Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hijackthis log


  • Please log in to reply

#16
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Sweet Im is adware so I recommend removing it via uninstall but it is up to you.
==============================
Please go to UploadMalware to upload a suspicious file for analysis.
  • Enter your username from this forum
  • Copy and paste the link to this thread
  • Browse for this filename: c:\documents and settings\annette gagnon.annette-shnkr5u\local settings\application data\ajlmmsjvd.exe
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File

(If you cannot see the file then you will have to show Hidden Files and Folders.
Then see if you can locate it again please)

  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK
=======================
After that Please visit this web page for instructions for downloading and running Combofix >ComboFix Instructions
We now suggest that you install the Windows Recovery Console.
The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Post the log from ComboFix when you've accomplished all of that, along with a new HijackThis log.
  • 0

Advertisements


#17
smilingshannon

smilingshannon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I could not find c:\documents and settings\annette gagnon.annette-shnkr5u\local settings\application data\ajlmmsjvd.exe but i did find it in the _OTMoveIt/moved files is that a good thing? I tried to put it on that site but it wouldn't load up, I did the other scan though and here it is



ComboFix 08-05-15.3 - Annette Gagnon 2008-05-16 21:44:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.155 [GMT -7:00]
Running from: C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\Application Data\FunWebProducts
C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\Application Data\MessengerSkinner
C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\Application Data\MessengerSkinner\Userdata\languages_v2.xml
C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\Local Settings\Application Data\ajlmmsjvd.dat
c:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\Local Settings\Application Data\ajlmmsjvd_nav.dat
C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\Local Settings\Application Data\ajlmmsjvd_navps.dat
C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\Local Settings\Application Data\kqxnsedb.dat
C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\Local Settings\Application Data\kqxnsedb_nav.dat
C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\Local Settings\Application Data\kqxnsedb_navps.dat
C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\Start Menu\Programs\MessengerSkinner
C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\Start Menu\Programs\MessengerSkinner\MessengerSkinner.lnk
C:\Documents and Settings\Annette Gagnon\Application Data\FunWebProducts
C:\Documents and Settings\Annette Gagnon\Application Data\FunWebProducts\Data\Annette Gagnon\wffavs.dat
C:\WINDOWS\system32\rxbuwscvp.dat
C:\WINDOWS\system32\rxbuwscvp_navtmp.dat

.
((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.

2008-05-16 15:35 . 2008-05-16 15:35 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-16 15:35 . 2008-05-16 15:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-05-16 06:16 . 2008-05-16 06:16 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-16 06:16 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-16 06:16 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-15 06:19 . 2008-05-15 06:19 <DIR> d-------- C:\_OTMoveIt
2008-05-14 15:44 . 2008-05-14 15:44 <DIR> d-------- C:\Deckard
2008-05-12 18:11 . 2008-05-12 18:12 <DIR> d-------- C:\Program Files\Panda Security
2008-05-12 18:01 . 2008-05-12 18:01 <DIR> d-------- C:\Documents and Settings\Administrator.ANNETTE-SHNKR5U
2008-05-12 18:01 . 2008-05-16 21:44 1,024 --ah----- C:\Documents and Settings\Administrator.ANNETTE-SHNKR5U\NTUSER.DAT.LOG
2008-05-09 23:17 . 2008-05-14 17:52 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-09 22:30 . 2008-04-13 17:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-05-09 22:30 . 2008-04-13 17:11 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-05-09 22:13 . 2008-05-09 22:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-09 22:01 . 2008-05-16 06:13 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-09 22:01 . 2008-05-09 22:01 <DIR> d-------- C:\Program Files\AVG
2008-05-09 22:01 . 2008-05-09 22:01 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-05-09 22:01 . 2008-05-09 22:01 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-09 22:01 . 2008-05-09 22:01 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-09 22:01 . 2008-05-09 22:01 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-09 21:34 . 2008-05-09 21:34 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-09 21:34 . 2008-05-09 21:34 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-09 21:34 . 2008-05-09 21:34 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-09 21:13 . 2008-04-13 17:12 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-05-09 21:12 . 2008-04-13 17:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-05-09 21:11 . 2008-04-13 17:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-05-09 18:17 . 2008-05-09 18:17 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-05-09 18:16 . 2008-05-09 21:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-09 18:16 . 2008-05-09 21:58 <DIR> d-------- C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\Application Data\SUPERAntiSpyware.com
2008-05-09 16:29 . 2008-05-09 16:29 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-09 16:29 . 2008-05-09 16:29 <DIR> d-------- C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\Application Data\Malwarebytes
2008-05-09 16:29 . 2008-05-09 16:29 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-05-09 16:19 . 2008-05-16 21:44 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-06 16:44 . 2008-05-06 16:44 <DIR> d-------- C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\Application Data\Application Data
2008-05-06 16:44 . 2008-05-06 16:44 <DIR> d-------- C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\Annette Gagnon.ANNETTE-SHNKR5U
2008-05-04 17:43 . 2008-05-16 21:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-04 17:43 . 2008-05-04 17:43 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-04 17:17 . 2008-05-04 17:17 <DIR> d-------- C:\Application Data
2008-05-03 16:57 . 2008-05-03 19:26 <DIR> d-------- C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\Application Data\Apple Computer
2008-05-03 16:56 . 2008-05-03 16:57 <DIR> d-------- C:\Program Files\iTunes
2008-05-03 16:56 . 2008-05-03 16:56 <DIR> d-------- C:\Program Files\iPod
2008-05-03 16:54 . 2008-05-03 16:55 <DIR> d-------- C:\Program Files\QuickTime
2008-05-03 16:54 . 2008-05-03 16:56 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-05-03 16:53 . 2008-05-03 16:53 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-03 16:53 . 2008-05-03 16:54 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-03 16:53 . 2008-05-03 16:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-04-30 16:37 . 2008-04-30 16:37 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-04-30 16:37 . 2008-05-09 18:01 <DIR> d-------- C:\Program Files\Cubis Gold 2
2008-04-28 17:46 . 2008-04-28 17:46 <DIR> d-------- C:\Program Files\IncrediGames
2008-04-28 17:46 . 2008-04-28 17:46 <DIR> d-------- C:\Program Files\Common Files\Oberon Media
2008-04-19 17:50 . 2008-04-20 17:08 <DIR> dr-h----- C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\Application Data\CrystalSpace
2008-04-18 16:53 . 2008-04-18 17:30 <DIR> d-------- C:\Program Files\JoWood

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 22:33 --------- d-----w C:\Program Files\MSN Messenger
2008-05-13 03:16 --------- d-----w C:\Program Files\Game XP
2008-05-10 04:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-09 23:02 --------- d-----w C:\Program Files\LimeWire
2008-05-09 04:15 --------- d-----w C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\Application Data\Azureus
2008-05-05 01:02 --------- d-----w C:\Program Files\Azureus
2008-05-01 01:16 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-04-29 01:42 --------- d-----w C:\Program Files\Magentic
2008-04-28 01:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-27 23:26 --------- d-----w C:\Program Files\Davincis Secret
2008-04-20 01:58 --------- d-----w C:\Program Files\Mystery Case Files - Prime Suspects
2008-04-17 00:56 --------- dc----w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-17 00:56 --------- d-----w C:\Program Files\Sony Online Entertainment
2008-04-17 00:56 --------- d-----w C:\Program Files\QuickTax 2007
2008-04-17 00:56 --------- d-----w C:\Program Files\iWin
2008-04-17 00:56 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-04-17 00:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kiwee Toolbar
2008-04-17 00:53 --------- d-----w C:\Program Files\Skype
2008-04-17 00:53 --------- d-----w C:\Program Files\Nancy Drew
2008-04-17 00:53 --------- d-----w C:\Program Files\Mystery Case Files - Prime Suspects(2)
2008-04-17 00:53 --------- d-----w C:\Program Files\Kiwee Toolbar
2008-04-17 00:53 --------- d-----w C:\Program Files\Common Files\Skype
2008-04-17 00:53 --------- d-----w C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\Application Data\Skype
2008-04-17 00:53 --------- d-----w C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\Application Data\InstallShield
2008-04-17 00:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2008-04-17 00:52 --------- d-----w C:\Program Files\Yahoo!
2008-04-17 00:52 --------- d-----w C:\Program Files\Trillian
2008-04-17 00:51 --------- d-----w C:\Program Files\DivX
2008-04-17 00:50 --------- d-----w C:\Program Files\RealArcade
2008-04-17 00:50 --------- d-----w C:\Program Files\Java
2008-04-17 00:49 --------- d-----w C:\Program Files\ArcSoft
2008-04-16 23:32 --------- d-----w C:\Program Files\PC Drivers HeadQuarters
2008-04-14 12:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 12:42 11,264 ------w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 12:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ------w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ------w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ------w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
2007-10-31 17:10 296256 --a------ C:\Program Files\Kiwee Toolbar\KiweeIEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "C:\Program Files\Kiwee Toolbar\KiweeIEToolbar.dll" [2007-10-31 17:10 296256]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= C:\Program Files\Kiwee Toolbar\KiweeIEToolbar.dll [2007-10-31 17:10 296256]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]
"MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-01-17 12:08 214456]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2008-03-09 11:00 480648]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 09:17 102491]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 09:16 692315]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 05:51 53248]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-08-11 19:21 200704]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03 2893824]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-07 21:02 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-07 20:59 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-07 21:03 114688]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 13:36 14854144 C:\WINDOWS\RTHDCPL.EXE]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 03:50 155648]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 16:48 622592]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 19:02 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 15:58 61440]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 18:48 275800]
"VX6000"="C:\WINDOWS\vVX6000.exe" [2006-12-19 12:29 994072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"KiweeHook"="C:\Program Files\Kiwee Toolbar\kwtbaim.exe" [2007-10-31 17:12 62776]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712]
"WildTangent CDA"="C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" [2005-03-28 18:24 28616]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-09 22:01 1177368]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 13:05:56 65588]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-09 22:01]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-09 22:01]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-09 22:01]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-09 22:01]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 15:13]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 13:50]
S3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-12-19 12:29]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-03 23:54:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 21:51:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-05-16 22:03:36 - machine was rebooted [Annette Gagnon]
ComboFix-quarantined-files.txt 2008-05-17 05:03:25

Pre-Run: 49,155,620,864 bytes free
Post-Run: 49,088,995,328 bytes free

299 --- E O F --- 2008-05-09 04:30:08
  • 0

#18
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download Navilog1 by IL-MAFIOSO:
http://pagesperso-or...ix/Navilog1.exe
(*Alternate download location Here)

* Save it to your Desktop.
* Double-click on Navilog1.exe to install the program.
* When the installation is complete, the tool will start automatically.
* If it doesn't start automatically, please double-click on the Navilog1 shortcut on your Desktop to run it.
* Press E for English from the language Menu.
* Type 1 in the next Menu to select Search and press Enter.
* Wait for the Scan to finish (It may take a reasonable amount of time).
* Press any key as requested .
* A new document will be produced: fixnavi.txt.
* Please copy/paste the contents of this report in your next reply.

The report is also saved in the root of the directory, "%SystemDrive%\fixnavi.txt". (usually C:\fixnavi.txt)
  • 0

#19
smilingshannon

smilingshannon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
hope your having a good weekend!
here is that log

Search Navipromo version 3.5.7 began on Sat 05/17/2008 at 19:18:35.81

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Program Files\navilog1
Actual User Account : "Annette Gagnon"

Updated on 11.05.2008 at 18h00 by IL-MAFIOSO


Microsoft Windows XP [Version 5.1.2600]
Version Internet Explorer : 7.0.5730.13
Filesystem type : NTFS

Search done in normal mode


*** Search folders in "C:\WINDOWS" ***


*** Search folders in "C:\Program Files" ***


*** Search folders in "c:\docume~1\alluse~1.win\applic~1" ***


*** Search folders in "c:\docume~1\alluse~1.win\startm~1\programs" ***


*** Search folders in "C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\applic~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1.ANN\applic~1" ***


*** Search folders in "C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\locals~1\applic~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1.ANN\locals~1\applic~1" ***


*** Search folders in "C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\startm~1\programs" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\startm~1\programs" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1.ANN\startm~1\programs" ***

*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net

No file found


*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\WINDOWS\system32" *

Files found :

adsswbctr.exe found !
atryzggwc.exe found !
ckoycqonlq.exe found !
czswibb.exe found !
djjrkqd.exe found !
ejocjno.exe found !
ixylyibzrp.exe found !
ltvaqas.exe found !
mhzhagw.exe found !
pblkijwj.exe found !
phpxctp.exe found !
qxsspb.exe found !
rzsdvlz.exe found !
rzsdvlz.dat found !
sjvblzstv.exe found !
uaghzxjl.exe found !
uohook.exe found !
uokcvqjp.exe found !
vrkdomb.exe found !
vurqcwbx.exe found !
ysmovjk.exe found !
yvoqwfhixw.exe found !
zzqurcjr.exe found !
adsswbctr.exe found !
atryzggwc.exe found !
ckoycqonlq.exe found !
crmonzth.exe found !
czswibb.exe found !
djjrkqd.exe found !
dmlftxozj.exe found !
ejocjno.exe found !
iiyjjrjmid.exe found !
ixylyibzrp.exe found !
kxjqth.exe found !
ltvaqas.exe found !
mhzhagw.exe found !
nwgqymyy.exe found !
phpxctp.exe found !
pjglavjtt.exe found !
qxsspb.exe found !
rzsdvlz.exe found !
rzsdvlz.dat found !
sjvblzstv.exe found !
suofftl.exe found !
uohook.exe found !
uokcvqjp.exe found !
vrkdomb.exe found !
vurqcwbx.exe found !
yvoqwfhixw.exe found !
zzqurcjr.exe found !

Suspicious Files :

pblkijwj.exe found !
uaghzxjl.exe found !
ysmovjk.exe found !

* Scan in "C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\locals~1\applic~1" *

* Scan in "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Scan in "C:\DOCUME~1\ADMINI~1.ANN\locals~1\applic~1" *



*** Search files ***



*** Search specific Registry keys ***


*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In "C:\WINDOWS\system32" :

rzsdvlz.dat found !

* In "C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\locals~1\applic~1" :


* In "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


* In "C:\DOCUME~1\ADMINI~1.ANN\locals~1\applic~1" :


3)Certificates Search :

Egroup certificate not found !
Electronic-Group certificate found !
OOO-Favorit certificate found !
Sunny-Day-Design-Ltd certificate not found !

4)Search known files :



*** Search completed on Sat 05/17/2008 at 19:25:53.37 ***
  • 0

#20
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes my weekend is going well and I hope yours is as well :)
========================================
* Double-click on the Navilog1 shortcut icon from your Desktop to run it.
* Press E for English from the language Menu.
* Type 2 in the next Menu and press Enter.
* The tool will then advise you that it will restart your computer.
* Close all open windows and save personal documents, if any are open.
* If your computer doesn't restart automatically, restart it manually.
* Choose your usual session.
* Wait for the *** Clean finished the ... *** message (It may take a reasonable amount of time)
* A new document will be produced.
* Please copy/paste the contents of this report in your next reply.
* Your Desktop will now appear.

Note : In the event you lose your Desktop, press CTRL+ALT+Delete and run Explorer.exe as a new task.

The report is also saved in the root directory, %SystemDrive%\cleannavi.txt.. (usually C:\cleannavi.txt)
  • 0

#21
smilingshannon

smilingshannon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
it's been hot here today in vancouver it went up to 30c so I think that would have made it about 86f

here is that new log

Navipromo Removal version 3.5.7 started on Sat 05/17/2008 at 21:07:06.21

Fix running from C:\Program Files\navilog1
Actual User Account : "Annette Gagnon"

Updated on 11.05.2008 at 18h00 by IL-MAFIOSO


Microsoft Windows XP [Version 5.1.2600]
Internet Explorer : 7.0.5730.13
Filesystem type : NTFS

Automatic removal
with Catchme and GNS results


Cleanning stage done on Reboot



*** fsbl1.txt not found ***
(Check that Catchme found nothing in Search Mode)


*** Deleting with Backups GenericNaviSearch results ***

* Deletion in "C:\WINDOWS\System32" *

adsswbctr.exe found !
Copy adsswbctr.exe done !
adsswbctr.exe deleted !

atryzggwc.exe found !
Copy atryzggwc.exe done !
atryzggwc.exe deleted !

ckoycqonlq.exe found !
Copy ckoycqonlq.exe done !
ckoycqonlq.exe deleted !

crmonzth.exe found !
Copy crmonzth.exe done !
crmonzth.exe deleted !

czswibb.exe found !
Copy czswibb.exe done !
czswibb.exe deleted !

djjrkqd.exe found !
Copy djjrkqd.exe done !
djjrkqd.exe deleted !

dmlftxozj.exe found !
Copy dmlftxozj.exe done !
dmlftxozj.exe deleted !

ejocjno.exe found !
Copy ejocjno.exe done !
ejocjno.exe deleted !

iiyjjrjmid.exe found !
Copy iiyjjrjmid.exe done !
iiyjjrjmid.exe deleted !

ixylyibzrp.exe found !
Copy ixylyibzrp.exe done !
ixylyibzrp.exe deleted !

kxjqth.exe found !
Copy kxjqth.exe done !
kxjqth.exe deleted !

ltvaqas.exe found !
Copy ltvaqas.exe done !
ltvaqas.exe deleted !

mhzhagw.exe found !
Copy mhzhagw.exe done !
mhzhagw.exe deleted !

nwgqymyy.exe found !
Copy nwgqymyy.exe done !
nwgqymyy.exe deleted !

pblkijwj.exe found !
Copy pblkijwj.exe done !
pblkijwj.exe deleted !

phpxctp.exe found !
Copy phpxctp.exe done !
phpxctp.exe deleted !

pjglavjtt.exe found !
Copy pjglavjtt.exe done !
pjglavjtt.exe deleted !

qxsspb.exe found !
Copy qxsspb.exe done !
qxsspb.exe deleted !

rzsdvlz.exe found !
Copy rzsdvlz.exe done !
rzsdvlz.exe deleted !

rzsdvlz.dat found !
Copy rzsdvlz.dat done !
rzsdvlz.dat deleted !

sjvblzstv.exe found !
Copy sjvblzstv.exe done !
sjvblzstv.exe deleted !

suofftl.exe found !
Copy suofftl.exe done !
suofftl.exe deleted !

uaghzxjl.exe found !
Copy uaghzxjl.exe done !
uaghzxjl.exe deleted !

uohook.exe found !
Copy uohook.exe done !
uohook.exe deleted !

uokcvqjp.exe found !
Copy uokcvqjp.exe done !
uokcvqjp.exe deleted !

vrkdomb.exe found !
Copy vrkdomb.exe done !
vrkdomb.exe deleted !

vurqcwbx.exe found !
Copy vurqcwbx.exe done !
vurqcwbx.exe deleted !

ysmovjk.exe found !
Copy ysmovjk.exe done !
ysmovjk.exe deleted !

yvoqwfhixw.exe found !
Copy yvoqwfhixw.exe done !
yvoqwfhixw.exe deleted !

zzqurcjr.exe found !
Copy zzqurcjr.exe done !
zzqurcjr.exe deleted !


* Deletion in "C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\locals~1\applic~1" *


* Deletion in "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *


* Deletion in "C:\DOCUME~1\ADMINI~1.ANN\locals~1\applic~1" *



*** Deleting folders in "C:\WINDOWS" ***


*** Deleting folders in "C:\Program Files" ***


*** Deleting folders in "c:\docume~1\alluse~1.win\applic~1" ***


*** Deleting folders in "c:\docume~1\alluse~1.win\startm~1\programs" ***


*** Deleting folders in "C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\applic~1" ***


*** Deleting folders in "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Deleting folders in "C:\DOCUME~1\ADMINI~1.ANN\applic~1" ***


*** Deleting folders in "C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\locals~1\applic~1" ***


*** Deleting folders in "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Deleting folders in "C:\DOCUME~1\ADMINI~1.ANN\locals~1\applic~1" ***


*** Deleting folders in "C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\startm~1\programs" ***


*** Deleting folders in "C:\DOCUME~1\ADMINI~1\startm~1\programs" ***


*** Deleting folders in "C:\DOCUME~1\ADMINI~1.ANN\startm~1\programs" ***



*** Deleting files ***


*** Deleting temporary files ***

Cleaning of C:\WINDOWS\Temp done !
Cleaning of C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\locals~1\Temp done !

*** Complementary Search ***
(Search specific files)

1)Deletion with backups new Instant Access files:

2)Heuristic search and deletion with backups :


* In "C:\WINDOWS\system32" *


* In "C:\Documents and Settings\Annette Gagnon.ANNETTE-SHNKR5U\locals~1\applic~1" *


* In "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *


* In "C:\DOCUME~1\ADMINI~1.ANN\locals~1\applic~1" *


*** Copy Registry to Safebackup folder ***

Backing up Registry done !

*** Cleaning Registry ***

Registry cleaned


*** Certificates ***

Egroup Certificate not found !
Electronic-Group Certificate deleted !
OOO-Favorit Certificate deleted !
Sunny-Day-Design-Ltd Certificate not found !

*** Cleaning stage complete on Sat 05/17/2008 at 21:14:00.04 ***
  • 0

#22
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Looks good :)

Can you please post a new Hijackthis log and let me know if any more sypotoms have been present.
  • 0

#23
smilingshannon

smilingshannon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:48 AM, on 5/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\KiweeIEToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar\kwtbaim.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1187491040342
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7813 bytes
  • 0

#24
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
======================
Uninstall NaviPromo from your Add\Remove programs list.
===========
Cleanup::
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
===============
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us
=====================================
After that your log is clean. :)

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Ad-Aware-Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP