 Infected With The Spyware-cyberlog-x Virus, have tried everything and I can't fix it! |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Nov 15 2007, 07:21 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 11 Joined: 12-November 07 Member No.: 169,275  |
My Hijackthis log is: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:53:30 PM, on 11/15/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\BitDefender\BitDefender 2008\seccenter.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\UXLOKVCT\stinger[1].exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: {b23d044f-f519-142a-f984-24e140f38fe7} - {7ef83f04-1e42-489f-a241-915ff440d32b} - C:\WINDOWS\system32\sdgleevm.dll O2 - BHO: (no name) - {99F4FDB7-60C5-441E-92B1-408B8AB99C26} - C:\WINDOWS\system32\ursrr.dll (file missing) O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\bdkefiaf.dll O2 - BHO: (no name) - {CB94BE1D-F27F-4AC5-8A9C-C43A93CAC863} - C:\Program Files\Internet Explorer\hokenowa4444.dll (file missing) O2 - BHO: (no name) - {d83d0080-d489-4405-a5a6-fd944a52759a} - C:\WINDOWS\system32\diqdwbo.dll (file missing) O2 - BHO: (no name) - {F3BE9629-376E-4DA8-BFA3-7E38ABF03CBB} - C:\Program Files\Internet Explorer\hokenowa83122.dll (file missing) O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\bdkefiaf.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {DABFA9AD-4E31-43F4-9D60-4CDD20F57F28} (PhotomaxUploader.ActiveXControl) - http://photomax.com/web/PhotomaxUploader.CAB O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} (Quantum Streaming IE VersionManager Class) - http://qmedia.xlontech.net/100170/sdk/late...2ie06041001.cab O20 - Winlogon Notify: bdkefiaf - C:\WINDOWS\SYSTEM32\bdkefiaf.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 6813 bytes My SmitfraudFix log is: SmitFraudFix v2.253 Scan done at 7:43:01.65, Thu 11/15/2007 Run from C:\Documents and Settings\Jeremy\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel® PRO/Wireless 2915ABG Network Connection - Packet Scheduler Miniport DNS Server Search Order: 192.168.0.1 DNS Server Search Order: 205.171.3.65 HKLM\SYSTEM\CCS\Services\Tcpip\..\{90E94676-6819-4552-B794-4CCF36F600A3}: DhcpNameServer=192.168.0.1 205.171.3.65 HKLM\SYSTEM\CS1\Services\Tcpip\..\{90E94676-6819-4552-B794-4CCF36F600A3}: DhcpNameServer=192.168.0.1 205.171.3.65 HKLM\SYSTEM\CS3\Services\Tcpip\..\{90E94676-6819-4552-B794-4CCF36F600A3}: DhcpNameServer=192.168.0.1 205.171.3.65 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 205.171.3.65 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 205.171.3.65 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 205.171.3.65 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End |
 |
 
|
|
Nov 20 2007, 01:20 PM
Post
#2
|
|
 Portuguese Malware Fighter Group: HJT Team Posts: 1,374 Joined: 5-April 07 From: Portugal Member No.: 122,277 |
Hi, Wellcome to Bleeping Computer Forums and thanks for your patience!
You might want to save this page on your favorites, so you can find it again when you return. Please take note of the following:
Please give me some time to look over your log and I will get back to you as soon as possible. 
--------------------  Please do not PM me asking for support. Please be courteous, polite, and say thank you. Please post the final results, good or bad. We like to know! |
|
|
|
|
Nov 20 2007, 03:43 PM
Post
#3
|
|
|
New Member Group: Members Posts: 11 Joined: 12-November 07 Member No.: 169,275 |
Okay, Thank you very much for your help on this! I'll wait for your response to my logs before I continue.
|
|
|
|
|
Nov 21 2007, 05:12 AM
Post
#4
|
|
|
Portuguese Malware Fighter Group: HJT Team Posts: 1,374 Joined: 5-April 07 From: Portugal Member No.: 122,277 |
Hello,
1. Please make sure that you can view all hidden files. Instructions on how to do this can be found here: How to see hidden files in Windows 2. Please click this link-->Jotti When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time. C:\WINDOWS\system32\sdgleevm.dll C:\WINDOWS\system32\bdkefiaf.dll Please post back the results of the scan in your next post. You also can try the same at Virustotal: http://www.virustotal.com/ 3. Please go to the following url: http://www.bleepingcomputer.com/submit-malware.php?channel=17
4. Please download VundoFix.exe to your desktop
5. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:
6. Open HijackThis, click Config, click Misc Tools Click "Open Uninstall Manager" Click "Save List" (generates uninstall_list.txt) Click Save, copy and paste the results in your next post. 7. Please download show-vundo.vbs to your desktop
8. In your next reply, please post:
Regards, -------------------- Please do not PM me asking for support. Please be courteous, polite, and say thank you. Please post the final results, good or bad. We like to know! |
|
|
|
|
Nov 21 2007, 03:59 PM
Post
#5
|
|
|
New Member Group: Members Posts: 11 Joined: 12-November 07 Member No.: 169,275 |
New HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:53:59 PM, on 11/21/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: {b23d044f-f519-142a-f984-24e140f38fe7} - {7ef83f04-1e42-489f-a241-915ff440d32b} - C:\WINDOWS\system32\sdgleevm.dll O2 - BHO: (no name) - {99F4FDB7-60C5-441E-92B1-408B8AB99C26} - C:\WINDOWS\system32\ursrr.dll (file missing) O2 - BHO: (no name) - {CB94BE1D-F27F-4AC5-8A9C-C43A93CAC863} - C:\Program Files\Internet Explorer\hokenowa4444.dll (file missing) O2 - BHO: (no name) - {d83d0080-d489-4405-a5a6-fd944a52759a} - C:\WINDOWS\system32\diqdwbo.dll (file missing) O2 - BHO: (no name) - {F3BE9629-376E-4DA8-BFA3-7E38ABF03CBB} - C:\Program Files\Internet Explorer\hokenowa83122.dll (file missing) O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {DABFA9AD-4E31-43F4-9D60-4CDD20F57F28} (PhotomaxUploader.ActiveXControl) - http://photomax.com/web/PhotomaxUploader.CAB O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} (Quantum Streaming IE VersionManager Class) - http://qmedia.xlontech.net/100170/sdk/late...2ie06041001.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 6897 bytes File sdgleevm.dll received on 11.21.2007 18:03:55 (CET)Antivirus Version Last Update Result AhnLab-V3 2007.11.21.1 2007.11.21 - AntiVir 7.6.0.34 2007.11.21 TR/Spy.Vundo.79936 Authentium 4.93.8 2007.11.21 - Avast 4.7.1074.0 2007.11.20 - AVG 7.5.0.503 2007.11.21 Lop BitDefender 7.2 2007.11.21 - CAT-QuickHeal 9.00 2007.11.21 - ClamAV 0.91.2 2007.11.21 - DrWeb 4.44.0.09170 2007.11.21 - eSafe 7.0.15.0 2007.11.14 - eTrust-Vet 31.3.5313 2007.11.21 - Ewido 4.0 2007.11.21 - FileAdvisor 1 2007.11.21 - Fortinet 3.14.0.0 2007.11.21 - F-Prot 4.4.2.54 2007.11.21 - F-Secure 6.70.13030.0 2007.11.21 Vundo.gen49 Ikarus T3.1.1.12 2007.11.21 - Kaspersky 7.0.0.125 2007.11.21 - McAfee 5167 2007.11.20 Vundo Microsoft 1.3007 2007.11.21 - NOD32v2 2675 2007.11.21 a variant of Win32/BHO.G Norman 5.80.02 2007.11.20 W32/Virtumonde.IJL Panda 9.0.0.4 2007.11.21 Suspicious file Prevx1 V2 2007.11.21 Trojan.Vundo Rising 20.19.21.00 2007.11.21 - Sophos 4.23.0 2007.11.21 - Sunbelt 2.2.907.0 2007.11.21 - Symantec 10 2007.11.21 - TheHacker 6.2.9.136 2007.11.21 - VBA32 3.12.2.5 2007.11.20 - VirusBuster 4.3.26:9 2007.11.21 Adware.Vundo.V.Gen Webwasher-Gateway 6.0.1 2007.11.21 Trojan.Spy.Vundo.79936 Additional information File size: 81472 bytes MD5: f01a19ed7efc75ca68cdafacc37a8e87 SHA1: 288701132255506c342fa6007faf9fc451b2b449 Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5...7EF8500E1EEE03D C:\WINDOWS\system32\bdkefiaf.dll does not show up through browse. VundoFix V6.6.2 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Scan started at 10:45:45 AM 11/21/2007 Listing files found while scanning.... C:\WINDOWS\system32\bdkefiaf.dll C:\windows\system32\bdkefiaf.dllbox C:\windows\system32\eulklbsn.dllbox Beginning removal... Attempting to delete C:\windows\system32\bdkefiaf.dllbox C:\windows\system32\bdkefiaf.dllbox Has been deleted! Attempting to delete C:\windows\system32\eulklbsn.dllbox C:\windows\system32\eulklbsn.dllbox Has been deleted! Performing Repairs to the registry. Done! Ad-Aware SE Personal Adobe Acrobat 5.0 Adobe Flash Player 9 ActiveX Adobe Reader 8.1.0 AirhogsFlightSimFullVersion 1.0 AOLIcon Apple Software Update Autodesk Design Review Trial Autodesk DWF Viewer 7 avast! Antivirus BitDefender Antivirus 2008 Broadcom Management Programs Brother MFL-Pro Suite CASHFLOW® 202 THE E-GAME CASHFLOW® THE E-GAME Conexant D480 MDC V.9x Modem ConvertMovie 3.0 Dell Driver Reset Tool Dell Media Experience Dell Picture Studio v3.0 Dell Support 5.0.0 (630) Digimax Master Digital Line Detect exPressit S.E. 2.2 First Step Guide FXCM Trading Station II Google Earth Google Toolbar for Internet Explorer Google Web Accelerator Google Web Accelerator Google Web Accelerator HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB896344) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) ImageMixer EasyStepDVD Intel® Extreme Graphics 2 Driver Intel® PROSet/Wireless Software Interactive Medical Terminology 2.0 Internet Explorer Default Page InterVideo WinDVR 3 IrfanView (remove only) iTunes Jasc Paint Shop Photo Album 5 Jasc Paint Shop Pro Studio, Dell Editon Java™ 6 Update 3 Learn2 Player (Uninstall Only) Macromedia Flash Player mCore mDrWiFi mHlpDell Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2003 Resource Kit Microsoft Office FrontPage 2003 Microsoft Office OneNote 2003 Microsoft Office Professional Edition 2003 Microsoft Office Project Professional 2003 Microsoft Office Standard Edition 2003 Microsoft Office Visio Professional 2003 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft User-Mode Driver Framework Feature Pack 1.0 mIWA mIWCA mLogView mMHouse Modem Helper mPfMgr mPfWiz mProSafe MSN Money Investment Toolbox mSSO MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) mToolkit mWlsSafe mXML My Way Search Assistant mZConfig NBC Direct Beta Netflix Movie Viewer NetWaiting OpenCASE Media Agent PaperPort Personal Ancestral File 5 Photo Click Photo Explosion Special Edition PowerDVD 5.5 QuickBooks Simple Start Special Edition QuickTime RealPlayer Samsung USB Driver Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 2.0 (KB928365) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB943460) Sonic DLA Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Spybot - Search & Destroy 1.4 Synaptics Pointing Device Driver Texas Instruments PCIxx20 drivers. TurboTax Home & Business 2006 TurboTax ItsDeductible 2006 Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Viewpoint Media Player WexTech AnswerWorks Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Live OneCare safety scanner Windows Media Connect Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 10 Windows Media Player 11 Windows Media Player 11 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Yahoo! Photos Easy Upload Tool 1v7 ================================================= Relatório | BHOs, Winlogon Notify e AppInit_DLLs ================================================= AppInit_DLLs ------------------------------------------------- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs ------------------------------------------------- Authentication Packages ------------------------------------------------- [1] msv1_0 [2] C:\WINDOWS\system32\ursrr.dll ------------------------------------------------- Security Providers ------------------------------------------------- msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll ------------------------------------------------- Explorer Execute Hooks ------------------------------------------------- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\] ------------------------------------------------- Browser Helper Objects ------------------------------------------------- [HKLM\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\] Adobe PDF Reader Link Helper | [Indefinido] C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [HKLM\SOFTWARE\Classes\CLSID\{5CA3D70E-1895-11CF-8E15-001234567890}\] DriveLetterAccess | [Indefinido] C:\WINDOWS\system32\dla\tfswshx.dll [HKLM\SOFTWARE\Classes\CLSID\{69A87B7D-DE56-4136-9655-716BA50C19C7}\] &Google Web Accelerator Helper | Google Web Accelerator Helper C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll [HKLM\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\] SSVHelper Class | [Indefinido] C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [HKLM\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\] [Indefinido] | [Indefinido] [Indefinido] [HKLM\SOFTWARE\Classes\CLSID\{7ef83f04-1e42-489f-a241-915ff440d32b}\] [Indefinido] | {b23d044f-f519-142a-f984-24e140f38fe7} C:\WINDOWS\system32\sdgleevm.dll [HKLM\SOFTWARE\Classes\CLSID\{99F4FDB7-60C5-441E-92B1-408B8AB99C26}\] [Indefinido] | [Indefinido] C:\WINDOWS\system32\ursrr.dll [HKLM\SOFTWARE\Classes\CLSID\{CB94BE1D-F27F-4AC5-8A9C-C43A93CAC863}\] [Indefinido] | [Indefinido] C:\Program Files\Internet Explorer\hokenowa4444.dll [HKLM\SOFTWARE\Classes\CLSID\{d83d0080-d489-4405-a5a6-fd944a52759a}\] [Indefinido] | [Indefinido] C:\WINDOWS\system32\diqdwbo.dll [HKLM\SOFTWARE\Classes\CLSID\{F3BE9629-376E-4DA8-BFA3-7E38ABF03CBB}\] [Indefinido] | [Indefinido] C:\Program Files\Internet Explorer\hokenowa83122.dll ------------------------------------------------- Winlogon Notify ------------------------------------------------- [Padrão] crypt32chain : crypt32.dll [Padrão] cryptnet : cryptnet.dll [Padrão] cscdll : cscdll.dll [Padrão] igfxcui : igfxdev.dll [Padrão] IntelWireless : C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [Padrão] ScCertProp : wlnotify.dll [Padrão] Schedule : wlnotify.dll [Padrão] sclgntfy : sclgntfy.dll [Padrão] SensLogn : WlNotify.dll [Padrão] termsrv : wlnotify.dll [Nova] WgaLogon : WgaLogon.dll [Padrão] wlballoon : wlnotify.dll Esta NÃO É uma lista de arquivos maliciosos! Thanks for your help with this, I hope this information will assist you in helping me! |
|
|
|
|
Nov 22 2007, 05:47 PM
Post
#6
|
|
|
Portuguese Malware Fighter Group: HJT Team Posts: 1,374 Joined: 5-April 07 From: Portugal Member No.: 122,277 |
Hello,
I see you have two antiviruses - specifically avast! and BitDefender 2008 - I do not recommend that you have more than one antivirus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other antivirus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened; again this is the resident/automatic protection. In general terms, the two programs may conflict and cause: 1) False alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 2) System performance problems: Your system may lock up due to both products attempting to access the same file at the same time. Also i see you have Viewpoint. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision. QUOTE To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously. Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware. I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player). Please uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove. My Way Search Assistant Viewpoint Media Player < Your choice And please remove either avast! or BitDefender 2008 Reboot normally and post a new HijackThis log. Regards, -------------------- Please do not PM me asking for support. Please be courteous, polite, and say thank you. Please post the final results, good or bad. We like to know! |
|
|
|
|
Nov 23 2007, 01:25 AM
Post
#7
|
|
|
New Member Group: Members Posts: 11 Joined: 12-November 07 Member No.: 169,275 |
Both programs did show up on the list in add remove programs. I was able to remove viewpoint, but every time I select My Way Search Assistant. It gives me this error "Error loading C:\PROGRA~\MyWaySA\SrchAsDe\1.bin\desrcas.dll" I did find a MyWaySA folder in program files, and it was empty so I deleted it. I removed Bitdefender. and here is the new HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:24:26 PM, on 11/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: {b23d044f-f519-142a-f984-24e140f38fe7} - {7ef83f04-1e42-489f-a241-915ff440d32b} - C:\WINDOWS\system32\sdgleevm.dll O2 - BHO: (no name) - {99F4FDB7-60C5-441E-92B1-408B8AB99C26} - C:\WINDOWS\system32\ursrr.dll (file missing) O2 - BHO: (no name) - {CB94BE1D-F27F-4AC5-8A9C-C43A93CAC863} - C:\Program Files\Internet Explorer\hokenowa4444.dll (file missing) O2 - BHO: (no name) - {d83d0080-d489-4405-a5a6-fd944a52759a} - C:\WINDOWS\system32\diqdwbo.dll (file missing) O2 - BHO: (no name) - {F3BE9629-376E-4DA8-BFA3-7E38ABF03CBB} - C:\Program Files\Internet Explorer\hokenowa83122.dll (file missing) O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {DABFA9AD-4E31-43F4-9D60-4CDD20F57F28} (PhotomaxUploader.ActiveXControl) - http://photomax.com/web/PhotomaxUploader.CAB O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} (Quantum Streaming IE VersionManager Class) - http://qmedia.xlontech.net/100170/sdk/late...2ie06041001.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe -- End of file - 5983 bytes Thanks for your help!! |
|
|
|
|
Nov 23 2007, 01:53 PM
Post
#8
|
|
|
Portuguese Malware Fighter Group: HJT Team Posts: 1,374 Joined: 5-April 07 From: Portugal Member No.: 122,277 |
Hi,
Download ComboFix from Here or Here to your Desktop.
Regards, -------------------- Please do not PM me asking for support. Please be courteous, polite, and say thank you. Please post the final results, good or bad. We like to know! |
|
|
|
|
Nov 23 2007, 03:57 PM
Post
#9
|
|
|
New Member Group: Members Posts: 11 Joined: 12-November 07 Member No.: 169,275 |
combofix log: ComboFix 07-11-19.3 - Jeremy 2007-11-23 13:42:12.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.626 [GMT -7:00] Running from: C:\Documents and Settings\Jeremy\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator.LAPTOP\Desktop\Live Safety Center.lnk C:\Documents and Settings\Administrator.LAPTOP\Desktop\Online Security Guide.lnk C:\Documents and Settings\Administrator.LAPTOP\Favorites\Online Security Guide.lnk C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk C:\Documents and Settings\Jeremy\Application Data\DriveCleaner Freeware C:\Documents and Settings\Jeremy\Application Data\DriveCleaner Freeware\Logs\update.log C:\Documents and Settings\Jeremy\Favorites\Online Security Guide.lnk C:\Documents and Settings\Jeremy\ResErrors.log C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\temp\tn3 C:\WINDOWS\cookies.ini C:\WINDOWS\Downloaded Program Files\Temp C:\WINDOWS\system32\a1 C:\WINDOWS\system32\a13 C:\WINDOWS\system32\bszip.dll C:\WINDOWS\system32\e2 C:\WINDOWS\system32\g1 C:\WINDOWS\system32\g2 C:\WINDOWS\system32\i8 C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\r2 C:\WINDOWS\system32\v8 C:\WINDOWS\system32\x22 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CORE -------\LEGACY_DOMAINSERVICE -------\LEGACY_FMTR -------\LEGACY_NETWORK_MONITOR ((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 ))))))))))))))))))))))))))))))) . 2007-11-22 23:10 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2007-11-21 13:49 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-11-21 13:49 5,387 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log 2007-11-21 13:48 <DIR> d-------- C:\Program Files\Common Files\Java 2007-11-21 10:45 <DIR> d-------- C:\VundoFix Backups 2007-11-18 01:00 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-11-18 00:59 <DIR> d-------- C:\Program Files\NBC Direct 2007-11-18 00:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ExtendMedia 2007-11-18 00:58 <DIR> d-------- C:\Program Files\OpenCASE 2007-11-18 00:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-15 13:32 <DIR> d-------- C:\Program Files\Common Files\BitDefender 2007-11-14 23:01 <DIR> d-------- C:\Program Files\Alwil Software 2007-11-14 18:02 <DIR> d-------- C:\Documents and Settings\Administrator.LAPTOP\Application Data\eAcceleration 2007-11-14 16:02 <DIR> d-------- C:\Documents and Settings\Administrator.LAPTOP\.housecall6.6 2007-11-12 10:45 <DIR> d-------- C:\Program Files\Trend Micro 2007-11-10 08:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-10 07:34 1,252 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-10 07:34 0 --a------ C:\WINDOWS\system32\tmp.txt 2007-11-10 07:33 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-11-10 07:33 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-11-10 07:33 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-11-10 07:30 585,376 --ahs---- C:\WINDOWS\system32\ygxiuydt.ini 2007-11-10 07:30 85,056 --a------ C:\WINDOWS\system32\tdyuixgy.dll 2007-11-10 07:27 81,472 --a------ C:\WINDOWS\system32\jkrxobml.dll 2007-11-09 19:49 585,196 --ahs---- C:\WINDOWS\system32\eusapmwh.ini 2007-11-08 19:24 <DIR> d-------- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Lavasoft 2007-11-08 19:20 <DIR> d-------- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Symantec 2007-11-08 19:20 <DIR> d-------- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Jasc Software Inc 2007-11-08 19:20 <DIR> d-------- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Intel 2007-11-08 19:20 <DIR> d--h----- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Gtek 2007-11-07 09:08 294 --ahs---- C:\WINDOWS\system32\dirivtkv.ini 2007-11-05 22:52 565,365 --ahs---- C:\WINDOWS\system32\egccylyo.ini 2007-11-05 22:19 565,296 --ahs---- C:\WINDOWS\system32\wqnfbhly.ini 2007-11-05 10:15 3,914 --a------ C:\WINDOWS\system32\plxhgsfd.dll 2007-11-04 10:12 <DIR> d-------- C:\Program Files\Norton 360 2007-11-04 09:43 577,474 --ahs---- C:\WINDOWS\system32\fiqeogjp.ini 2007-11-03 12:13 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-11-02 22:57 <DIR> d-------- C:\Temp\mZOr 2007-11-02 22:57 577,052 --ahs---- C:\WINDOWS\system32\iycksxpj.ini 2007-11-01 21:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft 2007-11-01 21:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel 2007-11-01 21:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek 2007-11-01 21:14 143 --a------ C:\WINDOWS\system32\mcrh.tmp 2007-10-30 17:43 <DIR> d-------- C:\WINDOWS\system32\Mz02r . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-21 20:49 --------- d-----w C:\Program Files\Java 2007-11-12 20:46 --------- d-----w C:\Program Files\Google 2007-11-10 14:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-11-09 19:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-11-04 21:57 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\Symantec 2007-11-03 20:24 --------- d-----w C:\Program Files\CASHFLOW 202 2007-10-31 04:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-20 17:41 --------- d-----w C:\Program Files\CandleWorks 2007-10-13 08:16 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\U3 2007-10-06 16:06 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\Move Networks 2007-10-03 03:52 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-03 03:52 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\InterTrust 2007-09-23 17:26 --------- d-----r C:\Documents and Settings\Jeremy\Application Data\Brother . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7ef83f04-1e42-489f-a241-915ff440d32b}] 2007-11-10 07:41 81472 --a------ C:\WINDOWS\system32\sdgleevm.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99F4FDB7-60C5-441E-92B1-408B8AB99C26}] C:\WINDOWS\system32\ursrr.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB94BE1D-F27F-4AC5-8A9C-C43A93CAC863}] C:\Program Files\Internet Explorer\hokenowa4444.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d83d0080-d |