 Scans Clean But Still Unable To Download Or Surf With Ease |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jun 19 2008, 07:08 PM
Post
#1
|
|
 New Member  Group: Members Posts: 12 Joined: 16-June 08 Member No.: 216,620  |
 Deckard's System Scanner v20071014.68 Run by Owner on 2008-06-21 11:52:29 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:52:35 AM, on 6/21/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\WINDOWS\zHotkey.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\Desktop\dss.exe C:\PROGRA~1\HIJACK~1\Owner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1213681629\EE\AOLHostManager.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 6757 bytes -- Files created between 2008-05-21 and 2008-06-21 ----------------------------- 2008-06-20 21:11:04 0 d-------- C:\WINDOWS\Sun 2008-06-20 18:42:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun 2008-06-20 05:41:50 0 d-------- C:\Program Files\Guild Wars 2008-06-19 20:59:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-06-19 20:47:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-06-19 20:47:35 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-06-19 20:47:35 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com 2008-06-19 20:46:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-18 21:30:37 0 d-------- C:\WINDOWS\network diagnostic 2008-06-18 20:56:29 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes 2008-06-18 20:56:27 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-18 20:56:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-17 22:07:56 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-06-17 21:57:47 0 d-------- C:\Program Files\MSXML 4.0 2008-06-17 21:44:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec 2008-06-17 21:42:24 0 d-------- C:\Program Files\Windows Sidebar 2008-06-17 21:41:31 0 d-------- C:\Program Files\Norton Internet Security 2008-06-17 21:39:41 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-06-17 21:23:48 0 d-------- C:\WINDOWS\system32\PreInstall 2008-06-17 01:17:50 0 d-------- C:\WINDOWS\system32\appmgmt 2008-06-17 01:08:28 0 d-------- C:\Documents and Settings\Owner\WINDOWS 2008-06-17 01:08:28 0 d--h----- C:\Documents and Settings\Owner\Templates 2008-06-17 01:08:28 0 dr------- C:\Documents and Settings\Owner\Start Menu 2008-06-17 01:08:28 0 dr-h----- C:\Documents and Settings\Owner\SendTo 2008-06-17 01:08:28 0 dr-h----- C:\Documents and Settings\Owner\Recent 2008-06-17 01:08:28 0 d--h----- C:\Documents and Settings\Owner\PrintHood 2008-06-17 01:08:28 1310720 --ah----- C:\Documents and Settings\Owner\NTUSER.DAT 2008-06-17 01:08:28 0 d--h----- C:\Documents and Settings\Owner\NetHood 2008-06-17 01:08:28 0 dr------- C:\Documents and Settings\Owner\My Documents 2008-06-17 01:08:28 0 d--h----- C:\Documents and Settings\Owner\Local Settings 2008-06-17 01:08:28 0 dr------- C:\Documents and Settings\Owner\Favorites 2008-06-17 01:08:28 0 d-------- C:\Documents and Settings\Owner\Desktop 2008-06-17 01:08:28 0 d--hs---- C:\Documents and Settings\Owner\Cookies 2008-06-17 01:08:28 0 dr-h----- C:\Documents and Settings\Owner\Application Data 2008-06-17 01:08:28 0 d-------- C:\Documents and Settings\Owner\Application Data\You've Got Pictures Screensaver 2008-06-17 01:08:28 0 d-------- C:\Documents and Settings\Owner\Application Data\SampleView 2008-06-17 01:08:28 0 d-------- C:\Documents and Settings\Owner\Application Data\McAfee 2008-06-17 01:08:28 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities 2008-06-17 01:07:49 0 d-------- C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver 2008-06-17 01:07:49 0 d-------- C:\Documents and Settings\Default User\Application Data\SampleView 2008-06-17 01:07:49 0 d-------- C:\Documents and Settings\Default User\Application Data\McAfee 2008-06-17 01:05:23 0 d-------- C:\WINDOWS\system32\SoftwareDistribution 2008-06-17 00:52:59 0 d--h----- C:\WINDOWS\$hf_mig$ 2008-06-17 00:50:55 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2008-06-17 00:50:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\McAfee 2008-06-17 00:50:47 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com 2008-06-17 00:50:30 0 d-------- C:\WINDOWS\RegisteredPackages 2008-06-17 00:50:23 67072 --a------ C:\WINDOWS\POWERCFG.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2008-06-17 00:50:08 0 d-------- C:\Program Files\CyberLink 2008-06-17 00:49:52 0 d-------- C:\Program Files\Common Files\Adobe 2008-06-17 00:49:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2008-06-17 00:49:28 0 d-------- C:\Program Files\MSN Encarta Plus 2008-06-17 00:48:45 0 d-------- C:\Program Files\Microsoft Money 2005 2008-06-17 00:48:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver 2008-06-17 00:48:31 0 d-------- C:\Program Files\Common Files\Nullsoft 2008-06-17 00:48:18 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3> 2008-06-17 00:48:13 0 d-------- C:\WINDOWS\system32\QuickTime 2008-06-17 00:48:13 0 d-------- C:\Program Files\QuickTime 2008-06-17 00:48:13 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime 2008-06-17 00:48:08 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver> 2008-06-17 00:48:08 0 d-------- C:\My Music 2008-06-17 00:48:03 0 d-------- C:\Program Files\Real 2008-06-17 00:48:02 0 d-------- C:\Program Files\Common Files\Real 2008-06-17 00:47:53 102400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll <Not Verified; 4Developers LLC; SimpleRegistry Control> 2008-06-17 00:47:53 10752 --a------ C:\WINDOWS\system32\aamd532.dll <Not Verified; Almeida & Andrade Ltda; MD5 Maker DLL> 2008-06-17 00:47:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-06-17 00:47:48 0 d-------- C:\Program Files\Viewpoint 2008-06-17 00:47:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks 2008-06-17 00:47:44 0 d-------- C:\Program Files\Pure Networks 2008-06-17 00:47:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView 2008-06-17 00:47:07 0 d-------- C:\Program Files\Common Files\aolshare 2008-06-17 00:47:07 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL 2008-06-17 00:47:00 335 --a------ C:\WINDOWS\nsreg.dat 2008-06-17 00:47:00 0 d-------- C:\Program Files\Common Files\AOL 2008-06-17 00:46:13 40960 --a------ C:\WINDOWS\system32\ChCfg.exe 2008-06-17 00:46:11 294912 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool> 2008-06-17 00:46:11 200704 --a------ C:\WINDOWS\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing driver Tool> 2008-06-17 00:46:08 192512 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library> 2008-06-17 00:46:00 0 d-------- C:\Program Files\Common Files\Roxio Shared 2008-06-17 00:45:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Napster 2008-06-17 00:45:46 0 d-------- C:\Program Files\Napster 2008-06-17 00:45:42 20480 --a------ C:\WINDOWS\system32\Marker32.exe <Not Verified; Gateway; Marker32> 2008-06-17 00:45:32 543232 --a------ C:\WINDOWS\zHotkey.exe <Not Verified; ; Multimedia Keyboard Driver> 2008-06-17 00:45:32 532544 --a------ C:\WINDOWS\PIC.dll 2008-06-17 00:45:32 3927 --a------ C:\WINDOWS\mHotkey.reg 2008-06-17 00:45:32 24576 --a------ C:\WINDOWS\HKNTDLL.dll 2008-06-17 00:44:36 0 d-------- C:\Program Files\Java 2008-06-17 00:44:36 0 d-------- C:\Program Files\Common Files\Java 2008-06-17 00:44:15 471300 --a------ C:\WINDOWS\wallpe.exe <Not Verified; ; wallpe> 2008-06-17 00:42:15 0 d-------- C:\Documents and Settings\Default User\WINDOWS 2008-06-17 00:42:10 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT 2008-06-17 00:41:41 0 d-------- C:\Program Files\Microsoft ActiveSync 2008-06-17 00:41:28 0 d-------- C:\WINDOWS\SHELLNEW 2008-06-17 00:41:10 0 d-------- C:\Program Files\Microsoft.NET 2008-06-17 00:40:48 0 dr-h----- C:\MSOCache 2008-06-17 00:40:32 0 d-------- C:\WINDOWS\system32\ReinstallBackups 2008-06-17 00:40:23 0 d-------- C:\Program Files\ATI Technologies 2008-06-17 00:34:36 0 d-------- C:\Program Files\Google 2008-06-17 00:34:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-06-17 00:34:24 0 d-------- C:\Program Files\Symantec 2008-06-17 00:34:07 18000 --a------ C:\WINDOWS\BigFixClientOverride.dll <Not Verified; BigFix, Inc.; BigFix> 2008-06-17 00:34:07 0 d-------- C:\Program Files\BigFix 2008-06-17 00:33:53 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-06-17 00:33:09 0 d-------- C:\Program Files\Digital Media Reader 2008-06-17 00:33:05 0 d-------- C:\WINDOWS\Downloaded Installations 2008-06-17 00:33:04 0 d-------- C:\Program Files\Common Files\InstallShield 2008-06-17 00:32:56 76288 -ra------ C:\WINDOWS\system32\PUBOLE32.DLL <Not Verified; Microsoft Corporation; Microsoft Publisher for Windows> 2008-06-17 00:32:56 212480 -ra------ C:\WINDOWS\system32\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit> 2008-06-17 00:32:56 37888 -ra------ C:\WINDOWS\system32\ochlp30e.dll <Not Verified; Microsoft Corporation; Microsoft Multimedia Controls> 2008-06-17 00:32:56 82432 --a------ C:\WINDOWS\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1> 2008-06-17 00:32:56 91136 -ra------ C:\WINDOWS\system32\msls2.dll <Not Verified; Microsoft Corporation; Microsoft® Line Services> 2008-06-17 00:32:55 31744 -ra------ C:\WINDOWS\system32\hlp95en.dll <Not Verified; Microsoft Corporation; Microsoft Office> 2008-06-17 00:32:31 0 d-------- C:\Program Files\Microsoft Works 2008-06-17 00:30:20 2658304 -----n--- C:\WINDOWS\UNNeroBurnRights.exe <Not Verified; Nero AG; Nero WebEngine> 2008-06-17 00:30:20 90184 --a------ C:\WINDOWS\system32\NeroCo.dll <Not Verified; Ahead Software AG im Stoeckmaedle 18 76307 Karlsbad, Germany Fax: ++49-7248-911-888 e-mail: info@nero.com; Nero Burning Rom> 2008-06-17 00:29:55 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20> 2008-06-17 00:29:52 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck> 2008-06-17 00:29:52 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7> 2008-06-17 00:29:52 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7> 2008-06-17 00:29:52 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7> 2008-06-17 00:29:51 0 d-------- C:\Program Files\Common Files\Ahead 2008-06-17 00:29:51 0 d-------- C:\Program Files\Ahead 2008-06-17 00:25:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Prism Deploy 2008-06-17 00:25:43 0 d-------- C:\Program Files\Common Files\New Boundary 2008-06-17 00:23:06 0 d-------- C:\WINDOWS\system32\URTTemp 2008-06-17 00:23:00 2 -r-hs---- C:\USER 2008-06-17 00:20:30 0 d-------- C:\Program Files\CONEXANT 2008-06-17 00:18:04 0 d--hs---- C:\System Volume Information 2008-06-17 00:16:26 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT 2008-06-17 00:16:21 0 d-------- C:\WINDOWS\creator 2008-06-17 00:14:52 0 d-------- C:\WINDOWS\SMINST 2008-06-17 00:14:49 0 d-------- C:\WINDOWS\I386 -- Find3M Report --------------------------------------------------------------- 2008-06-19 20:46:35 0 d-------- C:\Program Files\Common Files 2008-06-17 22:04:34 0 d-------- C:\Program Files\Messenger 2008-06-17 00:14:49 0 d-------- C:\Program Files\Windows NT 2008-06-17 00:14:45 0 d-------- C:\Program Files\Movie Maker 2008-06-17 00:10:52 0 d-------- C:\Program Files\Windows Plus 2008-06-17 00:10:52 0 d-------- C:\Program Files\Online Services 2008-06-17 00:10:52 0 d-------- C:\Program Files\MSN Gaming Zone 2008-06-17 00:10:52 0 d-------- C:\Program Files\microsoft frontpage 2008-06-17 00:10:52 0 d-------- C:\Program Files\Common Files\SpeechEngines 2008-06-17 00:10:52 0 d-------- C:\Program Files\Common Files\ODBC 2008-06-17 00:10:52 0 d-------- C:\Program Files\Common Files\MSSoap -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] 02/06/2008 11:05 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 06/17/2008 09:42 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [02/06/2008 11:05 PM 349552] [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/10/2004 01:04 PM] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 01:50 PM] "SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [11/15/2004 05:04 PM] "@"="" [] "CHotkey"="zHotkey.exe" [05/03/2005 04:02 PM C:\WINDOWS\zHotkey.exe] "SoundMan"="SOUNDMAN.EXE" [04/15/2005 11:01 AM C:\WINDOWS\SOUNDMAN.EXE] "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [] "Reminder"="%WINDIR%\Creator\Remind_XP.exe" [] "HostManager"="C:\Program Files\Common Files\AOL\1213681629\EE\AOLHostManager.exe" [11/03/2004 04:03 PM] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 10:24 PM] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/25/2008 08:47 PM] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [02/07/2008 01:49 AM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 02:00 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 6:44:06 AM] BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [6/17/2008 12:34:07 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll *Newly Created Service* - COMHOST -- End of Deckard's System Scanner: finished at 2008-06-21 11:56:12 ------------ Was directed by Your forum to install hijack This finally was installed could not download originally here is the up to date log Kasersky (my computer and Crit scan came back clean) Sorry can not seem to find the bug Help This post has been edited by Idiot that clicked: Jun 20 2008, 04:10 PM |
 |
 
|
|
Jul 13 2008, 10:06 PM
Post
#2
|
|
 W.A.M. (Women Against Malware) Group: HJT Team Posts: 1,689 Joined: 3-January 05 From: South Carolina, USA Member No.: 8,530 |
Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new Deckard's System Scanner which includes the HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.
If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. -------------------- You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators) Malware Removal University Masters Graduate Join The Fight Against Malware  |
|
|
|
|
Jul 21 2008, 08:10 AM
Post
#3
|
|
|
W.A.M. (Women Against Malware) Group: HJT Team Posts: 1,689 Joined: 3-January 05 From: South Carolina, USA Member No.: 8,530 |
This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
-------------------- You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators) Malware Removal University Masters Graduate Join The Fight Against Malware |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 7th September 2008 - 06:35 PM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.