\Sandra\Application Data\SUPERAntiSpyware.com
2008-04-07 13:58 . 2008-04-07 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-07 13:57 . 2008-04-07 13:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-07 13:45 . 2008-04-07 13:45 <DIR> d-------- C:\Program Files\CCleaner
2008-04-07 13:37 . 2008-04-07 13:37 414 ---hs---- C:\WINDOWS\SYSTEM32\jeplkjvb.ini
2008-04-07 10:12 . 1980-04-07 13:33 354 ---hs---- C:\WINDOWS\SYSTEM32\cnopjlan.ini
2008-04-05 18:39 . 2008-04-05 18:38 39,424 -r-hs---- C:\WINDOWS\msn.com
2008-03-30 15:10 . 2008-03-30 15:10 <DIR> d-------- C:\Program Files\Audacity
2008-03-27 19:50 . 2008-03-27 19:50 <DIR> d-------- C:\Program Files\Axogon
2008-03-13 16:10 . 2008-03-13 16:10 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-03-13 16:05 . 2008-03-13 16:10 <DIR> d-------- C:\Program Files\Logitech
2008-03-13 16:05 . 2008-03-13 16:15 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2008-03-13 16:05 . 2008-03-13 16:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-03-13 16:05 . 2008-03-13 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 23:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-08 16:03 --------- d-----w C:\Program Files\Java
2008-04-08 01:57 --------- d-----w C:\Program Files\Microsoft Home Publishing 2000
2008-04-07 18:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-06 21:11 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-04-06 21:10 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad
2008-04-03 21:21 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-28 00:52 --------- d-----w C:\Program Files\GIMP-2.0
2008-03-28 00:47 --------- d-----w C:\Program Files\NCH Swift Sound
2008-03-28 00:43 --------- d-----w C:\Program Files\DebugMode
2008-03-28 00:42 --------- d-----w C:\Program Files\Opera
2008-03-23 18:34 --------- d-----w C:\Program Files\QuickTime
2008-03-13 21:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-08 19:13 --------- d-----w C:\Program Files\EA GAMES
2008-03-08 00:27 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-03-07 23:17 --------- d-----w C:\Program Files\AnimatorDVSimple+
2008-03-07 15:56 --------- d-----w C:\Program Files\Real
2008-03-03 02:01 --------- d-----w C:\Program Files\MonkeyJam
2008-03-02 03:36 160,561 ----a-w C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
2008-03-02 03:36 --------- d-----w C:\Program Files\Sqirlz Water Reflections
2008-03-01 22:54 --------- d-----w C:\Program Files\Sonic Foundry
2008-02-21 23:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-21 21:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Individual Software
2008-02-19 19:07 --------- d-----w C:\Program Files\Vstplugins
2008-02-19 19:02 --------- d-----w C:\Program Files\Sony
2008-02-16 01:53 --------- d-----w C:\Program Files\Common Files\xing shared
2008-02-16 01:53 --------- d-----w C:\Program Files\Common Files\Real
2008-02-16 01:52 348,160 ----a-w C:\WINDOWS\SYSTEM32\msvcr71.dll
2008-02-15 21:20 --------- d-----w C:\Program Files\Paint.NET
2008-02-15 18:05 --------- d-----w C:\Program Files\Screaming Bee
2008-02-14 21:30 --------- d-----w C:\Documents and Settings\Sandra\Application Data\Screaming Bee
2008-02-14 21:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Screaming Bee
2008-02-14 21:28 --------- d-----w C:\Program Files\Common Files\Screaming Bee
2008-02-11 21:55 209 ---ha-w C:\Documents and Settings\Dustin\hpothb07.dat
2008-02-11 20:13 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-11 20:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-09 23:01 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-18 17:11 50,520 ----a-w C:\WINDOWS\SYSTEM32\csvidcap.dll
2008-01-18 09:36 107,864 ----a-w C:\WINDOWS\SYSTEM32\tsccvid.dll
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2007-05-26 00:45 28,672 ----a-w C:\Documents and Settings\Sandra\N_Menu.dll
2007-05-26 00:45 26,624 ----a-w C:\Documents and Settings\Sandra\silent_dos.dll
2007-05-26 00:45 1,334,784 ----a-w C:\Documents and Settings\Sandra\convert.exe
2007-03-20 15:21 23,446 ----a-w C:\Documents and Settings\Sandra\zguicfg.dat
2006-02-22 16:44 0 ---ha-w C:\Documents and Settings\Sandra\hpothb07.dat
2006-02-22 16:43 179 ---ha-w C:\Documents and Settings\All Users\Application Data\hpothb07.dat
2006-02-22 16:43 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2005-10-10 16:11 792,064 ----a-w C:\Program Files\pivot.exe
2004-07-20 16:13 5,693 ----a-w C:\Program Files\ReadMe.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 15:46 68856]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32 700416]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-15 20:52 185896]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-04-03 18:23 100056]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42 1404928]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 10:46 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-08 16:36 49512]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-23 13:34 385024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-13 16:10:41 66864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJDSihG]
ljJDSihG.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"msacm.ac3acm"= AC3ACM.acm
"vidc.dvsd"= mcdvd_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

S3 LTower;LEGO USB Tower Driver;C:\WINDOWS\system32\Drivers\LTower.sys [2001-04-25 17:44]
S3 MAC607;MAC607 Filter;C:\WINDOWS\system32\DRIVERS\MAC607.sys []
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-05 14:00:10 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Sandra.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2008-04-09 15:50:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
"2008-04-08 16:26:50 C:\WINDOWS\Tasks\User_Feed_Synchronization-{3D8C1BF4-7179-47C5-AD3C-DD7421DD4009}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 10:45:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2008-04-09 10:52:39 - machine was rebooted [Sandra]
ComboFix-quarantined-files.txt 2008-04-09 15:52:30
Pre-Run: 34,073,448,448 bytes free
Post-Run: 33,989,828,608 bytes free
.
2008-03-12 22:04:26 --- E O F ---
  #16  
Old 9th Apr 2008, 09:36
Moderator
Posts: 7,557
 
Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
  • Click Start , then Run
  • Type notepad.exe in the Run Box.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:
KillAll::

File::
C:\sqmnoopt13.sqm
C:\sqmdata13.sqm
C:\sqmnoopt12.sqm
C:\sqmdata12.sqm
C:\WINDOWS\SYSTEM32\plkphytq.dll
C:\sqmnoopt11.sqm
C:\sqmdata11.sqm
C:\WINDOWS\SYSTEM32\xfoxaimj.ini
C:\Program Files\Trend Micro
C:\WINDOWS\SYSTEM32\atbiglum.dll
C:\sqmnoopt10.sqm
C:\sqmdata10.sqm
C:\WINDOWS\SYSTEM32\bslllwjg.ini
C:\WINDOWS\SYSTEM32\vqavawye.dll
C:\sqmnoopt09.sqm
C:\sqmdata09.sqm
C:\sqmnoopt08.sqm
C:\sqmdata08.sqm
C:\sqmnoopt07.sqm
C:\sqmdata07.sqm
C:\sqmnoopt06.sqm
C:\sqmdata06.sqm
C:\sqmnoopt05.sqm
C:\sqmdata05.sqm
C:\sqmnoopt04.sqm
C:\sqmdata04.sqm
C:\sqmnoopt03.sqm
C:\sqmdata03.sqm
C:\sqmnoopt02.sqm
C:\sqmdata02.sqm
C:\sqmnoopt01.sqm
C:\sqmdata01.sqm
C:\sqmnoopt00.sqm
C:\sqmdata00.sqm
C:\WINDOWS\SYSTEM32\xhmwnbol.ini
C:\WINDOWS\SYSTEM32\jeplkjvb.ini
C:\WINDOWS\SYSTEM32\cnopjlan.ini

Registry:: 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJDSihG]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze

----------

Next post
Combofix log
__________________

  #17  
Old 9th Apr 2008, 10:17
Full Member
Posts: 21
 
Here is the log...


ComboFix 08-04-08.7 - Sandra 2008-04-09 11:55:50.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.253 [GMT -5:00]
Running from: C:\Documents and Settings\Sandra\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sandra\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\Trend Micro
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\WINDOWS\SYSTEM32\atbiglum.dll
C:\WINDOWS\SYSTEM32\bslllwjg.ini
C:\WINDOWS\SYSTEM32\cnopjlan.ini
C:\WINDOWS\SYSTEM32\jeplkjvb.ini
C:\WINDOWS\SYSTEM32\plkphytq.dll
C:\WINDOWS\SYSTEM32\vqavawye.dll
C:\WINDOWS\SYSTEM32\xfoxaimj.ini
C:\WINDOWS\SYSTEM32\xhmwnbol.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\WINDOWS\SYSTEM32\atbiglum.dll
C:\WINDOWS\SYSTEM32\bslllwjg.ini
C:\WINDOWS\SYSTEM32\cnopjlan.ini
C:\WINDOWS\SYSTEM32\jeplkjvb.ini
C:\WINDOWS\SYSTEM32\plkphytq.dll
C:\WINDOWS\SYSTEM32\vqavawye.dll
C:\WINDOWS\SYSTEM32\xfoxaimj.ini
C:\WINDOWS\SYSTEM32\xhmwnbol.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.

2008-04-08 18:33 . 2008-04-08 18:33 <DIR> d-------- C:\Program Files\CleanUp!
2008-04-08 13:02 . 2008-04-08 13:02 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-08 11:16 . 2008-04-08 11:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-08 10:49 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-04-07 16:31 . 2008-04-07 16:31 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-07 16:31 . 2008-04-07 16:31 <DIR> d-------- C:\Documents and Settings\Sandra\Application Data\Malwarebytes
2008-04-07 16:31 . 2008-04-07 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-07 13:58 . 2008-04-07 13:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-07 13:58 . 2008-04-07 13:58 <DIR> d-------- C:\Documents and Settings\Sandra\Application Data\SUPERAntiSpyware.com
2008-04-07 13:58 . 2008-04-07 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-07 13:57 . 2008-04-07 13:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-07 13:45 . 2008-04-07 13:45 <DIR> d-------- C:\Program Files\CCleaner
2008-04-05 18:39 . 2008-04-05 18:38 39,424 -r-hs---- C:\WINDOWS\msn.com
2008-03-30 15:10 . 2008-03-30 15:10 <DIR> d-------- C:\Program Files\Audacity
2008-03-27 19:50 . 2008-03-27 19:50 <DIR> d-------- C:\Program Files\Axogon
2008-03-13 16:10 . 2008-03-13 16:10 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-03-13 16:05 . 2008-03-13 16:10 <DIR> d-------- C:\Program Files\Logitech
2008-03-13 16:05 . 2008-03-13 16:15 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2008-03-13 16:05 . 2008-03-13 16:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-03-13 16:05 . 2008-03-13 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 15:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-08 16:03 --------- d-----w C:\Program Files\Java
2008-04-08 01:57 --------- d-----w C:\Program Files\Microsoft Home Publishing 2000
2008-04-07 18:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-06 21:11 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-04-06 21:10 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad
2008-04-03 21:21 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-28 00:52 --------- d-----w C:\Program Files\GIMP-2.0
2008-03-28 00:47 --------- d-----w C:\Program Files\NCH Swift Sound
2008-03-28 00:43 --------- d-----w C:\Program Files\DebugMode
2008-03-28 00:42 --------- d-----w C:\Program Files\Opera
2008-03-23 18:34 --------- d-----w C:\Program Files\QuickTime
2008-03-13 21:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-08 19:13 --------- d-----w C:\Program Files\EA GAMES
2008-03-08 00:27 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-03-07 23:17 --------- d-----w C:\Program Files\AnimatorDVSimple+
2008-03-07 15:56 --------- d-----w C:\Program Files\Real
2008-03-03 02:01 --------- d-----w C:\Program Files\MonkeyJam
2008-03-02 03:36 160,561 ----a-w C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
2008-03-02 03:36 --------- d-----w C:\Program Files\Sqirlz Water Reflections
2008-03-01 22:54 --------- d-----w C:\Program Files\Sonic Foundry
2008-02-21 23:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-21 21:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Individual Software
2008-02-19 19:07 --------- d-----w C:\Program Files\Vstplugins
2008-02-19 19:02 --------- d-----w C:\Program Files\Sony
2008-02-16 01:53 --------- d-----w C:\Program Files\Common Files\xing shared
2008-02-16 01:53 --------- d-----w C:\Program Files\Common Files\Real
2008-02-15 21:20 --------- d-----w C:\Program Files\Paint.NET
2008-02-15 18:05 --------- d-----w C:\Program Files\Screaming Bee
2008-02-14 21:30 --------- d-----w C:\Documents and Settings\Sandra\Application Data\Screaming Bee
2008-02-14 21:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Screaming Bee
2008-02-14 21:28 --------- d-----w C:\Program Files\Common Files\Screaming Bee
2008-02-11 21:55 209 ---ha-w C:\Documents and Settings\Dustin\hpothb07.dat
2008-02-11 20:13 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-11 20:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-09 23:01 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-26 00:45 28,672 ----a-w C:\Documents and Settings\Sandra\N_Menu.dll
2007-05-26 00:45 26,624 ----a-w C:\Documents and Settings\Sandra\silent_dos.dll
2007-05-26 00:45 1,334,784 ----a-w C:\Documents and Settings\Sandra\convert.exe
2007-03-20 15:21 23,446 ----a-w C:\Documents and Settings\Sandra\zguicfg.dat
2006-02-22 16:44 0 ---ha-w C:\Documents and Settings\Sandra\hpothb07.dat
2006-02-22 16:43 179 ---ha-w C:\Documents and Settings\All Users\Application Data\hpothb07.dat
2006-02-22 16:43 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2005-10-10 16:11 792,064 ----a-w C:\Program Files\pivot.exe
2004-07-20 16:13 5,693 ----a-w C:\Program Files\ReadMe.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 15:46 68856]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32 700416]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-15 20:52 185896]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-04-03 18:23 100056]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42 1404928]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 10:46 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-08 16:36 49512]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-23 13:34 385024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-13 16:10:41 66864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJDSihG]
ljJDSihG.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"msacm.ac3acm"= AC3ACM.acm
"vidc.dvsd"= mcdvd_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

S3 LTower;LEGO USB Tower Driver;C:\WINDOWS\system32\Drivers\LTower.sys [2001-04-25 17:44]
S3 MAC607;MAC607 Filter;C:\WINDOWS\system32\DRIVERS\MAC607.sys []
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-05 14:00:10 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Sandra.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
"2008-04-09 17:10:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
"2008-04-09 17:07:38 C:\WINDOWS\Tasks\User_Feed_Synchronization-{3D8C1BF4-7179-47C5-AD3C-DD7421DD4009}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 12:01:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.EXE
C:\Program Files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2008-04-09 12:12:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-09 17:12:38
ComboFix2.txt 2008-04-09 15:52:40
Pre-Run: 33,985,548,288 bytes free
Post-Run: 33,968,664,576 bytes free
.
2008-03-12 22:04:26 --- E O F ---
  #18  
Old 9th Apr 2008, 10:48
Moderator
Posts: 7,557
 
That didn't get everything.

Download RegASSASSIN.exe to the desktop.

Open RegAssassin and copy the Registry Key in the Code box below.

Code:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJDSihG
Now paste it in RegAssassins window and click Delete.

----------

Now post a new Hijackthis log please.

How is everything now?
__________________

  #19  
Old 9th Apr 2008, 11:52
Full Member
Posts: 21
 
things seem to be working fine. do I just post the current hijackthis log that is on the desktop, or do I need to do another scan first?
  #20  
Old 9th Apr 2008, 12:04
Moderator
Posts: 7,557
 
Need a fresh scan please.
__________________

Reply

Register

Similar Threads
Thread Thread Starter Forum Replies Last Post
Malware Removal Steps Completed. Log Inclosed. koolfilter Virus, Spyware & Security 3 17th Aug 2009 16:56
Malware Removal Logs - Bad Times Paul4763 Virus, Spyware & Security 9 12th Aug 2009 18:06
Logs from Malware Removal Guide, Please Advise koolfilter Virus, Spyware & Security 2 16th Feb 2009 21:32
Help with malware removal joeshcosmo Virus, Spyware & Security 3 22nd Jan 2009 11:48
Following malware removal instructions, have some questions. jcastell Virus, Spyware & Security 17 19th Feb 2008 18:18
Thread Tools



Translations Powered by Powered by Google
Arabic Bulgarian Chinese Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Taiwanese Thai Turkish Ukrainian

Copyright ©2006 - 2010 Computer Juice.

Powered by vBulletin® Copyright ©2000 - 2010 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.