Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Toolbar 7.1


  • This topic is locked This topic is locked
2 replies to this topic

#1 guthix12

guthix12

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 10 November 2007 - 05:47 PM

I've searched and I've noticed a lot of people have had this nasty virus... I've been messing around trying to get rid of it, googling things, etc. You guys are my last hope sad.gif I've had the virus for about a week, or almost. I have Panda Antivirus and use Zone Alarm as a firewall. I've tried to get rid of it with Spybot Search and Destroy, Ad-Aware SE Personal, XoftSpySE, AVG Anti-Spyware, and nothing has helped. Any help would be great. I really appreciate all of your help in advance, thanks.

My HijackThis log is below my ComboFix Log.

My ComboFix Log:

ComboFix 07-10-22.1 - Ryan 2007-10-21 18:48:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.277 [GMT -5:00]
Running from: C:\Documents and Settings\Ryan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\regedit.com
C:\WINDOWS\system32\_002723_.tmp.dll
C:\WINDOWS\system32\_002739_.tmp.dll
C:\WINDOWS\system32\_002771_.tmp.dll
C:\WINDOWS\system32\_002779_.tmp.dll
C:\WINDOWS\system32\_002879_.tmp.dll
C:\WINDOWS\system32\_002880_.tmp.dll
C:\WINDOWS\system32\_002881_.tmp.dll
C:\WINDOWS\system32\_002882_.tmp.dll
C:\WINDOWS\system32\_002886_.tmp.dll
C:\WINDOWS\system32\_002887_.tmp.dll
C:\WINDOWS\system32\_002888_.tmp.dll
C:\WINDOWS\system32\_002889_.tmp.dll
C:\WINDOWS\system32\_002894_.tmp.dll
C:\WINDOWS\system32\_002895_.tmp.dll
C:\WINDOWS\system32\_002896_.tmp.dll
C:\WINDOWS\system32\_002897_.tmp.dll
C:\WINDOWS\system32\_002901_.tmp.dll
C:\WINDOWS\system32\_002902_.tmp.dll
C:\WINDOWS\system32\_002903_.tmp.dll
C:\WINDOWS\system32\_002904_.tmp.dll
C:\WINDOWS\system32\_002909_.tmp.dll
C:\WINDOWS\system32\_002910_.tmp.dll
C:\WINDOWS\system32\_002911_.tmp.dll
C:\WINDOWS\system32\_002912_.tmp.dll
C:\WINDOWS\system32\_002917_.tmp.dll
C:\WINDOWS\system32\_002918_.tmp.dll
C:\WINDOWS\system32\_002919_.tmp.dll
C:\WINDOWS\system32\_002920_.tmp.dll
C:\WINDOWS\system32\_002923_.tmp.dll
C:\WINDOWS\system32\_002925_.tmp.dll
C:\WINDOWS\system32\_002926_.tmp.dll
C:\WINDOWS\system32\_002927_.tmp.dll
C:\WINDOWS\system32\_002928_.tmp.dll
C:\WINDOWS\system32\_002934_.tmp.dll
C:\WINDOWS\system32\_002936_.tmp.dll
C:\WINDOWS\system32\_002942_.tmp.dll
C:\WINDOWS\system32\_002944_.tmp.dll
C:\WINDOWS\system32\_002949_.tmp.dll
C:\WINDOWS\system32\_002950_.tmp.dll
C:\WINDOWS\system32\_002951_.tmp.dll
C:\WINDOWS\system32\_002952_.tmp.dll
C:\WINDOWS\system32\_002957_.tmp.dll
C:\WINDOWS\system32\_002958_.tmp.dll
C:\WINDOWS\system32\_002959_.tmp.dll
C:\WINDOWS\system32\_002960_.tmp.dll
C:\WINDOWS\system32\_002967_.tmp.dll
C:\WINDOWS\system32\_002968_.tmp.dll
C:\WINDOWS\system32\_002969_.tmp.dll
C:\WINDOWS\system32\_002970_.tmp.dll
C:\WINDOWS\system32\_002971_.tmp.dll
C:\WINDOWS\system32\_002972_.tmp.dll
C:\WINDOWS\system32\_002973_.tmp.dll
C:\WINDOWS\system32\_002980_.tmp.dll
C:\WINDOWS\system32\_002981_.tmp.dll
C:\WINDOWS\system32\_002982_.tmp.dll
C:\WINDOWS\system32\_002984_.tmp.dll
C:\WINDOWS\system32\_002985_.tmp.dll
C:\WINDOWS\system32\_002988_.tmp.dll
C:\WINDOWS\system32\_002989_.tmp.dll
C:\WINDOWS\system32\_002991_.tmp.dll
C:\WINDOWS\system32\_002992_.tmp.dll
C:\WINDOWS\system32\_002993_.tmp.dll
C:\WINDOWS\system32\_002995_.tmp.dll
C:\WINDOWS\system32\_002996_.tmp.dll
C:\WINDOWS\system32\_002998_.tmp.dll
C:\WINDOWS\system32\_003002_.tmp.dll
C:\WINDOWS\system32\_003003_.tmp.dll
C:\WINDOWS\system32\_003005_.tmp.dll
C:\WINDOWS\system32\_003008_.tmp.dll
C:\WINDOWS\system32\_003009_.tmp.dll
C:\WINDOWS\system32\_003010_.tmp.dll
C:\WINDOWS\system32\_003011_.tmp.dll
C:\WINDOWS\system32\_003012_.tmp.dll
C:\WINDOWS\system32\_003015_.tmp.dll
C:\WINDOWS\system32\_003017_.tmp.dll
C:\WINDOWS\system32\_003018_.tmp.dll
C:\WINDOWS\system32\_003019_.tmp.dll
C:\WINDOWS\system32\_003023_.tmp.dll
C:\WINDOWS\system32\_003025_.tmp.dll
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NM
-------\LEGACY_NPF
-------\nm


