Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan horse that won't go away [Solved]

Started by sarahmm4 , Jan 17 2009 03:16 PM

  • This topic is locked This topic is locked

#1
sarahmm4
Posted 17 January 2009 - 03:16 PM

sarahmm4

    Member

  • Member
  • PipPip
  • 24 posts
I have followed all the steps in "You must read this before posting a Hijackthis Log, Malware Cleaning Guide" and the trojan horse keeps coming back. I use AVG Anti-Virus Free Edition and it keeps finding a trojan horse, called various things (example "Trojan horse Downloader.Generic8.MUR"). When I try to remove the threat, sometimes it says it removes it and other times it says it can't find the specified file but then the next time AVG runs, it finds another trojan horse.

I'm attaching my hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:54:03 PM, on 1/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {86FC2D31-9903-4B42-A408-32A056E303B7} - C:\WINDOWS\system32\byXNeEVL.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FlashIcon] C:\Program Files\Dane-Elec\USB 2.0 Card Reader Driver v2.3b\FlashIcon.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Sarah Maloney\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec....000045.0000011b
O4 - HKUS\S-1-5-19\..\Run: [lepepujafa] Rundll32.exe "C:\WINDOWS\system32\gumakona.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [lepepujafa] Rundll32.exe "C:\WINDOWS\system32\gumakona.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {10EC6CEC-5A1D-4E4E-AB85-8CC516F2A687} (AICPAViewer.clsViewer) - http://www.cpa-exam....AICPAViewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1B30282C-970F-4DCC-97D1-1714277525C1} (NMInstall Control) - http://profile.homes....0_HOMESCAN.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {3EEFCD4B-E9FD-4601-BE5D-C5C1776E51D3} (AICPASSV.Spreadsheet) - http://www.cpa-exam....tall/SSItem.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {4DCCD2FC-132F-45EC-BFDA-72235B85047C} (AICPAAuthLit.AuthLitItem) - http://www.cpa-exam....ll/SimItems.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://cdn.smugmug.c....1.0-082608.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127595652421
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmai..._downloader.cab
O16 - DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} (Image Uploader Control) - http://www.evite.com...geUploader4.cab
O16 - DPF: {909A35CA-61DC-4437-887E-30ED6D89F6C8} (AICPAUI.ucHyperlink) - http://www.cpa-exam....all/General.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {96F2228B-0D43-48AC-B857-29972C87EBA4} (AICPACR.ConstructedResponse) - http://www.cpa-exam....tall/CRItem.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {BE1BDC4F-2AAC-494E-88B1-86B2EE4F2D6D} (CopySafe3 Control) - http://download.copy...ad/Copysafe.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {D4C9E474-9A6C-4FBF-B13A-4BE2BDD34FD5} (AICPA treeView control) - http://www.cpa-exam....CPAViewerIL.cab
O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://www.sonypictu...aderControl.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://webmail.tred...131 /dwa7W.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL avgrsstx.dll dmfugg.dll c:\windows\system32\kibubura.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 17211 bytes


Here is my Uninstall list:
Ad-Aware 2007
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe® Photoshop® Album Starter Edition 3.2
AIM 6
Aim Plugin for QQ Games
AIMTunes (remove only)
AOL Instant Messenger
AOLIcon
Apple Software Update
ArcSoft Camera Suite 1.3
ATI Control Panel
ATI Display Driver
AVG Free 8.0
AVG Online Backup
Broadcom Advanced Control Suite 2
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CheckIt Diagnostics
CNN.com Desktop Alerter 1.0
Comcast High-Speed Internet Install Wizard
CopySafe Plugin
Coupon Printer for Windows
Creative MediaSource
Dane-Elec USB 2.0 Card Reader Driver v2.3b
DeductionPro 2006
Dell Driver Reset Tool
Dell Picture Studio v3.0
DellSupport
ERUNT 1.1j
GdiplusUpgrade
GearDrvs
Gold Miner: Vegas (remove only)
Google Desktop
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Update
Intel Application Accelerator
Intel® 537EP V9x DF PCI Modem
Internet Explorer Default Page
iPod for Windows 2006-01-10
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album 5
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 11
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
KODAK EASYSHARE Gallery Upload ActiveX Control
LaserJet 1020 series
Learn2 Player (Uninstall Only)
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Macromedia Flash Player
Malwarebytes' Anti-Malware
Mercora Player Plugin
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office XP Professional with FrontPage
Microsoft Picture It! Premium 10
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Streets and Trips 2005
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Event Monitor
Modem Helper
Modem On Hold
Move Networks Player for Internet Explorer
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicmatch® Jukebox
Napster
Napster Burn Engine
Nero 7 Essentials
neroxml
Netflix Movie Viewer
NetZeroInstallers
Otto
overland
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
PowerDVD 5.5
QQ Games
Qualxserve Service Agreement
QuickBooks Simple Start Special Edition
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Shockwave
Shop for HP Supplies
Sonic Audio module
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sound Blaster Audigy 2 ZS
Star Wars Battlefront
Symantec Technical Support Web Controls
TaxCut Deluxe 2005
TaxCut Premium + State + Efile 2007
TaxCut Premium 2006
TaxCut Virginia 2007
Uninstall AOL Emergency Connect Utility 1.0
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
WebCyberCoach 3.2 Dell
Windows Genuine Advantage v1.3.0254.0
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
  • 0

