Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Hijack This


  • Please log in to reply
5 replies to this topic

#1 ydftball61

ydftball61

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 10 September 2007 - 04:25 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:33 PM, on 9/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\windows\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\windows\system32\wscntfy.exe
C:\windows\scvhost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Messenger\wolybi22011.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Advanced Privacy Protector\pptray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Words\Words.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: (no name) - {E3D5C38A-006F-0DC1-6BE6-5780783C0F93} - (no file)
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\2.bin\MBSRCAS.DLL
F2 - REG:system.ini: UserInit=userinit.exe,djhrnow.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [hrvkuayA] C:\WINDOWS\hrvkuayA.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [bvnbch] C:\WINDOWS\system32\cfjjcj.exe reg_run
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [wolybi] C:\Program Files\Messenger\wolybi22011.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA7356] command /c del "C:\WINDOWS\system32\kjdsrngk.exe_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC577] cmd /c del "C:\WINDOWS\system32\kjdsrngk.exe_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9310] command /c del "C:\WINDOWS\system32\dwdsrngt.exe_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8620] cmd /c del "C:\WINDOWS\system32\dwdsrngt.exe_tobedeleted_tobedeleted"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [xsuce] C:\WINDOWS\system32\cfjjcj.exe reg_run
O4 - HKCU\..\Run: [AdvPrivProt] C:\Program Files\Advanced Privacy Protector\pptray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKUS\S-1-5-18\..\Run: [Uoei] "C:\DOCUME~1\David\APPLIC~1\FNTS~1\explorer.exe" -vt ndrv (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [] C:\PROGRA~1\COMMON~1\FNTS~1\EPLORE~1.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Wrad] C:\WINDOWS\?dobe\r?gedit.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Uoei] "C:\DOCUME~1\David\APPLIC~1\FNTS~1\explorer.exe" -vt ndrv (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\kjdsrngk.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SmartLinkService (SLService) - - C:\windows\SYSTEM32\slserv.exe
O23 - Service: Stopzilla Local Service 4.4 (szserver) - Unknown owner - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Online Services\fsoxy.html

--
End of file - 9496 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 11 September 2007 - 04:47 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum ydftball61 :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.


Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

Please then reboot your computer into Safe Mode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.


Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 ydftball61

ydftball61
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 11 September 2007 - 06:11 PM

ComboFix 07-09-12.4 - "David" 2007-09-11 17:15:44.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.98 [GMT -5:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\DAVID\APPLIC~1\ASKS~1
C:\DOCUME~1\DAVID\APPLIC~1\FNTS~1
C:\DOCUME~1\DAVID\APPLIC~1\FNTS~1\explorer.exe
C:\DOCUME~1\DAVID\APPLIC~1\FNTS~1\W?nSxS\
C:\DOCUME~1\DAVID\APPLIC~1\WinTouch
C:\DOCUME~1\DAVID\MYDOCU~1\ICROSO~1.NET
C:\DOCUME~1\DAVID\MYDOCU~1\MCROSO~1.NET
C:\DOCUME~1\DAVID\MYDOCU~1\PPATCH~1
C:\DOCUME~1\DAVID\MYDOCU~1\RACLE~1
C:\DOCUME~1\DAVID\MYDOCU~1\YSTEM~1
C:\Program Files\Common Files\appatc~1
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\svchostsys
C:\Program Files\Common Files\svchostsys\svchostrun.exe
C:\Program Files\Common Files\svchostsys\svchostupdate.exe.config
C:\Program Files\Common Files\svchostsys\sysid.exe
C:\Program Files\ipwins
C:\Program Files\ipwins\pop17D.tmp
C:\Program Files\Online Services\bapu.dll
C:\Program Files\Online Services\bapu32.dll
C:\Program Files\Online Services\bapu735.dll
C:\Program Files\Online Services\fsoxy.html
C:\Program Files\racle~1
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\windows\asks~1
C:\windows\b143.exe
C:\windows\b147.exe
C:\windows\cookies.ini
C:\windows\dobe~1
C:\windows\dobe~1\r?gedit.exe
C:\windows\pf78.exe
C:\windows\pppatc~1
C:\windows\racle~1
C:\windows\sks~1
C:\windows\system32\_000006_.tmp.dll
C:\windows\system32\asks~1
C:\WINDOWS\system32\ceurscyx.ini
C:\windows\system32\f02WtR
C:\windows\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\system32\fgjlm.bak1
C:\WINDOWS\system32\fgjlm.bak2
C:\WINDOWS\system32\fgjlm.ini
C:\windows\system32\gbe90qs.exe
C:\windows\system32\mljgf.dll
C:\windows\system32\qwinkldt.exe
C:\windows\system32\sstem3~1
C:\windows\system32\stfmfqys.dll
C:\windows\system32\V1
C:\windows\system32\vhoqeiex.exe
C:\windows\system32\wapisvtr32.exe
C:\windows\system32\wapitr.exe
C:\windows\system32\wvuusrr.dll
C:\windows\system32\xycsruec.dll
C:\windows\system32ftuninst.exe
C:\windows\system32tfthot.exe
C:\windows\tk58.exe
C:\windows\tsks~1
C:\windows\ymante~1

.
((((((((((((((((((((((((( Files Created from 2007-08-12 to 2007-09-12 )))))))))))))))))))))))))))))))
.

2007-09-12 17:24 <DIR> d-------- C:\WINDOWS\TEM
2007-09-12 17:18 75,328 --a------ C:\WINDOWS\system32\qmxhpsco.exe
2007-09-11 17:11 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-11 16:52 <DIR> d-------- C:\WINDOWS\ERUNT
2007-09-11 16:42 <DIR> d--hs---- C:\FOUND.008
2007-09-10 06:42 <DIR> d-------- C:\Program Files\Insider
2007-09-10 06:19 <DIR> d-------- C:\Program Files\Words
2007-09-10 05:14 <DIR> d-------- C:\WINDOWS\system32\dbl22
2007-09-10 05:14 <DIR> d-------- C:\WINDOWS\system32\cf2
2007-09-10 05:14 <DIR> d-------- C:\WINDOWS\system32\capcon
2007-09-01 12:03 <DIR> d--hs---- C:\FOUND.007
2007-08-24 11:53 <DIR> d--hs---- C:\FOUND.006
2007-08-23 17:00 <DIR> d-------- C:\divx
2007-08-19 21:34 <DIR> d-------- C:\E-Zsoft
2007-08-19 21:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Move Bore Curb Tool
2007-08-19 21:27 <DIR> d-------- C:\Program Files\3wPlayer
2007-08-19 21:24 <DIR> d-------- C:\Program Files\E-Zsoft
2007-08-19 18:40 <DIR> d-------- C:\Program Files\Advanced Privacy Protector
2007-08-16 23:48 <DIR> d-------- C:\DOCUME~1\David\APPLIC~1\Hamachi
2007-08-16 23:47 25,544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-08-16 23:47 <DIR> d-------- C:\Program Files\Hamachi
2007-08-16 21:36 <DIR> d--hs---- C:\FOUND.005
2007-08-16 04:05 <DIR> d--hs---- C:\FOUND.004
2007-08-15 18:20 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2007-08-15 18:20 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2007-08-15 18:20 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2007-08-15 18:20 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2007-08-15 18:20 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2007-08-15 18:20 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2007-08-15 18:20 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2007-08-15 17:56 <DIR> d-------- C:\MicroProse
2007-08-15 17:48 <DIR> d-------- C:\DOCUME~1\David\WINDOWS
2007-08-15 17:43 <DIR> d-------- C:\DOCUME~1\David\APPLIC~1\WhenU
2007-08-14 11:13 <DIR> d--hs---- C:\FOUND.003

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-11 16:33 27648 --a------ C:\windows\system32\zlib.dll
2007-08-06 00:47 --------- d-------- C:\Program Files\Red Kawa
2007-07-26 18:02 --------- d-------- C:\Program Files\Rapidshare Unlimited
2006-11-27 21:16:30 704,564 --sh--w C:\windows\system32\mlljg.dll
2005-07-29 21:24:26 472 --sha-r C:\windows\RGF2aWQ\l3IZuqk.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C34CEBFC-7F14-27B2-1DF1-76E2EE757293}]
C:\WINDOWS\system32\epvjd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-06 19:49]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-06 19:49]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 17:14]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 04:52]
"IPInSightMonitor 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 01:52]
"IPInSightLAN 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 01:52]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-09 22:08]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-19 00:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"Yahoo! Pager"="1" []
"AdvPrivProt"="C:\Program Files\Advanced Privacy Protector\pptray.exe" [2002-10-30 18:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 10:47]
"Words"="C:\Program Files\Words\Words.exe" [2007-09-10 06:20]
"Insider"="C:\Program Files\Insider\Insider.exe" [2007-09-10 06:42]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Uoei"="C:\DOCUME~1\David\APPLIC~1\FNTS~1\explorer.exe" -vt ndrv
"Wrad"=C:\WINDOWS\?dobe\r?gedit.exe

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

C:\DOCUME~1\DAVID\STARTM~1\PROGRAMS\STARTUP\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\windows\\system32\\mljgf

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=C:\windows\pss\SBC Self Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^uPlayMe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\uPlayMe.lnk
backup=C:\windows\pss\uPlayMe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^David^Start Menu^Programs^Startup^hamachi.lnk]
path=C:\Documents and Settings\David\Start Menu\Programs\Startup\hamachi.lnk
backup=C:\windows\pss\hamachi.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
"C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1146694161\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPodVideoConverter_upgrade]
"C:\Program Files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe" /upgrade

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
"C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w85181bc.dll]
RUNDLL32.EXE w85181bc.dll,I2 0012b1ab085181bc

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\Program Files\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YPCService"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)

R0 szkg;szkg;C:\windows\system32\DRIVERS\szkg.sys
R3 CONAN;CONAN;C:\windows\system32\drivers\o2mmb.sys
R3 MbxStby;MbxStby;C:\windows\system32\drivers\MbxStby.sys
S3 alcan5ln;Alcatel SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS);C:\windows\system32\DRIVERS\alcan5ln.sys


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C3E096CB-DFF0-AC09-B105-A0D7789EFA0F}]
C:\windows\scvhost.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-11 13:59:06 C:\windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-12 17:26:03
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-12 17:26:45 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-12 17:26
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:22 PM, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\windows\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Advanced Privacy Protector\pptray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Words\Words.exe
C:\Program Files\Insider\Insider.exe
C:\windows\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\David\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C34CEBFC-7F14-27B2-1DF1-76E2EE757293} - C:\WINDOWS\system32\epvjd.dll (file missing)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\sziebho.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [AdvPrivProt] C:\Program Files\Advanced Privacy Protector\pptray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKUS\S-1-5-18\..\Run: [Uoei] "C:\DOCUME~1\David\APPLIC~1\FNTS~1\explorer.exe" -vt ndrv (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Wrad] C:\WINDOWS\?dobe\r?gedit.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Uoei] "C:\DOCUME~1\David\APPLIC~1\FNTS~1\explorer.exe" -vt ndrv (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SmartLinkService (SLService) - - C:\windows\SYSTEM32\slserv.exe
O23 - Service: Stopzilla Local Service 4.4 (szserver) - Unknown owner - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 8808 bytes


thanks alot!!! I did the SDFix as well. But I accidently closed the log window so I couldnt copy and paste it unless I did it again.

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 11 September 2007 - 07:03 PM

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
This will change from what we know in 2006 read this article:
http://www.clickz.com/news/article.php/3561546

You are well advised to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present,then restart your pc:
Viewpoint
Viewpoint Manager
Viewpoint Media Player



Please download OTMoveIt by OldTimer:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):

C:\WINDOWS\system32\qmxhpsco.exe
C:\windows\system32\mlljg.dll
C:\Documents and Settings\All Users\Application Data\Move Bore Curb Tool
C:\Documents and Settings\David\Application Data\WhenU
C:\windows\RGF2aWQ


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button Posted Image.

Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it on your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.


Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {C34CEBFC-7F14-27B2-1DF1-76E2EE757293} - C:\WINDOWS\system32\epvjd.dll (file missing)
O4 - HKUS\S-1-5-18\..\Run: [Uoei] "C:\DOCUME~1\David\APPLIC~1\FNTS~1\explorer.exe" -vt ndrv (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Wrad] C:\WINDOWS\?dobe\r?gedit.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Uoei] "C:\DOCUME~1\David\APPLIC~1\FNTS~1\explorer.exe" -vt ndrv (User 'Default user')

Exit Hijackthis.

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#5 ydftball61

ydftball61
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 11 September 2007 - 08:17 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/12/2007 at 08:03 PM

Application Version : 3.9.1008

Core Rules Database Version : 3304
Trace Rules Database Version: 1310

Scan type : Complete Scan
Total Scan Time : 00:41:34

Memory items scanned : 552
Memory threats detected : 1
Registry items scanned : 5903
Registry threats detected : 0
File items scanned : 29188
File threats detected : 186

Trojan.WinFixer
C:\WINDOWS\SYSTEM32\MLLJG.DLL
C:\WINDOWS\SYSTEM32\MLLJG.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\MLLJG.DLL

Adware.Tracking Cookie
C:\Documents and Settings\David\Cookies\david@counter.plugin[2].txt
C:\Documents and Settings\David\Cookies\david@adlegend[2].txt
C:\Documents and Settings\David\Cookies\david@realmedia[1].txt
C:\Documents and Settings\David\Cookies\david@tribalfusion[1].txt
C:\Documents and Settings\David\Cookies\david@rotabanner100.utro[2].txt
C:\Documents and Settings\David\Cookies\david@rotabanner468.utro[2].txt
C:\Documents and Settings\David\Cookies\david@adopt.specificclick[2].txt
C:\Documents and Settings\David\Cookies\david@1071159143[1].txt
C:\Documents and Settings\David\Cookies\david@networksolutions.112.2o7[1].txt
C:\Documents and Settings\David\Cookies\david@footballfanatics.112.2o7[1].txt
C:\Documents and Settings\David\Cookies\david@www1.100.rbcmedia[1].txt
C:\Documents and Settings\David\Cookies\david@richmedia.yahoo[2].txt
C:\Documents and Settings\David\Cookies\david@as-us.falkag[1].txt
C:\Documents and Settings\David\Cookies\david@www.epilot[1].txt
C:\Documents and Settings\David\Cookies\david@tacoda[1].txt
C:\Documents and Settings\David\Cookies\david@mediatraffic[1].txt
C:\Documents and Settings\David\Cookies\david@advertising[2].txt
C:\Documents and Settings\David\Cookies\david@1071827511[1].txt
C:\Documents and Settings\David\Cookies\david@www.burstbeacon[1].txt
C:\Documents and Settings\David\Cookies\david@www.234.rbcmedia[1].txt
C:\Documents and Settings\David\Cookies\david@cpvfeed[2].txt
C:\Documents and Settings\David\Cookies\david@e-2dj6wjlyshajafp.stats.esomniture[2].txt
C:\Documents and Settings\David\Cookies\david@www.100.rbcmedia[1].txt
C:\Documents and Settings\David\Cookies\david@tase[4].txt
C:\Documents and Settings\David\Cookies\david@rotabanner.utro[2].txt
C:\Documents and Settings\David\Cookies\david@4.adbrite[1].txt
C:\Documents and Settings\David\Cookies\david@atdmt[2].txt
C:\Documents and Settings\David\Cookies\david@roiservice[1].txt
C:\Documents and Settings\David\Cookies\david@questionmarket[2].txt
C:\Documents and Settings\David\Cookies\david@euros4click[2].txt
C:\Documents and Settings\David\Cookies\david@edge.ru4[1].txt
C:\Documents and Settings\David\Cookies\david@100.media.lbn[1].txt
C:\Documents and Settings\David\Cookies\david@adecn[1].txt
C:\Documents and Settings\David\Cookies\david@ad[1].txt
C:\Documents and Settings\David\Cookies\david@rotabanner234.utro[1].txt
C:\Documents and Settings\David\Cookies\david@adrevolver[1].txt
C:\Documents and Settings\David\Cookies\david@adbrite[2].txt
C:\Documents and Settings\David\Cookies\david@sexreactor[1].txt
C:\Documents and Settings\David\Cookies\david@www.pornbb[1].txt
C:\Documents and Settings\David\Cookies\david@atwola[1].txt
C:\Documents and Settings\David\Cookies\david@revsci[2].txt
C:\Documents and Settings\David\Cookies\david@3.adbrite[2].txt
C:\Documents and Settings\David\Cookies\david@superstats[1].txt
C:\Documents and Settings\David\Cookies\david@exitexchange[1].txt
C:\Documents and Settings\David\Cookies\david@234.media.lbn[1].txt
C:\Documents and Settings\David\Cookies\david@screensavers[2].txt
C:\Documents and Settings\David\Cookies\david@try.starware[1].txt
C:\Documents and Settings\David\Cookies\david@xiti[1].txt
C:\Documents and Settings\David\Cookies\david@1057979027[1].txt
C:\Documents and Settings\David\Cookies\david@sexyshare[2].txt
C:\Documents and Settings\David\Cookies\david@findwhat[1].txt
C:\Documents and Settings\David\Cookies\david@ads.addynamix[1].txt
C:\Documents and Settings\David\Cookies\david@pornbb[1].txt
C:\Documents and Settings\David\Cookies\david@yadro[1].txt
C:\Documents and Settings\David\Cookies\david@www.xctrk[2].txt
C:\Documents and Settings\David\Cookies\david@adopt.euroclick[2].txt
C:\Documents and Settings\David\Cookies\david@adinterax[2].txt
C:\Documents and Settings\David\Cookies\david@adserver[1].txt
C:\Documents and Settings\David\Cookies\david@linkto.mediafire[2].txt
C:\Documents and Settings\David\Cookies\david@anad.tacoda[1].txt
C:\Documents and Settings\David\Cookies\david@clicksor[2].txt
C:\Documents and Settings\David\Cookies\david@ads.adbrite[2].txt
C:\Documents and Settings\David\Cookies\david@mediafire[2].txt
C:\Documents and Settings\David\Cookies\david@www.entrepreneur[1].txt
C:\Documents and Settings\David\Cookies\david@specificclick[2].txt
C:\Documents and Settings\David\Cookies\david@www.sexyshare[1].txt
C:\Documents and Settings\David\Cookies\david@adultfriendfinder[1].txt
C:\Documents and Settings\David\Cookies\david@monstercom.112.2o7[1].txt
C:\Documents and Settings\David\Cookies\david@adrevolver[3].txt
C:\Documents and Settings\David\Cookies\david@try.screensavers[1].txt
C:\Documents and Settings\David\Cookies\david@login.tracking101[2].txt
C:\Documents and Settings\David\Cookies\david@ads.realtechnetwork[1].txt
C:\Documents and Settings\David\Cookies\david@ads.piolet[1].txt
C:\Documents and Settings\David\Cookies\david@sitestat.mayoclinic[2].txt
C:\Documents and Settings\David\Cookies\david@homestore.122.2o7[1].txt
C:\Documents and Settings\David\Cookies\david@entrepreneur[1].txt
C:\Documents and Settings\David\Cookies\david@ads.pointroll[2].txt
C:\Documents and Settings\David\Cookies\david@firstpremierbankcard.112.2o7[1].txt
C:\Documents and Settings\David\Cookies\david@2o7[2].txt
C:\Documents and Settings\David\Cookies\david@pro-market[2].txt
C:\Documents and Settings\David\Cookies\david@adsrevenue[2].txt
C:\Documents and Settings\David\Cookies\david@epilot[1].txt
C:\Documents and Settings\David\Cookies\david@advertisersclearinghouse.aavalue[1].txt
C:\Documents and Settings\David\Cookies\david@1071802964[1].txt
C:\Documents and Settings\David\Cookies\david@ads.evtv1[2].txt
C:\Documents and Settings\David\Cookies\david@rotator.adjuggler[1].txt
C:\Documents and Settings\David\Cookies\david@h.starware[1].txt
C:\Documents and Settings\David\Cookies\david@azjmp[1].txt
C:\Documents and Settings\David\Cookies\david@warez-net[1].txt
C:\Documents and Settings\David\Cookies\david@cz8.clickzs[2].txt
C:\Documents and Settings\David\Cookies\david@www.pornleecher[1].txt
C:\Documents and Settings\David\Cookies\david@tase[2].txt
C:\Documents and Settings\David\Cookies\david@perf.overture[1].txt
C:\Documents and Settings\David\Cookies\david@buzznet.112.2o7[1].txt
C:\Documents and Settings\David\Cookies\david@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\David\Cookies\david@tase[1].txt
C:\Documents and Settings\David\Cookies\david@adsby.zwoops[1].txt
C:\Documents and Settings\David\Cookies\david@overture[2].txt
C:\Documents and Settings\David\Cookies\david@i.screensavers[2].txt
C:\Documents and Settings\David\Cookies\david@onlinerewardcenter[2].txt
C:\Documents and Settings\David\Cookies\david@free-download-rapidshare-porn-xxx-sexuploader-megaupload[2].txt
C:\Documents and Settings\David\Cookies\david@toplist[1].txt
C:\Documents and Settings\David\Cookies\david@adultadworld[1].txt
C:\Documents and Settings\David\Cookies\david@counter[1].txt
C:\Documents and Settings\David\Cookies\david@ad.yieldmanager[2].txt
C:\Documents and Settings\David\Cookies\david@ads.piolet[2].txt
C:\Documents and Settings\David\Cookies\david@bluestreak[1].txt
C:\Documents and Settings\David\Cookies\david@wTracker[2].txt
C:\Documents and Settings\David\Cookies\david@zedo[1].txt
C:\Documents and Settings\David\Cookies\david@anat.tacoda[1].txt
C:\Documents and Settings\David\Cookies\david@tribalfusion[2].txt
C:\Documents and Settings\David\Cookies\david@highbeam.122.2o7[1].txt

Trojan.Security Toolbar
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

Trojan.Unknown Origin
C:\WD7GI8N.EXE
C:\PROGRAM FILES\MESSENGER\WOLYBI22011.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP494\A0270375.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP494\A0270388.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP495\A0270449.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP495\A0270450.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP495\A0270467.EXE
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\RGF2AWQ\L3IZUQK.VBS
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WAPITR.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WAPISVTR32.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\PF78.EXE.VIR
C:\windows\Prefetch\WOLYBI22011.EXE-082B093B.pf

Adware.ClickSpring
C:\WINDOWS\SYSTEM32\TGUTID.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP489\A0267355.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP489\A0267356.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP495\A0270463.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP495\A0270464.EXE
C:\qoobox\Quarantine\C\WINDOWS\DOBE~1\RGEDIT~1.VIR
C:\QOOBOX\QUARANTINE\C\DOCUME~1\DAVID\APPLIC~1\FNTS~1\EXPLORER.EXE.VIR

Adware.Adservs
C:\WINDOWS\SYSTEM32\DBL22\MANO2CEP.EXE

Trojan.SysVx/Win
C:\DOCUMENTS AND SETTINGS\DAVID\CDEGFR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP489\A0268375.EXE

Adware.WebBuying Assistant-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP489\A0267342.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP489\A0268343.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP489\A0268344.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP489\A0269342.EXE

Trojan.ZQuest-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP489\A0267351.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP489\A0268357.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP495\A0270470.EXE
C:\QOOBOX\QUARANTINE\C\WINDOWS\TK58.EXE.VIR

Trojan.MrFindAlot
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP489\A0267390.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP489\A0267391.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP489\A0268351.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP489\A0268374.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP495\A0270468.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP495\A0270469.EXE
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32FTUNINST.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32TFTHOT.EXE.VIR

Trojan.CUpdater
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP489\A0268370.EXE

Trojan.Downloader/SmitF
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP489\A0268377.EXE

Trojan.Downloader-Gen/Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP489\A0268378.EXE

Adware.WebNexus
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP489\A0268379.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP489\A0268380.DLL

Adware.WhenU
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP489\A0268381.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP489\A0268382.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP489\A0268383.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP489\A0268384.DLL

Adware.ZenoSearch-NVON
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP489\A0268396.EXE

Trojan.ZenoSearch
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP489\A0268397.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP495\A0270454.EXE
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\QWINKLDT.EXE.VIR

Trojan.Net-Wintouch/V2
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP494\A0270344.EXE

Trojan.Loosky Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP494\A0270378.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP494\A0270391.DLL

Unclassified.Unknown Origin/System
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP494\A0270379.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP494\A0270392.EXE

Adware.eZula
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP495\A0270453.EXE
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\QMXHPSCO.EXE
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VHOQEIEX.EXE.VIR

Trojan.ZQuest
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP495\A0270455.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP495\A0270456.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP495\A0270457.DLL
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ONLINE SERVICES\BAPU.DLL.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ONLINE SERVICES\BAPU32.DLL.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ONLINE SERVICES\BAPU735.DLL.VIR

Trojan.SVCHostSYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP495\A0270461.EXE
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\SVCHOSTSYS\SVCHOSTRUN.EXE.VIR

Trojan.Downloader-PMTLauncher
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP495\A0270466.EXE
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\GBE90QS.EXE.VIR

Trojan.Downloader-Gen/HitItQuitIt
C:\SYSTEM VOLUME INFORMATION\_RESTORE{887EC199-0A0A-41AA-A087-B3D59752D252}\RP495\A0270478.DLL

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:33 PM, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\windows\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Advanced Privacy Protector\pptray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Words\Words.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\David\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\sziebho.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [AdvPrivProt] C:\Program Files\Advanced Privacy Protector\pptray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SmartLinkService (SLService) - - C:\windows\SYSTEM32\slserv.exe
O23 - Service: Stopzilla Local Service 4.4 (szserver) - Unknown owner - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8406 bytes


My computer seems to be running much more smoothly now. THank you sooo much!!!!!

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 12 September 2007 - 04:41 AM

Your log is clean :thumbsup:
If all's ok,please do the following.

Find and delete:
SDFix.exe
Combofix.exe
OTMoveIt.exe

C:\_OTMOVEIT
C:\QOOBOX
C:\SDFix

Download and install CCleaner:
http://www.ccleaner.com/download/builds/downloading-slim

Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
*Note*
Do not use the Issues block to clean anything with this program.
It is for experts only and it is risky.

Select Cleaner Settings.
Check Internet Explorer, Windows Explorer, and System so that all items are checked.
In the Advanced section,have a check only on Old PreFetch Data.

Click on the Options block on the left.
Select Advanced.
Uncheck "Only delete files in Windows Temp folders older than 48 hours".

Set Cookie Retention.
Click on the Options block on the left, then choose Cookies.
Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.

Run Cleaning Scan.
Click on the Cleaner block on the left.
Choose the Windows tab.
Click the Run Cleaner button.
This process could take a while.
When CCleaner shows how much has been removed,cleaning is finished.


Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users