((((((((((((((((((((((((( Files Created from 2007-09-22 to 2007-10-22 )))))))))))))))))))))))))))))))
.

2007-10-22 18:56 92,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\av5flt.sys
2007-10-21 16:57 51,200 C:\WINDOWS\NirCmd.exe
2007-10-19 20:04 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\Grisoft
2007-10-19 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-19 20:03 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-10-18 21:44 <DIR> d-------- C:\Program Files\XoftSpySE
2007-10-16 15:08 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-10-16 14:48 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-10-16 10:32 1,152 --a------ C:\WINDOWS\SYSTEM32\windrv.sys
2007-10-16 10:31 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-10-15 22:07 <DIR> d-------- C:\Program Files\Video Add-on
2007-10-15 22:07 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-14 19:02 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\NCH Swift Sound
2007-10-14 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-09-23 14:32 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-09-23 14:32 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-09-23 13:42 <DIR> d-------- C:\o12adminst

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-20 23:21 --------- d-----w C:\Program Files\AIM
2007-10-20 18:18 31,538 ----a-w C:\Documents and Settings\Ryan\Application Data\wklnhst.dat
2007-10-20 17:48 --------- d-----w C:\Program Files\Microsoft Works
2007-10-16 15:57 --------- d-----w C:\Program Files\Lexmark X1100 Series
2007-08-26 17:54 --------- d-----w C:\Program Files\Common Files\Adobe
2006-10-30 22:21 4,394 ----a-w C:\Documents and Settings\Ryan\Application Data\SAS7_000.DAT
2006-07-07 05:37 560 ----a-w C:\Documents and Settings\Ryan\Application Data\ViewerApp.dat
2006-07-05 02:14 332 ----a-w C:\Documents and Settings\Ryan\restore.reg
2006-06-03 18:58 59,664 ----a-w C:\Documents and Settings\Ryan\Application Data\GDIPFONTCACHEV1.DAT
2006-04-12 19:02 33 ----a-w C:\Program Files\purl.txt
2006-01-14 20:53 6,512 ----a-w C:\Documents and Settings\Ryan\Device.dat
2001-06-04 22:24 1,012,224 -c--a-w C:\Program Files\Common Files\Staredit.dll
2006-07-12 21:47:21 152 --sh--r C:\WINDOWS\SYSTEM32\BBACA0DEC3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{23ED2206-856D-461A-BBCF-1C2466AC5AE3}"= C:\Program Files\Video Add-on\ictmdl.dll [2007-10-15 22:07 80896]

[HKEY_CLASSES_ROOT\CLSID\{23ED2206-856D-461A-BBCF-1C2466AC5AE3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{23ED2206-856D-461A-BBCF-1C2466AC5AE3}"= C:\Program Files\Video Add-on\ictmdl.dll [2007-10-15 22:07 80896]

[HKEY_CLASSES_ROOT\CLSID\{23ED2206-856D-461A-BBCF-1C2466AC5AE3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-04-19 18:06]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 C:\WINDOWS\KHALMNPR.Exe]
"iTunesHelper"="F:\Documents And Settings\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"APVXDWIN"="F:\Documents And Settings\Program Files\PandaAntiVirus\APVXDWIN.exe" [2006-09-13 07:59]
"SNM"="F:\Documents And Settings\Program Files\SpyNoMore\SNM.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-10-19 20:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 05:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Wincmd16"=F:\Documents And Settings\Program Files\Active Key Logger\Active Key Logger.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - F:\Documents And Settings\Program Files\SetPoint\SetPoint\SetPoint.exe [2006-12-03 20:02:00]
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2007-04-08 19:07:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Ghp`amfUbrhLds"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Mn@iboddPubswLfov"=0 (0x0)
"Mn@mlrf"=0 (0x0)
"MnOndNeg"=0 (0x0)
"MnQtm"=0 (0x0)
"NoLogOff"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= F:\Documents And Settings\Program Files\AnfyTeam\Applet\ANPANORAMA\preview.html
FriendlyName= Anfy ANPANORAMA

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2005-09-27 12:13 45056 C:\WINDOWS\SYSTEM32\avldr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FRISK FP-Scheduler]
C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snipe]
C:\WINDOWS\system32\explorer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\Program Files\AWS\WeatherBug\Weather.exe 1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Generic Host Process"=C:\WINDOWS\System32\scvhost.exe

R0 netflt;Panda Net Driver.;C:\WINDOWS\System32\Drivers\netflt.sys
R0 PzWDM;PzWDM;C:\WINDOWS\System32\Drivers\PzWDM.sys
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\System32\drivers\ShldDrv.sys
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\System32\Drivers\cpoint.sys
R2 F-Secure Filter;F-Secure File System Filter;\??\F:\Documents And Settings\Program Files\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\F:\Documents And Settings\Program Files\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\F:\Documents And Settings\Program Files\Anti-Virus\Win2K\FSrec.sys
R2 LBeepKE;LBeepKE;C:\WINDOWS\System32\Drivers\LBeepKE.sys
R2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\System32\DRIVERS\PavProc.sys
R2 Vcs;Vcs support;\??\C:\WINDOWS\System32\Drivers\Vcs.sys
R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\System32\drivers\av5flt.sys
R3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\System32\PavSRK.sys
R3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\System32\PavTPK.sys
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\System32\DRIVERS\wg111v2.sys
S0 FVDSCSI;FVDSCSI;C:\WINDOWS\System32\DRIVERS\fvdscsi.sys
S2 BulkUsb;Plustek USB Scanner;C:\WINDOWS\System32\DRIVERS\usbscan.sys
S2 Ca536av;DV 4500(Video);C:\WINDOWS\System32\Drivers\Ca536av.sys
S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable;C:\WINDOWS\System32\Drivers\SilvrLnk.sys
S3 SjyPkt;SjyPkt;\??\C:\WINDOWS\System32\Drivers\SjyPkt.sys
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\System32\DRIVERS\sonypvs1.sys
S3 USBCamera;DV 4500(Still);C:\WINDOWS\System32\Drivers\Bulk536.sys
S3 USBFVNETR;NETGEAR MA101 USB Adapter;C:\WINDOWS\System32\DRIVERS\ma101rnd.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-19 22:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- F:\Documents And Settings\Program Files\TuneUp04\SystemOptimizer.exe
"2003-07-13 00:29:18 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2007-10-22 23:56:59 C:\WINDOWS\Tasks\XoftSpySE 2.job"
"2007-10-19 02:44:36 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-22 18:59:06
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-22 19:06:06 - machine was rebooted
.
--- E O F ---


HijackThis Log File:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:04 PM, on 10/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
F:\Documents And Settings\Program Files\PandaAntiVirus\pavsrv51.exe
F:\Documents And Settings\Program Files\PandaAntiVirus\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
F:\Documents And Settings\Program Files\PandaAntiVirus\TPSrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Documents And Settings\Program Files\Anti-Virus\fsgk32st.exe
F:\Documents And Settings\Program Files\Anti-Virus\FSGK32.EXE
F:\Documents And Settings\Program Files\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Documents And Settings\Program Files\PandaAntiVirus\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
F:\Documents And Settings\Program Files\PandaAntiVirus\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Documents And Settings\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
F:\Documents And Settings\Program Files\SetPoint\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
F:\Documents And Settings\Program Files\Mozilla\firefox.exe
F:\Documents And Settings\Program Files\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: IE Custom Tools - {23ED2206-856D-461A-BBCF-1C2466AC5AE3} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "F:\Documents And Settings\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [APVXDWIN] "F:\Documents And Settings\Program Files\PandaAntiVirus\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SNM] F:\Documents And Settings\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Generic Host Process] C:\WINDOWS\System32\scvhost.exe
O4 - HKUS\S-1-5-18\..\Run: [Wincmd16] F:\Documents And Settings\Program Files\Active Key Logger\Active Key Logger.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Wincmd16] F:\Documents And Settings\Program Files\Active Key Logger\Active Key Logger.exe (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &Block this popup - F:\Documents And Settings\Program Files\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166061753307
O16 - DPF: {BE1BDC4F-2AAC-494E-88B1-86B2EE4F2D6D} - http://download.copysafe.net/Plugin/Download/Copysafe.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontale.com/nprotect/nprotect/npx.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - F:\Documents And Settings\Program Files\Anti-Virus\fsgk32st.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - F:\Documents And Settings\Program Files\PandaAntiVirus\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - F:\Documents And Settings\Program Files\PandaAntiVirus\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - F:\Documents And Settings\Program Files\PandaAntiVirus\PsImSvc.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\System32\locator.exe (file missing)
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - F:\Documents And Settings\Program Files\PandaAntiVirus\TPSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O24 - Desktop Component 1: Anfy ANPANORAMA - F:\Documents And Settings\Program Files\AnfyTeam\Applet\ANPANORAMA\preview.html

--
End of file - 7599 bytes

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:11 PM

Posted 16 November 2007 - 07:52 PM

Hello guthix12,

You should NOT be running ComboFix on your own. :thumbsup: ComboFix is designed to removed specific infections, and needs an malware expert to interpret it.


Uninstall ComboFix, go to to Start > Run & type in ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

*******************


NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again!

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of the SmitfraudFix report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:11 PM

Posted 22 November 2007 - 11:26 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users