Advertisements

#2
heir
Posted 19 January 2009 - 07:41 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Hello sarahmm4 !

Welcome to the site! :) My nickname is heir and I'll be helping clean up your computer. :)

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis™ Logs Go Here.
  • Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
  • Make sure you reply to this thread using the Add Reply button: Posted Image

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.

Disable resident protections (Antivirus...); you'll re-enable them after the scans

Step 1.
Run Lop S&D:


Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)


Step 2.
Clean temp locations:

Please download ATF Cleaner by Atribune.
Caution: This program is for Windows 2000, XP and Vista onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Step 3.
Scan with OTScanIt2:

Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.
  • Open the OTScanIt2 folder and double-click on OTScanIt.exe to start the program. Make sure you close all other programs and don't use the PC while the scan runs.
  • Under File Age at the top, change it from 30 days to 90 days
  • Under Additional Scans clicl the "Extras"-button and check the boxes beside Reg - Disabled MS Config Items, File - Lop Check, File - Purity Scan.
  • Under Rootkit Search change it to Yes
  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Click the File menu and then clickSave
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way


Step 4.
Things I would like to see in your reply:

  • The content of C:\lopR.txt from step 1. (Pasted)
  • The file OTScanIt.txt from step 3. (Attached)

  • 0

#3
sarahmm4
Posted 25 January 2009 - 05:25 PM

sarahmm4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here is my log from step 1:
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.00GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A05
USER : Sarah Maloney ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
C:\ (Local Disk) - NTFS - Total:227 Go (Free:169 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Sun 01/25/2009|18:18 )

--------------------\\ Listing folders in APPLIC~1

[01/19/2006|04:27] C:\DOCUME~1\Adam\APPLIC~1\<DIR> Adobe
[11/20/2005|06:11] C:\DOCUME~1\Adam\APPLIC~1\<DIR> Aim
[09/18/2005|05:04] C:\DOCUME~1\Adam\APPLIC~1\<DIR> AOL
[07/02/2005|03:57] C:\DOCUME~1\Adam\APPLIC~1\<DIR> Creative
[09/22/2005|10:00] C:\DOCUME~1\Adam\APPLIC~1\<DIR> CyberLink
[02/25/2006|10:42] C:\DOCUME~1\Adam\APPLIC~1\<DIR> Google
[04/12/2007|07:31] C:\DOCUME~1\Adam\APPLIC~1\<DIR> Gtek
[07/02/2005|03:19] C:\DOCUME~1\Adam\APPLIC~1\<DIR> Identities
[10/30/2005|09:57] C:\DOCUME~1\Adam\APPLIC~1\<DIR> Lavasoft
[07/10/2005|01:51] C:\DOCUME~1\Adam\APPLIC~1\<DIR> Macromedia
[01/19/2006|02:54] C:\DOCUME~1\Adam\APPLIC~1\<DIR> Microsoft
[11/07/2005|01:39] C:\DOCUME~1\Adam\APPLIC~1\<DIR> Real
[07/02/2005|03:52] C:\DOCUME~1\Adam\APPLIC~1\<DIR> Sun
[07/02/2005|04:06] C:\DOCUME~1\Adam\APPLIC~1\<DIR> Symantec

[07/02/2005|03:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Creative
[07/02/2005|03:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[11/30/2008|06:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[07/02/2005|03:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun
[07/02/2005|04:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Symantec

[10/06/2008|05:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[02/10/2008|07:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[08/30/2008|04:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[01/02/2008|11:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[01/02/2008|12:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[12/12/2006|09:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[07/19/2008|02:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[12/19/2007|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[11/30/2008|06:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[11/30/2008|06:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Carbonite
[09/25/2006|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[07/23/2005|08:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek
[07/02/2005|04:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[07/02/2005|04:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intuit
[06/17/2007|04:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[08/30/2008|04:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> LightScribe
[01/02/2008|12:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Macromedia
[01/10/2009|04:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[10/22/2007|08:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[10/10/2005|07:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Napster
[08/30/2008|04:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Nero
[07/16/2005|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Otto
[03/14/2008|09:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> pdf995
[03/18/2008|02:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pure Networks
[08/01/2005|09:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[07/09/2005|08:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> RoboForm
[07/02/2005|03:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[07/23/2005|10:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBT
[02/05/2007|05:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SonyPicturesGames
[10/10/2006|08:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[05/26/2007|01:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Support.com
[11/30/2008|06:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[02/08/2008|07:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TaxCut
[09/24/2006|02:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[04/11/2007|10:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[09/24/2005|03:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[06/22/2008|06:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!
[04/19/2008|02:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ZoomBrowser

[07/02/2005|03:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Creative
[07/02/2005|03:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[07/02/2005|04:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[07/02/2005|03:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun
[07/02/2005|04:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Symantec

[08/29/2008|05:38] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Adobe
[03/31/2006|08:55] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Aim
[03/17/2007|09:58] C:\DOCUME~1\Guest\APPLIC~1\<DIR> AOL
[07/02/2005|03:57] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Creative
[10/28/2006|04:51] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Google
[06/10/2007|04:20] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Gtek
[07/02/2005|03:19] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Identities
[09/24/2005|09:49] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Macromedia
[11/30/2008|06:16] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Microsoft
[08/29/2008|05:37] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Mozilla
[11/06/2005|09:52] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Real
[07/02/2005|03:52] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Sun
[07/02/2005|04:06] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Symantec
[08/29/2008|05:35] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Yahoo!

[04/11/2007|10:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google
[11/30/2008|06:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[11/30/2008|06:16] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[07/09/2005|03:17] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Symantec

[12/12/2006|09:32] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> acccore
[02/20/2008|08:48] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Adobe
[01/14/2007|02:32] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> AdobeUM
[08/30/2008|04:32] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Ahead
[04/21/2006|06:52] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> AICPA
[07/09/2005|08:38] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Aim
[01/02/2008|11:15] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> AOL
[05/19/2006|09:35] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Apple Computer
[07/18/2005|07:06] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> ArcSoft
[12/26/2008|03:28] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> AVGTOOLBAR
[01/10/2009|04:18] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> CameraWindowDC
[04/19/2008|02:38] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> CANON INC
[10/27/2007|03:48] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> CNN
[07/02/2005|03:57] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Creative
[01/22/2006|01:26] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> CyberLink
[09/30/2006|12:02] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Google
[04/12/2007|07:46] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Gtek
[07/18/2005|07:15] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Help
[07/02/2005|03:19] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Identities
[02/13/2007|09:49] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Lavasoft
[11/27/2005|12:50] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Leadertech
[02/16/2007|07:57] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> LinkedIn
[07/09/2005|04:03] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Macromedia
[01/10/2009|04:51] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Malwarebytes
[03/26/2008|10:51] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Microsoft
[07/23/2005|10:22] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Microsoft Web Folders
[04/15/2007|12:29] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Move Networks
[09/05/2008|05:20] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Mozilla
[07/16/2005|09:31] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Otto
[03/14/2008|09:25] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> pdf995
[10/23/2007|01:48] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> QQ Games Plugin
[08/30/2008|04:52] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Real
[10/16/2005|04:58] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Roxio
[05/10/2006|08:33] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Snapfish
[11/27/2005|12:51] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Sonic
[07/02/2005|03:52] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Sun
[10/31/2007|05:24] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Symantec
[03/14/2008|09:25] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> TaxCut
[02/10/2007|11:57] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Viewpoint
[11/10/2008|08:22] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> Yahoo!
[11/30/2008|06:31] C:\DOCUME~1\SARAHM~1\APPLIC~1\<DIR> ZoomBrowser EX

[07/09/2005|06:45] C:\DOCUME~1\Tiffany\APPLIC~1\<DIR> Aim
[03/02/2007|07:40] C:\DOCUME~1\Tiffany\APPLIC~1\<DIR> AOL
[03/02/2007|07:41] C:\DOCUME~1\Tiffany\APPLIC~1\<DIR> Apple Computer
[03/02/2007|08:55] C:\DOCUME~1\Tiffany\APPLIC~1\<DIR> ArcSoft
[07/02/2005|03:57] C:\DOCUME~1\Tiffany\APPLIC~1\<DIR> Creative
[03/02/2007|07:42] C:\DOCUME~1\Tiffany\APPLIC~1\<DIR> Google
[04/12/2007|07:31] C:\DOCUME~1\Tiffany\APPLIC~1\<DIR> Gtek
[07/02/2005|03:19] C:\DOCUME~1\Tiffany\APPLIC~1\<DIR> Identities
[07/09/2005|06:40] C:\DOCUME~1\Tiffany\APPLIC~1\<DIR> Macromedia
[11/30/2008|06:16] C:\DOCUME~1\Tiffany\APPLIC~1\<DIR> Microsoft
[10/29/2005|08:22] C:\DOCUME~1\Tiffany\APPLIC~1\<DIR> Real
[07/02/2005|03:52] C:\DOCUME~1\Tiffany\APPLIC~1\<DIR> Sun
[07/02/2005|04:06] C:\DOCUME~1\Tiffany\APPLIC~1\<DIR> Symantec

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[01/10/2009 12:21 PM][--a------] C:\WINDOWS\tasks\WebReg 20090110122107.job
[01/23/2009 12:00 PM][--a------] C:\WINDOWS\tasks\evvgfysg.job
[01/21/2009 07:38 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[01/17/2009 09:35 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/10/2004 05:00 AM][-r-h-----] C:\WINDOWS\tasks\DESKTOP.INI

--------------------\\ Listing Folders in C:\Program Files

[07/19/2008|03:34] C:\Program Files\<DIR> Adobe
[09/15/2006|06:38] C:\Program Files\<DIR> AIM
[10/15/2007|08:55] C:\Program Files\<DIR> AIM6
[10/27/2007|01:29] C:\Program Files\<DIR> AIMTunes
[09/15/2006|06:38] C:\Program Files\<DIR> AOD
[01/02/2008|11:16] C:\Program Files\<DIR> AOL
[07/19/2008|02:51] C:\Program Files\<DIR> Apple Software Update
[07/18/2005|07:05] C:\Program Files\<DIR> ArcSoft
[07/02/2005|03:54] C:\Program Files\<DIR> ATI Technologies
[11/30/2008|06:16] C:\Program Files\<DIR> AVG
[07/02/2005|03:54] C:\Program Files\<DIR> Broadcom
[04/19/2008|02:12] C:\Program Files\<DIR> Canon
[11/30/2008|06:27] C:\Program Files\<DIR> Carbonite
[12/16/2006|03:19] C:\Program Files\<DIR> CheckIt
[10/27/2007|03:48] C:\Program Files\<DIR> CNN.com Desktop Alerter
[11/30/2008|06:08] C:\Program Files\<DIR> Common Files
[07/02/2005|03:19] C:\Program Files\<DIR> ComPlus Applications
[05/14/2006|06:15] C:\Program Files\<DIR> Copysafe
[04/06/2008|03:19] C:\Program Files\<DIR> Coupons
[07/02/2005|03:56] C:\Program Files\<DIR> Creative
[07/02/2005|03:57] C:\Program Files\<DIR> CyberLink
[07/08/2006|01:56] C:\Program Files\<DIR> Dane-Elec
[03/26/2007|05:10] C:\Program Files\<DIR> DeductionPro 2006
[07/02/2005|04:09] C:\Program Files\<DIR> Dell
[07/02/2005|04:01] C:\Program Files\<DIR> Dell Inc
[04/12/2007|07:30] C:\Program Files\<DIR> DellSupport
[07/04/2007|10:37] C:\Program Files\<DIR> DIFX
[04/08/2006|01:53] C:\Program Files\<DIR> eGames
[07/02/2005|04:01] C:\Program Files\<DIR> Encarta
[07/02/2005|03:19] C:\Program Files\<DIR> EnglishOtto
[01/10/2009|04:44] C:\Program Files\<DIR> ERUNT
[11/10/2008|08:30] C:\Program Files\<DIR> GemMaster
[09/24/2006|02:50] C:\Program Files\<DIR> Gold Miner Vegas
[01/30/2007|06:58] C:\Program Files\<DIR> Google
[08/30/2008|04:54] C:\Program Files\<DIR> Hewlett-Packard
[04/02/2008|03:38] C:\Program Files\<DIR> HP
[11/01/2008|01:27] C:\Program Files\<DIR> InstallShield Installation Information
[07/02/2005|03:55] C:\Program Files\<DIR> Intel
[12/10/2008|03:02] C:\Program Files\<DIR> Internet Explorer
[07/02/2005|04:04] C:\Program Files\<DIR> Intuit
[05/19/2006|09:30] C:\Program Files\<DIR> iPod
[06/03/2006|10:48] C:\Program Files\<DIR> IrfanView
[05/24/2006|08:30] C:\Program Files\<DIR> iTunes
[07/02/2005|04:00] C:\Program Files\<DIR> Jasc Software Inc
[12/28/2008|09:31] C:\Program Files\<DIR> Java
[10/07/2007|05:47] C:\Program Files\<DIR> Lavasoft
[07/02/2005|04:03] C:\Program Files\<DIR> Learn2.com
[12/04/2005|05:10] C:\Program Files\<DIR> LucasArts
[01/10/2009|04:51] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[01/05/2007|03:28] C:\Program Files\<DIR> Mercora
[01/11/2009|03:15] C:\Program Files\<DIR> Messenger
[07/02/2005|04:01] C:\Program Files\<DIR> Microsoft ActiveSync
[10/27/2007|01:09] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[09/25/2005|01:39] C:\Program Files\<DIR> microsoft frontpage
[07/02/2005|04:01] C:\Program Files\<DIR> Microsoft Money 2005
[07/26/2005|08:26] C:\Program Files\<DIR> Microsoft Office
[07/02/2005|03:59] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition
[07/02/2005|03:59] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE
[07/02/2005|04:01] C:\Program Files\<DIR> Microsoft Streets and Trips
[07/02/2005|04:01] C:\Program Files\<DIR> Microsoft Works
[07/02/2005|04:01] C:\Program Files\<DIR> Microsoft Works Suite 2005
[07/02/2005|03:55] C:\Program Files\<DIR> Modem Helper
[07/02/2005|03:55] C:\Program Files\<DIR> Modem On Hold
[01/11/2009|03:05] C:\Program Files\<DIR> Movie Maker
[01/25/2009|05:28] C:\Program Files\<DIR> Mozilla Firefox
[07/02/2005|03:19] C:\Program Files\<DIR> MSN
[07/02/2005|03:19] C:\Program Files\<DIR> MSN Gaming Zone
[10/15/2006|02:00] C:\Program Files\<DIR> MSXML 4.0
[08/30/2008|04:53] C:\Program Files\<DIR> MUSICMATCH
[10/15/2005|10:35] C:\Program Files\<DIR> Napster
[08/30/2008|04:15] C:\Program Files\<DIR> Nero
[08/16/2007|07:24] C:\Program Files\<DIR> Netflix
[01/11/2009|03:01] C:\Program Files\<DIR> NetMeeting
[07/02/2005|03:58] C:\Program Files\<DIR> NetZeroInstallers
[11/30/2008|06:09] C:\Program Files\<DIR> Norton 360
[11/02/2007|09:15] C:\Program Files\<DIR> Norton SystemWorks
[05/15/2006|08:02] C:\Program Files\<DIR> OfficeUpdate11
[07/02/2005|03:19] C:\Program Files\<DIR> Online Services
[01/11/2009|03:01] C:\Program Files\<DIR> Outlook Express
[09/10/2005|04:37] C:\Program Files\<DIR> Overland
[02/08/2008|07:28] C:\Program Files\<DIR> PDF995
[07/02/2005|04:01] C:\Program Files\<DIR> Picture It! Premium 10
[12/19/2007|11:14] C:\Program Files\<DIR> QuickTime
[07/02/2005|04:03] C:\Program Files\<DIR> Real
[07/02/2005|03:20] C:\Program Files\<DIR> RGB
[07/23/2005|10:27] C:\Program Files\<DIR> Snapshot Viewer
[08/28/2005|09:21] C:\Program Files\<DIR> Sonic
[10/10/2006|08:54] C:\Program Files\<DIR> Spybot - Search & Destroy
[05/26/2007|01:43] C:\Program Files\<DIR> support.com
[11/30/2008|06:09] C:\Program Files\<DIR> Symantec
[12/05/2006|07:09] C:\Program Files\<DIR> Symantec Technical Support
[12/26/2005|12:12] C:\Program Files\<DIR> TaxCut05
[02/08/2008|07:28] C:\Program Files\<DIR> TaxCut06
[02/08/2008|07:27] C:\Program Files\<DIR> TaxCut07
[10/16/2007|06:55] C:\Program Files\<DIR> Tencent
[01/03/2009|04:57] C:\Program Files\<DIR> Trend Micro
[07/02/2005|03:19] C:\Program Files\<DIR> Uninstall Information
[04/11/2007|10:04] C:\Program Files\<DIR> Viewpoint
[07/23/2005|08:55] C:\Program Files\<DIR> WebCyberCoach
[04/07/2008|12:12] C:\Program Files\<DIR> Windows Media Connect 2
[04/07/2008|12:12] C:\Program Files\<DIR> Windows Media Player
[01/11/2009|03:01] C:\Program Files\<DIR> Windows NT
[07/02/2005|03:19] C:\Program Files\<DIR> Windows Plus
[07/02/2005|03:19] C:\Program Files\<DIR> WindowsUpdate
[07/02/2005|03:19] C:\Program Files\<DIR> XEROX
[08/30/2008|04:53] C:\Program Files\<DIR> Yahoo!
[07/02/2005|03:58] C:\Program Files\<DIR> Your Company Name
[06/21/2008|05:40] C:\Program Files\<DIR> Zenographics

