Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

windows has detected spyware infection! Can not removed from any a

Started by ksoni1976 , Feb 16 2008 07:18 AM

  • This topic is locked This topic is locked

#1
ksoni1976
Posted 16 February 2008 - 07:18 AM

ksoni1976

    Member

  • Member
  • PipPip
  • 13 posts
As you have this type of topics too much. So shortly... after every 2-3 minutes popup will open alearting that windows security alert Warning potential spyware operation! your computer is making inauthorized copies of your system and internet files. Run full scan now to prevent any unauthorized access to your files! Click here to download spyware remover... buttons "Yes" / "No".

Also window tray displays red cross marked and yellow triangle.

Pl refer my hyjeckthis log and suggest me the next step

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:21 PM, on 16-Feb-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\system32\03LUD3O4.dll (file missing)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [winload] C:\Program Files\Internet Explorer\winload.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvmif.dll,startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E218149-4E4B-48A6-B4C3-4F24B5940F99}: NameServer = 203.192.222.5 203.192.198.7
O20 - Winlogon Notify: winwea32 - C:\WINDOWS\SYSTEM32\winwea32.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Indexing Helps (Indexingbox) - Unknown owner - C:\WINDOWS\system\svchest.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)

--
End of file - 8345 bytes
  • 0

Advertisements

#2
kahdah
Posted 16 February 2008 - 08:36 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello ksoni1976

Welcome to G2Go. :)
=================
I don't see any anti virus protection so the first thing I will need you to do is to Download this anti-virus program and install it.
This is free.
AVG free
================================================================
Then:
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
ksoni1976
Posted 16 February 2008 - 11:26 AM

ksoni1976

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Kahdah,

Problem is solved through your kind suggestions.

But new red crossed shield is arrise near clock for "windows security aleart". and ask for firewall protection.
  • 0

#4
kahdah
Posted 16 February 2008 - 11:42 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
I will need to see the Combofix log and a new Hijackthis log please.
  • 0

#5
ksoni1976
Posted 16 February 2008 - 11:47 AM

ksoni1976

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
HJThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:21 PM, on 16-Feb-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\DAP\DAP.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [winload] C:\Program Files\Internet Explorer\winload.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E218149-4E4B-48A6-B4C3-4F24B5940F99}: NameServer = 203.192.222.5 203.192.198.7
O20 - Winlogon Notify: winwea32 - winwea32.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)

--
End of file - 7173 bytes
  • 0

#6
kahdah
Posted 16 February 2008 - 11:48 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Combofix log?
  • 0

#7
ksoni1976
Posted 16 February 2008 - 11:48 AM

ksoni1976

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here Combofix log


ComboFix 08-02-14.2 - xyz 2008-02-16 22:08:13.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.80 [GMT 5.5:30]
Running from: C:\Documents and Settings\xyz\My Documents\My Completed Downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\msettings.ini
C:\WINDOWS\mywinsys.ini
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\8_exception.nls
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\din.ip
C:\WINDOWS\system32\drivers\bg_bg.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\close_ico.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\icon_warning_big.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\remove_spyware_header.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\spyware_detected.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_ico.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\mywebhit.ini
C:\WINDOWS\system32\mywebhit.ini.tmp
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\sznf.ascii
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\Indexingbox
-------\nm
-------\runtime


((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-16 22:04 . 2008-02-16 22:05 <DIR> d-------- C:\Documents and Settings\xyz\Application Data\AVG7
2008-02-16 22:04 . 2008-02-16 22:04 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-16 22:04 . 2008-02-16 22:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-15 16:42 . 2008-02-15 16:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-13 18:44 . 2008-02-13 18:44 33,792 --a------ C:\msntznpz.exe
2008-02-13 15:52 . 2008-02-13 15:52 <DIR> d-------- C:\Documents and Settings\xyz\Application Data\F-Secure
2008-02-13 15:22 . 2008-02-13 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-02-13 15:21 . 2008-02-13 15:21 <DIR> d-------- C:\Program Files\F-Secure Internet Security
2008-02-13 15:21 . 2008-02-13 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-02-13 14:58 . 2008-02-13 14:58 <DIR> d-------- C:\Keat
2008-02-13 14:58 . 2006-03-01 19:45 345,604 --a------ C:\WINDOWS\system32\msinfhlp.exe
2008-02-13 14:58 . 1998-06-16 00:00 132,224 --a------ C:\WINDOWS\system32\vjreg.exe
2008-02-12 12:30 . 2008-02-12 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 10:46 . 2008-02-12 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-02-12 10:46 . 2008-02-08 10:45 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys
2008-02-12 09:54 . 2008-02-12 09:54 <DIR> d-------- C:\Program Files\Protea AntiVirus Tools
2008-02-11 21:26 . 2008-02-11 21:26 15,872 --a------ C:\WINDOWS\system32\drvmif.dll
2008-02-11 19:31 . 2008-02-11 19:31 24,576 --a------ C:\WINDOWS\system32\winwea32.dll
2008-02-11 19:29 . 2008-02-11 19:30 24,064 --a------ C:\WINDOWS\system32\winmyy32.dll
2008-02-11 19:29 . 2008-02-11 19:29 24,064 --a------ C:\WINDOWS\system32\winjyg32.dll
2008-01-27 14:21 . 2008-01-27 14:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-20 20:07 . 2008-01-20 20:07 <DIR> d-------- C:\Program Files\Atomic Superball DEMO
2008-01-20 20:07 . 2008-01-21 10:50 26 --a------ C:\WINDOWS\amx.ini
2008-01-19 16:07 . 2008-01-19 16:07 166 --a------ C:\key.shm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 15:46 --------- d-----w C:\Documents and Settings\xyz\Application Data\Microsoft Web Folders
2008-01-05 10:54 971,232 ----a-w C:\WINDOWS\dbplugin.exe
2008-01-05 10:54 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-01-05 10:54 31,984 ----a-w C:\WINDOWS\dbrmdwb.exe
2008-01-05 10:54 2,323,952 ----a-w C:\WINDOWS\npdbplug.dll
2008-01-05 10:54 163,920 ----a-w C:\WINDOWS\system32\DNLEng.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\hliniy]
@={9026F10D-22A8-5B7A-0650-EEDDA383B216}

[HKEY_CLASSES_ROOT\CLSID\{9026F10D-22A8-5B7A-0650-EEDDA383B216}]
2004-09-01 00:00 71168 --a------ C:\WINDOWS\system32\hliniy.dIl

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-01 00:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 20:29 224248]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 17:52 1409024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-27 14:21 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-10 15:55 15969280 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 15:21 94208]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 20:29 224248]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-04-26 08:29 237568]
"winload"="C:\Program Files\Internet Explorer\winload.exe" [ ]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2000-11-23 08:22 4568576]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"MSDisp32"="C:\WINDOWS\system32\drvmif.dll" [2008-02-11 21:26 15872]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-16 22:04 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-16 22:04 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-21 18:45:43 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 17:35:56 65588]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-27 14:21:12 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwea32]
winwea32.dll 2008-02-11 19:31 24576 C:\WINDOWS\system32\winwea32.dll

R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 15:11]
R3 RMSPPPOE;Log2Space;C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-10-03 00:09]
S0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys []
S0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys []
S2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service []
S3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 18:30:04 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\XqUe6m23.exe
"2008-01-20 19:30:02 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\XqUe6m23.exe
"2008-01-19 10:36:52 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\XqUe6m23.exe
"2008-01-19 10:36:52 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\XqUe6m23.exe
"2008-01-19 10:36:52 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\XqUe6m23.exe
"2008-01-19 10:36:52 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\XqUe6m23.exe
"2008-01-19 10:36:52 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\XqUe6m23.exe
"2008-01-19 10:36:52 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\XqUe6m23.exe
"2008-02-07 02:30:04 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\XqUe6m23.exe
"2008-02-08 03:30:02 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\XqUe6m23.exe
"2008-02-12 04:30:04 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\XqUe6m23.exe
"2008-02-15 05:30:02 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\XqUe6m23.exe
"2008-02-15 06:30:02 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\XqUe6m23.exe
"2008-02-15 07:30:02 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\XqUe6m23.exe
"2008-02-14 08:30:02 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\XqUe6m23.exe
"2008-02-15 09:30:02 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\XqUe6m23.exe
"2008-02-15 10:30:02 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\XqUe6m23.exe
"2008-02-15 11:30:02 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\XqUe6m23.exe
"2008-02-11 12:30:04 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\XqUe6m23.exe
"2008-02-16 13:30:02 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\XqUe6m23.exe
"2008-02-16 14:30:02 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\XqUe6m23.exe
"2008-02-02 15:30:04 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\XqUe6m23.exe
"2008-02-16 16:30:02 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\XqUe6m23.exe
"2008-01-26 17:30:04 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\XqUe6m23.exe
"2008-01-26 18:30:04 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\system32\62u21P00.exe
"2008-01-23 04:24:22 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\62u21P00.exe
"2008-01-23 04:24:22 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\62u21P00.exe
"2008-01-23 04:24:22 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\62u21P00.exe
"2008-01-23 04:24:22 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\system32\62u21P00.exe
"2008-01-23 04:24:22 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\system32\62u21P00.exe
"2008-01-23 04:24:22 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\62u21P00.exe
"2008-01-23 04:24:22 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\62u21P00.exe
"2008-02-07 02:30:04 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\62u21P00.exe
"2008-02-08 03:30:04 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\62u21P00.exe
"2008-02-12 04:30:04 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\62u21P00.exe
"2008-02-15 05:30:02 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\62u21P00.exe
"2008-02-15 06:30:02 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\62u21P00.exe
"2008-02-15 07:30:02 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\system32\62u21P00.exe
"2008-02-14 08:30:02 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\62u21P00.exe
"2008-02-15 09:30:02 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\62u21P00.exe
"2008-02-15 10:30:02 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\system32\62u21P00.exe
"2008-02-15 11:30:02 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\62u21P00.exe
"2008-02-11 12:30:04 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\system32\62u21P00.exe
"2008-02-16 13:30:02 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\62u21P00.exe
"2008-02-16 14:30:02 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\62u21P00.exe
"2008-02-02 15:30:04 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\system32\62u21P00.exe
"2008-02-16 16:30:02 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\62u21P00.exe
"2008-01-26 17:30:04 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\system32\62u21P00.exe
"2008-02-01 10:47:20 C:\WINDOWS\Tasks\At49.job"
- C:\WINDOWS\system32\Mk80U01j.exe
"2008-02-01 10:47:20 C:\WINDOWS\Tasks\At50.job"
- C:\WINDOWS\system32\Mk80U01j.exe
"2008-02-01 10:47:20 C:\WINDOWS\Tasks\At51.job"
- C:\WINDOWS\system32\Mk80U01j.exe
"2008-02-01 10:47:20 C:\WINDOWS\Tasks\At52.job"
- C:\WINDOWS\system32\Mk80U01j.exe
"2008-02-01 10:47:20 C:\WINDOWS\Tasks\At53.job"
- C:\WINDOWS\system32\Mk80U01j.exe
"2008-02-01 10:47:20 C:\WINDOWS\Tasks\At54.job"
- C:\WINDOWS\system32\Mk80U01j.exe
"2008-02-01 10:47:20 C:\WINDOWS\Tasks\At55.job"
- C:\WINDOWS\system32\Mk80U01j.exe
"2008-02-01 10:47:20 C:\WINDOWS\Tasks\At56.job"
- C:\WINDOWS\system32\Mk80U01j.exe
"2008-02-07 02:30:04 C:\WINDOWS\Tasks\At57.job"
- C:\WINDOWS\system32\Mk80U01j.exe
"2008-02-08 03:30:04 C:\WINDOWS\Tasks\At58.job"
- C:\WINDOWS\system32\Mk80U01j.exe
"2008-02-12 04:30:04 C:\WINDOWS\Tasks\At59.job"
- C:\WINDOWS\system32\Mk80U01j.exe
"2008-02-15 05:30:02 C:\WINDOWS\Tasks\At60.job"
- C:\WINDOWS\system32\Mk80U01j.exe
"2008-02-15 06:30:02 C:\WINDOWS\Tasks\At61.job"
- C:\WINDOWS\system32\Mk80U01j.exe
"2008-02-15 07:30:02 C:\WINDOWS\Tasks\At62.job"
- C:\WINDOWS\system32\Mk80U01j.exe
"2008-02-14 08:30:02 C:\WINDOWS\Tasks\At63.job"
- C:\WINDOWS\system32\Mk80U01j.exe
"2008-02-15 09:30:02 C:\WINDOWS\Tasks\At64.job"
- C:\WINDOWS\system32\Mk80U01j.exe
"2008-02-15 10:30:02 C:\WINDOWS\Tasks\At65.job"
- C:\WINDOWS\system32\Mk80U01j.exe
"2008-02-15 11:30:02 C:\WINDOWS\Tasks\At66.job"
- C:\WINDOWS\system32\Mk80U01j.exe
"2008-02-11 12:30:04 C:\WINDOWS\Tasks\At67.job"
- C:\WINDOWS\system32\Mk80U01j.exe
"2008-02-16 13:30:02 C:\WINDOWS\Tasks\At68.job"
- C:\WINDOWS\system32\Mk80U01j.exe
"2008-02-16 14:30:02 C:\WINDOWS\Tasks\At69.job"
- C:\WINDOWS\system32\Mk80U01j.exe
"2008-02-02 15:30:04 C:\WINDOWS\Tasks\At70.job"
- C:\WINDOWS\system32\Mk80U01j.exe
"2008-02-16 16:30:02 C:\WINDOWS\Tasks\At71.job"
- C:\WINDOWS\system32\Mk80U01j.exe
"2008-02-01 10:47:20 C:\WINDOWS\Tasks\At72.job"
- C:\WINDOWS\system32\Mk80U01j.exe
"2008-02-03 04:49:18 C:\WINDOWS\Tasks\At73.job"
- C:\WINDOWS\system32\LChXf67A.exe
"2008-02-03 04:49:18 C:\WINDOWS\Tasks\At74.job"
- C:\WINDOWS\system32\LChXf67A.exe
"2008-02-03 04:49:18 C:\WINDOWS\Tasks\At75.job"
- C:\WINDOWS\system32\LChXf67A.exe
"2008-02-03 04:49:18 C:\WINDOWS\Tasks\At76.job"
- C:\WINDOWS\system32\LChXf67A.exe
"2008-02-03 04:49:18 C:\WINDOWS\Tasks\At77.job"
- C:\WINDOWS\system32\LChXf67A.exe
"2008-02-03 04:49:18 C:\WINDOWS\Tasks\At78.job"
- C:\WINDOWS\system32\LChXf67A.exe
"2008-02-03 04:49:18 C:\WINDOWS\Tasks\At79.job"
- C:\WINDOWS\system32\LChXf67A.exe
"2008-02-03 04:49:18 C:\WINDOWS\Tasks\At80.job"
- C:\WINDOWS\system32\LChXf67A.exe
"2008-02-07 02:30:04 C:\WINDOWS\Tasks\At81.job"
- C:\WINDOWS\system32\LChXf67A.exe
"2008-02-08 03:30:04 C:\WINDOWS\Tasks\At82.job"
- C:\WINDOWS\system32\LChXf67A.exe
"2008-02-12 04:30:04 C:\WINDOWS\Tasks\At83.job"
- C:\WINDOWS\system32\LChXf67A.exe
"2008-02-15 05:30:02 C:\WINDOWS\Tasks\At84.job"
- C:\WINDOWS\system32\LChXf67A.exe
"2008-02-15 06:30:02 C:\WINDOWS\Tasks\At85.job"
- C:\WINDOWS\system32\LChXf67A.exe
"2008-02-15 07:30:02 C:\WINDOWS\Tasks\At86.job"
- C:\WINDOWS\system32\LChXf67A.exe
"2008-02-14 08:30:02 C:\WINDOWS\Tasks\At87.job"
- C:\WINDOWS\system32\LChXf67A.exe
"2008-02-15 09:30:02 C:\WINDOWS\Tasks\At88.job"
- C:\WINDOWS\system32\LChXf67A.exe
"2008-02-15 10:30:02 C:\WINDOWS\Tasks\At89.job"
- C:\WINDOWS\system32\LChXf67A.exe
"2008-02-15 11:30:02 C:\WINDOWS\Tasks\At90.job"
- C:\WINDOWS\system32\LChXf67A.exe
"2008-02-11 12:30:04 C:\WINDOWS\Tasks\At91.job"
- C:\WINDOWS\system32\LChXf67A.exe
"2008-02-16 13:30:02 C:\WINDOWS\Tasks\At92.job"
- C:\WINDOWS\system32\LChXf67A.exe
"2008-02-16 14:30:02 C:\WINDOWS\Tasks\At93.job"
- C:\WINDOWS\system32\LChXf67A.exe
"2008-02-03 04:49:18 C:\WINDOWS\Tasks\At94.job"
- C:\WINDOWS\system32\LChXf67A.exe
"2008-02-16 16:30:02 C:\WINDOWS\Tasks\At95.job"
- C:\WINDOWS\system32\LChXf67A.exe
"2008-02-03 04:49:18 C:\WINDOWS\Tasks\At96.job"
- C:\WINDOWS\system32\LChXf67A.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 22:11:35
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-02-16 22:13:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-16 16:43:26
  • 0

#8
kahdah
Posted 16 February 2008 - 11:59 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi first please go to Start >Run type in Tasks hit ok.
Delete all of the file's that say At in them.
================================
Then:
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\msntznpz.exe
C:\WINDOWS\system32\msinfhlp.exe
C:\WINDOWS\system32\vjreg.exe
C:\WINDOWS\system32\drvmif.dll
C:\WINDOWS\system32\winwea32.dll
C:\WINDOWS\system32\winmyy32.dll
C:\WINDOWS\system32\winjyg32.dll
C:\key.shm
C:\WINDOWS\amx.ini
C:\WINDOWS\system32\XqUe6m23.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\hliniy]
[-HKEY_CLASSES_ROOT\CLSID\{9026F10D-22A8-5B7A-0650-EEDDA383B216}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSDisp32"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwea32]


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#9
ksoni1976
Posted 16 February 2008 - 12:09 PM

ksoni1976

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
here pls combofix log

ComboFix 08-02-14.2 - xyz 2008-02-16 23:35:11.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.52 [GMT 5.5:30]
Running from: C:\Documents and Settings\xyz\My Documents\My Completed Downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\xyz\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\key.shm
C:\msntznpz.exe
C:\WINDOWS\amx.ini
C:\WINDOWS\system32\drvmif.dll
C:\WINDOWS\system32\msinfhlp.exe
C:\WINDOWS\system32\vjreg.exe
C:\WINDOWS\system32\winjyg32.dll
C:\WINDOWS\system32\winmyy32.dll
C:\WINDOWS\system32\winwea32.dll
C:\WINDOWS\system32\XqUe6m23.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\key.shm
C:\msntznpz.exe
C:\WINDOWS\amx.ini
C:\WINDOWS\system32\msinfhlp.exe
C:\WINDOWS\system32\vjreg.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-16 22:41 . 2008-02-16 22:41 <DIR> dr-h----- C:\$VAULT$.AVG
2008-02-16 22:04 . 2008-02-16 22:05 <DIR> d-------- C:\Documents and Settings\xyz\Application Data\AVG7
2008-02-16 22:04 . 2008-02-16 22:04 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-16 22:04 . 2008-02-16 22:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-15 16:42 . 2008-02-15 16:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-13 15:52 . 2008-02-13 15:52 <DIR> d-------- C:\Documents and Settings\xyz\Application Data\F-Secure
2008-02-13 15:22 . 2008-02-13 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-02-13 15:21 . 2008-02-13 15:21 <DIR> d-------- C:\Program Files\F-Secure Internet Security
2008-02-13 15:21 . 2008-02-13 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-02-13 14:58 . 2008-02-13 14:58 <DIR> d-------- C:\Keat
2008-02-12 12:30 . 2008-02-12 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 10:46 . 2008-02-12 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-02-12 10:46 . 2008-02-08 10:45 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys
2008-02-12 09:54 . 2008-02-12 09:54 <DIR> d-------- C:\Program Files\Protea AntiVirus Tools
2008-01-27 14:21 . 2008-01-27 14:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-20 20:07 . 2008-01-20 20:07 <DIR> d-------- C:\Program Files\Atomic Superball DEMO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 15:46 --------- d-----w C:\Documents and Settings\xyz\Application Data\Microsoft Web Folders
2008-01-05 10:54 971,232 ----a-w C:\WINDOWS\dbplugin.exe
2008-01-05 10:54 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-01-05 10:54 31,984 ----a-w C:\WINDOWS\dbrmdwb.exe
2008-01-05 10:54 2,323,952 ----a-w C:\WINDOWS\npdbplug.dll
2008-01-05 10:54 163,920 ----a-w C:\WINDOWS\system32\DNLEng.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-01 00:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 20:29 224248]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 17:52 1409024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-27 14:21 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-10 15:55 15969280 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 15:21 94208]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 20:29 224248]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-04-26 08:29 237568]
"winload"="C:\Program Files\Internet Explorer\winload.exe" [ ]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2000-11-23 08:22 4568576]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-16 22:04 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-16 22:04 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-21 18:45:43 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 17:35:56 65588]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-27 14:21:12 124400]

R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 15:11]
R3 RMSPPPOE;Log2Space;C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-10-03 00:09]
S0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys []
S0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys []
S2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service []
S3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 23:36:10
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-16 23:36:29
ComboFix-quarantined-files.txt 2008-02-16 18:06:28
ComboFix2.txt 2008-02-16 16:43:32
  • 0

#10
ksoni1976
Posted 16 February 2008 - 12:10 PM

ksoni1976

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
hjthis log pls


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:42 PM, on 16-Feb-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\DAP\DAP.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [winload] C:\Program Files\Internet Explorer\winload.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E218149-4E4B-48A6-B4C3-4F24B5940F99}: NameServer = 203.192.222.5 203.192.198.7
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)

--
End of file - 7078 bytes
  • 0

Advertisements

#11
kahdah
Posted 16 February 2008 - 12:39 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Fix these entries with Hijackthis :

O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)

Then close Hijackthis.
=================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#12
ksoni1976
Posted 19 February 2008 - 02:02 AM

ksoni1976

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Pl find the report.

KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 19, 2008 1:24:42 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/02/2008
Kaspersky Anti-Virus database records: 572860


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\

Scan Statistics
Total number of scanned objects 60524
Number of viruses found 1
Number of infected objects 4
Number of suspicious objects 0
Duration of the scan process 00:40:45

Infected Object Name Virus Name Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP657EF4ED.sys Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP61BD2C0C.sys Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\xyz\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\xyz\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\xyz\Local Settings\History\History.IE5\MSHist012008021920080220\index.dat Object is locked skipped

C:\Documents and Settings\xyz\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\xyz\Local Settings\Temporary Internet Files\Content.IE5\YJ2NSPYZ\banner851[1].gif Object is locked skipped

C:\Documents and Settings\xyz\Local Settings\Temporary Internet Files\Content.IE5\8HQJOLYN\banner851[1].gif Object is locked skipped

C:\Documents and Settings\xyz\Local Settings\Temporary Internet Files\Content.IE5\ULKFYHA5\banner851[1].gif Object is locked skipped

C:\Documents and Settings\xyz\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\xyz\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\xyz\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped

C:\Documents and Settings\xyz\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped

C:\Documents and Settings\xyz\Local Settings\Temp\PbQStDvz.com Object is locked skipped

C:\Documents and Settings\xyz\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\xyz\ntuser.dat.LOG Object is locked skipped

C:\Program Files\DAP\Log\DAP_REPORT.LOG Object is locked skipped

C:\Program Files\DAP\History\xyz\_lasthist.dat Object is locked skipped

C:\System Volume Information\_restore{57CC2CAE-FC37-4D96-B6D8-589E254EFEF5}\RP74\A0084931.dll Object is locked skipped

C:\System Volume Information\_restore{57CC2CAE-FC37-4D96-B6D8-589E254EFEF5}\RP74\A0084932.dll Object is locked skipped

C:\System Volume Information\_restore{57CC2CAE-FC37-4D96-B6D8-589E254EFEF5}\RP74\A0084933.dll Object is locked skipped

C:\System Volume Information\_restore{57CC2CAE-FC37-4D96-B6D8-589E254EFEF5}\RP74\A0084934.dll Object is locked skipped

C:\System Volume Information\_restore{57CC2CAE-FC37-4D96-B6D8-589E254EFEF5}\RP75\change.log Object is locked skipped

C:\msntxnqp.exe Object is locked skipped

E:\System Volume Information\_restore{57CC2CAE-FC37-4D96-B6D8-589E254EFEF5}\RP74\A0084935.exe Object is locked skipped

E:\New Folder\extra\smc_cd\remote\LogMeIn.msi/data.cab/LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped

E:\New Folder\extra\smc_cd\remote\LogMeIn.msi/data.cab/ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped

E:\New Folder\extra\smc_cd\remote\LogMeIn.msi/data.cab Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped

E:\New Folder\extra\smc_cd\remote\LogMeIn.msi Embedded: infected - 3 skipped

Scan process completed.
  • 0

#13
kahdah
Posted 19 February 2008 - 03:11 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Those things the scanner found are false positives.
That is your log me in anywhere software.
===============================
Can you please post one more Hijackthis log.
  • 0

#14
ksoni1976
Posted 19 February 2008 - 03:16 AM

ksoni1976

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:44:13 PM, on 19-Feb-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\DAP\DAP.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [winload] C:\Program Files\Internet Explorer\winload.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E218149-4E4B-48A6-B4C3-4F24B5940F99}: NameServer = 203.192.222.5 203.192.198.7
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 6937 bytes
  • 0

#15
kahdah
Posted 19 February 2008 - 03:21 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Make sure that you paste the following file paths under the yellow bar within the OTMoveit2 program or it will not work correctly.
=================================================================
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\Internet Explorer\winload.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winload
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

==================
After that post a new Hijackthis log and the OTMove it log and let me know how things are running?

Edited by kahdah, 19 February 2008 - 03:22 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP