Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log Spyburner Problem


  • This topic is locked This topic is locked
10 replies to this topic

#1 phidelt583

phidelt583

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 01 May 2008 - 01:40 PM

OK So I had another thread in which I was told to try the Malwarebytes, ATF-Cleaner, and SuperAntiSpyware programs. After completing all of the instructions on running these programs they all turned up no dangerous files found. So If anyone could help me here is my hijackthis log:

Deckard's System Scanner v20071014.68
Run by Whitney on 2008-05-01 14:33:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
54: 2008-05-01 18:33:34 UTC - RP252 - Deckard's System Scanner Restore Point
53: 2008-05-01 01:29:29 UTC - RP251 - Installed SUPERAntiSpyware Free Edition
52: 2008-04-30 03:35:55 UTC - RP250 - Removed MSXML 4.0 SP2 (KB936181)
51: 2008-04-30 03:34:14 UTC - RP249 - Removed MSXML 4.0 SP2 (KB927978)
50: 2008-04-30 03:33:35 UTC - RP248 - Removed MSXML 4.0 SP2 Parser and SDK


-- First Restore Point --
1: 2008-02-04 18:14:21 UTC - RP199 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Whitney.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:35:40 PM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\sxnwhbvrzc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\sxjecknqhu.exe
C:\WINDOWS\sxgnsvuxct.exe
C:\WINDOWS\sxpjbwvahn.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Whitney\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Whitney.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: 100% Free Chess Toolbar Helper - {AE4F4014-3BF4-4CEB-B46C-3730A2340C4E} - C:\Program Files\100% Free Chess Toolbar\v3.2.0.0\100%_Free_Chess_Toolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: 100% Free Chess Toolbar - {6F4F95AF-1647-4B72-A632-055405455423} - C:\Program Files\100% Free Chess Toolbar\v3.2.0.0\100%_Free_Chess_Toolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [{A4C928E8-0ABA-4fd3-83DF-23BE54ADF9A4}] "C:\WINDOWS\sxnwhbvrzc.exe"
O4 - HKLM\..\Run: [{78B578D7-BCE1-4d83-9CD4-195BC34D8CB3}] "C:\WINDOWS\sxjecknqhu.exe"
O4 - HKLM\..\Run: [1234klsjdc uiar924c af] "C:\WINDOWS\sxgnsvuxct.exe"
O4 - HKLM\..\Run: [{F758F78B-0885-490e-AA3C-4A38D28B0240}] "C:\WINDOWS\sxpjbwvahn.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9265 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 motmodem (Motorola USB CDC ACM Driver) - c:\windows\system32\drivers\motmodem.sys (file missing)
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 USBDeviceService - c:\program files\sonic\digitalmedia plus v7\mydvd plus\usbdeviceservice.exe <Not Verified; ; USBDeviceService Module>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-07 21:09:46 560 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Whitney.job
2007-05-26 21:36:35 402 --ah----- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job


-- Files created between 2008-04-01 and 2008-05-01 -----------------------------

2008-04-30 21:32:12 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-30 21:29:29 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-30 21:29:29 0 d-------- C:\Documents and Settings\Whitney\Application Data\SUPERAntiSpyware.com
2008-04-30 19:48:06 0 d-------- C:\Documents and Settings\Whitney\Application Data\Malwarebytes
2008-04-30 19:48:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-30 19:48:00 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-30 19:47:44 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-30 16:57:04 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-30 16:57:04 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-30 16:57:04 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-30 16:57:04 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-30 16:57:04 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-30 16:57:04 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-30 16:57:04 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-30 16:57:04 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-30 16:57:04 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-30 16:57:04 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-30 16:57:04 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-30 16:57:04 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-30 16:57:04 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-30 16:57:04 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-30 16:57:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-04-30 16:57:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-30 16:57:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-30 16:54:31 4596 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-30 16:54:06 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-30 16:54:06 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-30 16:54:06 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-30 16:54:05 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-30 16:54:05 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-30 16:54:05 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-30 16:54:05 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-30 16:54:05 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-29 21:44:00 1409 --a------ C:\WINDOWS\zeqbhjcrau.exe
2008-04-29 21:44:00 3072 --a------ C:\WINDOWS\zefckuxgdh.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-29 21:44:00 84032 --a------ C:\WINDOWS\sxpjbwvahn.exe
2008-04-29 21:44:00 73280 --a------ C:\WINDOWS\sxpgknrwva.exe
2008-04-29 21:43:59 81472 --a------ C:\WINDOWS\sxnwhbvrzc.exe
2008-04-29 21:43:59 85568 --a------ C:\WINDOWS\sxjecknqhu.exe
2008-04-29 21:43:59 82496 --a------ C:\WINDOWS\sxgnsvuxct.exe
2008-04-07 20:01:54 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer


-- Find3M Report ---------------------------------------------------------------

2008-05-01 14:35:20 0 d-------- C:\Program Files\Trend Micro
2008-04-30 21:29:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 19:47:44 0 d-------- C:\Program Files\Common Files
2008-04-30 13:42:44 0 d-------- C:\Program Files\Windows NT
2008-04-29 23:38:15 0 d-------- C:\Program Files\Yahoo!
2008-04-28 10:51:32 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-21 15:13:49 0 d-------- C:\Documents and Settings\Whitney\Application Data\U3
2008-03-20 22:26:50 0 d-------- C:\Program Files\Norton AntiVirus
2008-03-20 22:24:36 0 d-------- C:\Program Files\Symantec
2008-03-20 22:24:06 0 d-------- C:\Program Files\Windows Sidebar
2008-03-01 14:05:38 233575 --a------ C:\WINDOWS\100%_Free_Chess_Toolbar_Uninstaller_4015.exe <Not Verified; DreamQuest; 100% Free Chess>
2008-03-01 14:05:38 0 d-------- C:\Program Files\100% