Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Symantec Email Proxy


  • Please log in to reply
11 replies to this topic

#1 barbyny

barbyny

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 31 August 2007 - 10:32 AM

I have thousands of pop-up windows that open up in my PC after 10 min ca I use my PC. The title of the window is Symantec Email Proxy and the test said that my email (that in reality I didn't send) to a certaind yahoo address was unable to be sent because the connection to my mail server rejected the sender....
this is what I copied from the hijachhis Notepad as instructed by you.
Please help me!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:48 PM, on 8/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\DOCUME~1\BARBAR~1\LOCALS~1\Temp\svchost.exe
C:\WINDOWS\winlogon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Norton AntiVirus\OPScan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\BARBAR~1\LOCALS~1\Temp\svchost.exe 1
O4 - HKLM\..\Run: [nvchost] C:\WINDOWS\winlogon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\MSOffice\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm399YYTW
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MSOffice\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Peggle/Images/stg_drm.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Super%20Collapse%203/Images/armhelper.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {F6676623-8BBD-479C-A51B-05868728708C} (DigitalDM) - http://www.leonardotravelebooks.com/ebooks/DIGITALDM2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 13264 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 31 August 2007 - 02:09 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum barbyny
My name is Richie and i'll be helping you to fix your problems.

Click on Start/Control Panel/Add or Remove Programs and remove/uninstall the following if present,then restart your pc:
RXToolBar
MyWebSearch


Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

Please then reboot your computer into Safe Mode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 barbyny

barbyny
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 01 September 2007 - 10:25 AM

Thanks RickieUK.
I removed MyWebsearch (and I didn't have RXToolbar).
Please note that when Combofix was writing the report Norton Antivirus wanted to block it but I have allowed it... Don't know if this is normal and if the result is correct.

Have a look:

SDFix[/u]

SDFix: Version 1.101

Run by Barbara Maneschi on Sat 09/01/2007 at 07:49 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\DOCUME~1\BARBAR~1\LOCALS~1\Temp\svchost.exe - Deleted
C:\WINDOWS\winlogon.exe - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Disabled:eMule Plus"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Office Pro Temp\MSDE2000\SQLRESLD.DLL
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Barbara Maneschi\Application Data\Microsoft\Office\Shortcut Bar\Pro17.tmp

Finished

Combofix:

ComboFix 07-08-30.3 - "Barbara Maneschi" 2007-09-01 20:10:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.87 [GMT 8:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\BARBAR~1\APPLIC~1\macromedia\Flash Player\#SharedObjects\K65PNNFP\www.broadcaster.com
C:\DOCUME~1\BARBAR~1\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((( Files Created from 2007-08-01 to 2007-09-01 )))))))))))))))))))))))))))))))


2007-09-01 20:09 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-01 19:48 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-31 23:21 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-31 19:54 <DIR> d----c--- C:\VundoFix Backups
2007-08-30 19:31 <DIR> d-------- C:\Program Files\Turtle Odyssey 2
2007-08-30 19:26 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-08-26 20:30 <DIR> d-------- C:\Program Files\Ice Age
2007-08-26 19:30 <DIR> d-------- C:\Program Files\Yumsters
2007-08-26 19:08 <DIR> d-------- C:\Program Files\Butterfly Escape
2007-08-26 12:20 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FireGlow
2007-08-26 11:38 <DIR> d-------- C:\Program Files\Realore
2007-08-25 21:38 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Genimo
2007-08-25 21:32 <DIR> d-------- C:\DOCUME~1\BARBAR~1\APPLIC~1\Genimo
2007-08-24 20:05 <DIR> d-------- C:\Program Files\Magic Tea
2007-08-24 20:00 <DIR> d-------- C:\Program Files\Plumeboom The First Chapter
2007-08-24 19:43 <DIR> d-------- C:\Program Files\Incadia
2007-08-22 23:20 <DIR> d-------- C:\DOCUME~1\BARBAR~1\APPLIC~1\Skype
2007-08-22 23:18 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-08-21 20:30 <DIR> d-------- C:\Program Files\Alawar
2007-08-20 23:10 <DIR> d-------- C:\Program Files\Feeding Frenzy
2007-08-20 19:40 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-20 19:24 3,718 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-20 19:15 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-20 19:15 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-20 19:15 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-19 13:20 <DIR> d-------- C:\Program Files\GameHouse
2007-08-19 13:10 <DIR> d----c--- C:\DOCUME~1\Owner\APPLIC~1\Symantec
2007-08-19 13:06 <DIR> d-------- C:\Program Files\SymNetDrv
2007-08-19 04:57 <DIR> d-------- C:\DOCUME~1\BARBAR~1\APPLIC~1\ContraVirus AntiSpam
2007-08-18 20:37 <DIR> d-------- C:\Program Files\BreakOut
2007-08-18 13:01 <DIR> d-------- C:\Program Files\ColorBubble
2007-08-18 12:55 <DIR> d-------- C:\Program Files\BlackysFollies
2007-08-18 12:53 <DIR> d----c--- C:\Test
2007-08-17 23:02 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-08-16 20:07 <DIR> d-------- C:\Program Files\2M Games
2007-08-13 13:25 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\EA
2007-08-13 13:25 <DIR> d-------- C:\DOCUME~1\BARBAR~1\APPLIC~1\EA
2007-08-06 14:56 45,176 --a------ C:\DOCUME~1\BARBAR~1\APPLIC~1\GDIPFONTCACHEV1.DAT


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-31 19:44 --------- d-------- C:\Program Files\Norton AntiVirus
2007-08-24 19:55 --------- d-a--c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-22 23:19 --------- d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-08-22 23:19 --------- d-------- C:\Program Files\Skype
2007-08-22 19:25 --------- d-------- C:\Program Files\Google
2007-08-19 13:07 --------- d-------- C:\Program Files\Symantec
2007-08-19 13:06 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-18 23:35 --------- d-------- C:\Program Files\Oberon Media
2007-08-17 23:11 --------- d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-08-17 23:11 --------- d-------- C:\Program Files\Common Files\AOL
2007-08-17 23:11 --------- d-------- C:\DOCUME~1\BARBAR~1\APPLIC~1\AOL
2007-08-14 23:18 --------- d-------- C:\Program Files\Sky Games
2007-08-07 05:13 --------- d-------- C:\Program Files\FinePixViewer
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-28 04:44 --------- d-------- C:\Program Files\MagicISO
2007-07-20 00:57 267112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-07-20 00:54 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-07-19 18:14 444776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-07-19 18:14 3727720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-07-19 18:14 1358192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-07-11 23:35 --------- d-------- C:\Program Files\BFG
2007-07-11 19:44 --------- d-------- C:\Program Files\Zuma Deluxe
2007-07-09 23:23 --------- d-------- C:\Program Files\BurgerRush_at
2007-07-09 23:12 --------- d-------- C:\Program Files\MSN Games
2007-07-07 13:32 --------- d-------- C:\DOCUME~1\BARBAR~1\APPLIC~1\SpinTop
2007-07-05 23:09 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-03 19:55 --------- d-------- C:\Program Files\ReflexiveArcade
2007-07-01 20:16 --------- d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
2007-06-26 14:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-20 20:46 266088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-06-19 21:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 18:23 1033216 --a------ C:\WINDOWS\explorer.exe
2004-03-21 16:06 9757200 --a--c--- C:\DOCUME~1\monjia\Moraff's MahJongg.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
C:\Program Files\RXToolBar\sfcont.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-06-14 20:00]
"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2004-08-20 09:14]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-03-15 11:17]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-07-20 17:04]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-22 12:10]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-27 06:43]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 06:00 C:\WINDOWS\agrsmmsg.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-31 07:46]
"EzButton"="C:\Program Files\EzButton\EzButton.EXE" [2004-05-15 01:29]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-04 05:47]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-11-10 21:30]
"NDSTray.exe"="NDSTray.exe" []
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2003-10-21 00:39]
"Notebook Maximizer"="C:\Program Files\Notebook Maximizer\maximizer_startup.exe" [2004-05-26 05:35]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-05 04:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-08-19 13:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 18:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"InstDlg"="" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 06:29]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 03:45]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"IETI"=C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

C:\DOCUME~1\BARBAR~1\STARTM~1\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-12 12:57:52]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVD Region-Free\DVDShell.dll [2002-12-11 21:52 40960]

R1 SrvcEKIOMngr;SrvcEKIOMngr;C:\WINDOWS\system32\Drivers\EKIoMngr.sys
R1 SrvcEPECioctl;SrvcEPECioctl;C:\WINDOWS\system32\Drivers\ECioctl.sys
R1 SrvcEPIOMngr;SrvcEPIOMngr;C:\WINDOWS\system32\Drivers\EPIoMngr.sys
R1 SrvcSSIOMngr;SrvcSSIOMngr;C:\WINDOWS\system32\Drivers\SSIoMngr.sys
R1 SrvcTPIOMngr;SrvcTPIOMngr;C:\WINDOWS\system32\Drivers\TPIoMngr.sys
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys
R3 EPOWER;Compal E-POWER Driver;C:\WINDOWS\system32\Drivers\hkdrv.sys
S3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
S3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
S3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys


Contents of the 'Scheduled Tasks' folder
2007-08-03 09:21:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-31 12:00:49 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Barbara Maneschi.job - c:\PROGRA~1\NORTON~1\Navw32.exe
2005-01-25 11:48:43 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
2007-09-01 11:08:23 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D7905693-088A-43C0-B7DE-752B36C21C2C}.job - C:\WINDOWS\system32\msfeedssync.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-01 20:17:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-01 20:23:28 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-01 20:23

--- E O F ---
Hijackthis 2nd:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:49 PM, on 9/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\MSOffice\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm399YYTW
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MSOffice\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Peggle/Images/stg_drm.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Super%20Collapse%203/Images/armhelper.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {F6676623-8BBD-479C-A51B-05868728708C} (DigitalDM) - http://www.leonardotravelebooks.com/ebooks/DIGITALDM2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 12034 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 01 September 2007 - 11:02 AM

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.


Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm399YYTW
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

Exit Hijackthis.

Find and delete if present:
C:\Program Files\RXToolBar
C:\WINDOWS\Downloaded Program Files\SbCIe028.dll

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#5 barbyny

barbyny
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 04 September 2007 - 06:48 AM

RickieUK,
It took me a while to follow all the process but here are my results.
I have to inform you that I scanned with SUPER ANti Spyware twice because the 1st time I realized that I run it without fixing the following with Hijack:

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm399YYTW
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

Please note that I did not have the following:

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll

I copy here the reports of SUPER ANti Spyware before fixing:

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm399YYTW
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/03/2007 at 00:12 AM

Application Version : 3.9.1008

Core Rules Database Version : 3298
Trace Rules Database Version: 1306

Scan type : Quick Scan
Total Scan Time : 00:41:59

Memory items scanned : 521
Memory threats detected : 0
Registry items scanned : 1003
Registry threats detected : 33
File items scanned : 16248
File threats detected : 70

Adware.RX Toolbar
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}
HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}
HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}
HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\InprocServer32
HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\InprocServer32#ThreadingModel
HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\ProgID
HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\VersionIndependentProgID
C:\PROGRAM FILES\RXTOOLBAR\SFCONT.DLL

Adware.SideStep Toolbar
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D714A94F-123A-45CC-8F03-040BCAF82AD6}
HKCR\CLSID\{D714A94F-123A-45CC-8F03-040BCAF82AD6}
HKCR\CLSID\{D714A94F-123A-45CC-8F03-040BCAF82AD6}
HKCR\CLSID\{D714A94F-123A-45CC-8F03-040BCAF82AD6}\InprocServer32
HKCR\CLSID\{D714A94F-123A-45CC-8F03-040BCAF82AD6}\InprocServer32#ThreadingModel
C:\WINDOWS\DOWNLOADED PROGRAM FILES\SBCIE028.DLL
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}
HKCR\CLSID\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}
HKCR\CLSID\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}
HKCR\CLSID\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}\Implemented Categories
HKCR\CLSID\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}\InprocServer32
HKCR\CLSID\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}\InprocServer32#ThreadingModel
HKU\S-1-5-21-2831879080-3037031003-3830739219-1006\Software\Microsoft\Internet Explorer\Explorer Bars\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}

Adware.Tracking Cookie
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@tacoda[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@ehg-morningstar.hitbox[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@shinystat[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@statcounter[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@ad1.emediate[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@keywordmax[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@tradedoubler[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@doubleclick[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@questionmarket[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@adserver.matchcraft[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@burstnet[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@ad.yieldmanager[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@msnportal.112.2o7[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@www.googleadservices[3].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@www.gamesbanner[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@adv.alice[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@bs.serving-sys[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@revsci[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@ads.arcuspubblicita[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@revenue[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@asw.valueclick[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@zedo[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@adv.borse[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@overture[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@ads.planetactive[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@smileycentral[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@saletrack.co[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@ad.uk.tangozebra[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@ads.pointroll[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@mywebsearch[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@atdmt[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@precisionclick[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@tribalfusion[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@adtech[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@mediaplex[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@advertising[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@azjmp[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@realmedia[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@adv.manuali[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@imrworldwide[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@www.googleadservices[6].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@valueclick[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@www.belstat[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@adv.ilbanner[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@estat[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@indextools[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@hitbox[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@www.googleadservices[4].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@focalex[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@www.googleadservices[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@anad.tacoda[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@ad.uk.tangozebra[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@pro-market[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@www.googleadservices[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@amlocalhost.trymedia[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@casalemedia[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@adopt.euroclick[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@adserver.ikiweb[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@serving-sys[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@pandasoftware.112.2o7[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@adinterax[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@fastclick[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@msnportalbeetoffice2007.112.2o7[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@ads.adsag[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@maxserving[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@2o7[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@ads.gamesbannernet[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@www.burstnet[1].txt

Unclassified.Unknown Origin
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32#ThreadingModel
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\KeyPhrasesFileName
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ProgID
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\VersionIndependentProgID

Malware.AdProtect
HKCR\CLSID\{99A753C6-E429-46BD-989E-DD4A21CD059D}
HKCR\CLSID\{99A753C6-E429-46BD-989E-DD4A21CD059D}#AppID
HKCR\CLSID\{99A753C6-E429-46BD-989E-DD4A21CD059D}\InprocServer32
HKCR\CLSID\{99A753C6-E429-46BD-989E-DD4A21CD059D}\InprocServer32#ThreadingModel
HKCR\CLSID\{99A753C6-E429-46BD-989E-DD4A21CD059D}\ProgID
HKCR\CLSID\{99A753C6-E429-46BD-989E-DD4A21CD059D}\TypeLib
HKCR\CLSID\{99A753C6-E429-46BD-989E-DD4A21CD059D}\VersionIndependentProgID

and the report after fixing:

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm399YYTW
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/04/2007 at 00:14 AM

Application Version : 3.9.1008

Core Rules Database Version : 3298
Trace Rules Database Version: 1306

Scan type : Complete Scan
Total Scan Time : 01:18:06

Memory items scanned : 506
Memory threats detected : 0
Registry items scanned : 5972
Registry threats detected : 0
File items scanned : 31226
File threats detected : 12

Adware.Tracking Cookie
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@doubleclick[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@msnportal.112.2o7[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@ad.yieldmanager[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@bs.serving-sys[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@atdmt[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@mediaplex[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@clickbank[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@122.2o7[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@statse.webtrendslive[2].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@roiservice[1].txt
C:\Documents and Settings\Barbara Maneschi\Cookies\barbara_maneschi@serving-sys[2].txt

Adware.PointsManager-Uninstaller
C:\PROGRAM FILES\ALTNET\DOWNLOAD MANAGER\ALTNETUNINSTALL.EXE


Finally I enclose the last Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:21 PM, on 9/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe


Hope everything is fine now! Let me know if you see anything else or you have any suggestions to avoid such kind of trouble in the future.
Thanks,
Barbara

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 04 September 2007 - 08:25 AM

Barbara,could you post a new Hijackthis log,you've only posted half of it :thumbsup:
Posted Image
Posted Image

#7 barbyny

barbyny
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 04 September 2007 - 10:07 AM

OPS! Sorry about that :thumbsup:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:44 PM, on 9/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\MSOffice\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MSOffice\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Peggle/Images/stg_drm.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Super%20Collapse%203/Images/armhelper.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {F6676623-8BBD-479C-A51B-05868728708C} (DigitalDM) - http://www.leonardotravelebooks.com/ebooks/DIGITALDM2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 11418 bytes

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 04 September 2007 - 10:18 AM

Find and delete:
SDFix.exe
Combofix.exe

C:\Qoobox
C:\SDFix
C:\VundoFix Backups

Download and install CCleaner:
http://www.ccleaner.com/download/builds/downloading-slim

Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
*Note*
Do not use the Issues block to clean anything with this program.
It is for experts only and it is risky.

Select Cleaner Settings.
Check Internet Explorer, Windows Explorer, and System so that all items are checked.
In the Advanced section,have a check only on Old PreFetch Data.

Click on the Options block on the left.
Select Advanced.
Uncheck "Only delete files in Windows Temp folders older than 48 hours".

Set Cookie Retention.
Click on the Options block on the left, then choose Cookies.
Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.

Run Cleaning Scan.
Click on the Cleaner block on the left.
Choose the Windows tab.
Click the Run Cleaner button.
This process could take a while.
When CCleaner shows how much has been removed,cleaning is finished.

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Edited by RichieUK, 12 September 2007 - 11:36 AM.

Posted Image
Posted Image

#9 barbyny

barbyny
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 12 September 2007 - 09:57 AM

JakieUK is getting worst and worst.
I did everything includund the CCleaner but the problem still persist.
In addition to the usual Symatec problem i face the following:
- my PC is slower
- I often get a Explorer error report message that Explorer needs to shut down when I am connected to internet
- when I turn on my computer I have a pop up window that says that Norton Antivirus is sut down and my computer may be at risk.

I attached once again the report of HiackThis after I scanned the computer with CCcleaner... don't know if this can help.

Thanks,

Barbara

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 12 September 2007 - 11:42 AM

If you have the installation disk for Norton Antivirus,try uninstalling it via Add or Remove Programs,restart your pc,then reinstall the program.
Posted Image
Posted Image

#11 barbyny

barbyny
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 13 September 2007 - 06:40 AM

what if I don't have it ?

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 13 September 2007 - 06:56 AM

If you don't have the install disk,its either a case of borrowing the correct install disk off a friend or relative if you can,then uninstall/reinstall Norton Antivirus.Make sure you save your product key before uninstallation.

The other way is to uninstall NAV,then go for another product,here are a few freeware options below:

AVG7 Free Edition Antivirus:
http://free.grisoft.com/softw/70free/setup...ree_446a965.exe

Avast! 4 Home Edition:
http://files.avast.com/iavs4pro/setupeng.exe

Avira AntiVir Personal Edition Classic
http://www.free-av.com/

If you decide to go with the latter,download your freeware choice,disconnect from the internet,uninstall Norton,then install your free antivirus.

*Note*
I'm not saying this will completely solve your issue,its up to you wether you try it or not.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users