--------------------\\ Listing Folders in C:\Program Files\Common Files

[02/10/2008|07:05] C:\Program Files\Common Files\<DIR> Adobe
[08/30/2008|05:04] C:\Program Files\Common Files\<DIR> Ahead
[07/02/2005|04:04] C:\Program Files\Common Files\<DIR> AnswerWorks 4.0
[01/06/2008|02:35] C:\Program Files\Common Files\<DIR> AOL
[04/19/2008|01:56] C:\Program Files\Common Files\<DIR> Canon
[07/02/2005|04:01] C:\Program Files\Common Files\<DIR> Designer
[07/09/2005|03:21] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[07/09/2005|03:18] C:\Program Files\Common Files\<DIR> HP
[11/30/2008|05:46] C:\Program Files\Common Files\<DIR> InstallShield
[07/02/2005|04:04] C:\Program Files\Common Files\<DIR> Intuit
[07/02/2005|04:00] C:\Program Files\Common Files\<DIR> Jasc Software Inc
[07/02/2005|03:52] C:\Program Files\Common Files\<DIR> Java
[12/24/2008|09:01] C:\Program Files\Common Files\<DIR> Microsoft Shared
[07/02/2005|03:19] C:\Program Files\Common Files\<DIR> MSSoap
[08/14/2005|10:27] C:\Program Files\Common Files\<DIR> NSV
[07/02/2005|04:03] C:\Program Files\Common Files\<DIR> Nullsoft
[07/02/2005|03:19] C:\Program Files\Common Files\<DIR> ODBC
[08/30/2008|04:52] C:\Program Files\Common Files\<DIR> Real
[07/02/2005|03:19] C:\Program Files\Common Files\<DIR> Services
[06/11/2006|10:50] C:\Program Files\Common Files\<DIR> Sonic Shared
[07/02/2005|03:19] C:\Program Files\Common Files\<DIR> SpeechEngines
[07/09/2005|07:38] C:\Program Files\Common Files\<DIR> SWF Studio
[11/30/2008|06:12] C:\Program Files\Common Files\<DIR> Symantec Shared
[01/11/2009|03:01] C:\Program Files\Common Files\<DIR> System
[07/02/2005|03:59] C:\Program Files\Common Files\<DIR> TiVo Shared
[04/11/2007|10:04] C:\Program Files\Common Files\<DIR> Viewpoint
[10/07/2007|05:45] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 70 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-25 18:20:33
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

C:\WINDOWS\system32\LVEeNXyb.ini
C:\WINDOWS\system32\LVEeNXyb.ini2
==> VUNDO <==



[F:26][D:6]-> C:\DOCUME~1\SARAHM~1\LOCALS~1\Temp
[F:15][D:0]-> C:\DOCUME~1\SARAHM~1\Cookies
[F:507][D:4]-> C:\DOCUME~1\SARAHM~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sun 01/25/2009|18:22 - Option : [1]

--------------------\\ Scan completed at 18:22:36
  • 0

#4
sarahmm4
Posted 25 January 2009 - 05:45 PM

sarahmm4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I'm attaching the log from step 3. Thanks for your help!

Attached Files


  • 0

#5
heir
Posted 26 January 2009 - 02:40 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts

Thanks for your help!

Your welcome. My pleasure. :)

Let's start removing the bad stuff then.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Step 1.
Run SDFix:

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum

Step 2.
Uninstall malicious software :

Older versions of Java are vulnerable to attack and should be removed.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar



Step 3.
OTScanIt2-fix:

Start OTScanIt2. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {86FC2D31-9903-4B42-A408-32A056E303B7} [HKLM] -> %SystemRoot%\system32\byXNeEVL.dll [Reg Error: Value does not exist or could not be read.]
YN -> {A7327C09-B521-4EDB-8509-7D2660C9EC98} [HKLM] -> %ProgramFiles%\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll [Viewpoint Toolbar BHO]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> "{F8AD5AA5-D966-4667-9DAF-2561D68B2012}" [HKLM] -> %CommonProgramFiles%\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll [Viewpoint Toolbar]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\"{724D43A0-0D85-11D4-9908-00400523E39A}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "CTHelper" -> %SystemRoot%\SYSTEM32\CTHELPER.EXE [CTHELPER.EXE]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "SpeedRunner" -> %AppData%\SpeedRunner\SpeedRunner.exe [C:\Documents and Settings\Sarah Maloney\Application Data\SpeedRunner\SpeedRunner.exe]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> dmfugg.dll ->
YY -> c:\windows\system32\kibubura.dll -> %SystemRoot%\system32\kibubura.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\byXNeEVL ->
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire]
[Files/Folders - Created Within 90 Days]
NY -> suwowoze -> %SystemRoot%\System32\suwowoze
NY -> ifulibas.ini -> %SystemRoot%\System32\ifulibas.ini
NY -> oloragun.ini -> %SystemRoot%\System32\oloragun.ini
NY -> edisolev.ini -> %SystemRoot%\System32\edisolev.ini
NY -> ogileyuw.ini -> %SystemRoot%\System32\ogileyuw.ini
NY -> amohulov.ini -> %SystemRoot%\System32\amohulov.ini
NY -> inemamad.ini -> %SystemRoot%\System32\inemamad.ini
NY -> elokazak.ini -> %SystemRoot%\System32\elokazak.ini
NY -> ohahilof.ini -> %SystemRoot%\System32\ohahilof.ini
NY -> elokeput.ini -> %SystemRoot%\System32\elokeput.ini
NY -> umeditok.ini -> %SystemRoot%\System32\umeditok.ini
NY -> iyuwugaj.ini -> %SystemRoot%\System32\iyuwugaj.ini
NY -> obumihel.ini -> %SystemRoot%\System32\obumihel.ini
NY -> ozokapaj.ini -> %SystemRoot%\System32\ozokapaj.ini
NY -> udanatoh.ini -> %SystemRoot%\System32\udanatoh.ini
NY -> ewanomer.ini -> %SystemRoot%\System32\ewanomer.ini
NY -> ovonoloy.ini -> %SystemRoot%\System32\ovonoloy.ini
NY -> usipiven.ini -> %SystemRoot%\System32\usipiven.ini
NY -> ajaminun.ini -> %SystemRoot%\System32\ajaminun.ini
NY -> ofiwanomohag.dll -> %SystemRoot%\ofiwanomohag.dll
NY -> ehupujilil.dll -> %SystemRoot%\ehupujilil.dll
NY -> wsrxfqqu.ini -> %SystemRoot%\System32\wsrxfqqu.ini
NY -> 68222317 -> %SystemDrive%\68222317
NY -> dujbsrkp.ini -> %SystemRoot%\System32\dujbsrkp.ini
NY -> LVEeNXyb.ini2 -> %SystemRoot%\System32\LVEeNXyb.ini2
NY -> LVEeNXyb.ini -> %SystemRoot%\System32\LVEeNXyb.ini
NY -> evvgfysg.job -> %SystemRoot%\tasks\evvgfysg.job
[Files/Folders - Modified Within 90 Days]
NY -> evvgfysg.job -> %SystemRoot%\tasks\evvgfysg.job
NY -> suwowoze -> %SystemRoot%\System32\suwowoze
NY -> ifulibas.ini -> %SystemRoot%\System32\ifulibas.ini
NY -> oloragun.ini -> %SystemRoot%\System32\oloragun.ini
NY -> edisolev.ini -> %SystemRoot%\System32\edisolev.ini
NY -> ogileyuw.ini -> %SystemRoot%\System32\ogileyuw.ini
NY -> amohulov.ini -> %SystemRoot%\System32\amohulov.ini
NY -> inemamad.ini -> %SystemRoot%\System32\inemamad.ini
NY -> elokazak.ini -> %SystemRoot%\System32\elokazak.ini
NY -> ohahilof.ini -> %SystemRoot%\System32\ohahilof.ini
NY -> elokeput.ini -> %SystemRoot%\System32\elokeput.ini
NY -> umeditok.ini -> %SystemRoot%\System32\umeditok.ini
NY -> iyuwugaj.ini -> %SystemRoot%\System32\iyuwugaj.ini
NY -> obumihel.ini -> %SystemRoot%\System32\obumihel.ini
NY -> ozokapaj.ini -> %SystemRoot%\System32\ozokapaj.ini
NY -> udanatoh.ini -> %SystemRoot%\System32\udanatoh.ini
NY -> ewanomer.ini -> %SystemRoot%\System32\ewanomer.ini
NY -> ovonoloy.ini -> %SystemRoot%\System32\ovonoloy.ini
NY -> usipiven.ini -> %SystemRoot%\System32\usipiven.ini
NY -> ajaminun.ini -> %SystemRoot%\System32\ajaminun.ini
NY -> ofiwanomohag.dll -> %SystemRoot%\ofiwanomohag.dll
NY -> ehupujilil.dll -> %SystemRoot%\ehupujilil.dll
NY -> LVEeNXyb.ini -> %SystemRoot%\System32\LVEeNXyb.ini
NY -> LVEeNXyb.ini2 -> %SystemRoot%\System32\LVEeNXyb.ini2
NY -> wsrxfqqu.ini -> %SystemRoot%\System32\wsrxfqqu.ini
NY -> 68222317 -> %SystemDrive%\68222317
NY -> dujbsrkp.ini -> %SystemRoot%\System32\dujbsrkp.ini
[File - Lop Check]
NY -> Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint
NY -> Viewpoint -> C:\Documents and Settings\Sarah Maloney\Application Data\Viewpoint
NY -> evvgfysg.job -> C:\WINDOWS\Tasks\evvgfysg.job
[Purity]
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Step 4.
Scan with HJT:

Scan your computer with HiJackThis and post the fresh HJT-log in your reply.

Step 5.
Things I would like to see in your reply:

  • The content of C:\SDFix\Report.txt from step 1.
  • The content of fixlog from OTScanIt2 from step 2.
  • The content of the fresh HJT-log from step 3.
[/list]
  • 0

#6
sarahmm4
Posted 27 January 2009 - 08:25 AM

sarahmm4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
OK, I think I have worse problems now. Last night, I did steps 1 and 2 without any problem. When I got to step 3, I pasted in the information, then clicked "Run Fix." I left the room and when I came back the computer had restarted but it was stuck at the Windows welcome screen where I normally see icons for the different users that I'm able to log in as. However, there were no icons to click on -- just the icon that says Windows XP. I tried restarting but every time I get back to the same spot and I'm stuck there. Please help!
  • 0

#7
heir
Posted 27 January 2009 - 11:48 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
We have some options to deal with this.

Lets start off with the last known good configuration

How that is done is described here

Follow those instructions to start your computer with the last known good configuration.

Post back here and let me know if you can log in again.
Also go and find you windows installation CD, we might need it next.
  • 0

#8
sarahmm4
Posted 27 January 2009 - 05:24 PM

sarahmm4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I restarted using the "last known good configuration" and still see the same thing.
  • 0

#9
heir
Posted 27 January 2009 - 05:48 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Do you have your Windows installations CD along with the CD-key?
  • 0

#10
sarahmm4
Posted 27 January 2009 - 05:59 PM

sarahmm4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I don't think so :)
  • 0

Advertisements

#11
heir
Posted 27 January 2009 - 06:02 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
I need to consult my colleagues on how to proceed with this.
It's late here, need some sleep.
I'll get back to you as soon as I can.
  • 0

#12
heir
Posted 28 January 2009 - 10:17 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
We need a windows installation CD for Windows XP Pro.
You need to find one or borrow one. This is crucial if we're going to be able to fix this.
You also need the CD-key for the windows that's currently installed. It might be found on a sticker on the computer.
Let me know when you have the Installation-CD and the CD-key (for the currently installed windows)

Can you also try to boot into safe mode and let me know if you were able to logon.
  • 0

#13
sarahmm4
Posted 30 January 2009 - 08:20 PM

sarahmm4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I am unable to boot in safe mode. I don't have the windows cd so I guess I gotta find one somehow.
  • 0

#14
heir
Posted 31 January 2009 - 03:14 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts

I am unable to boot in safe mode. I don't have the windows cd so I guess I gotta find one somehow.

Yes you do.
Let me know when you have it.
  • 0

#15
sarahmm4
Posted 02 February 2009 - 07:49 AM

sarahmm4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Okay, I was able to borrow a cd from someone. Now what?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP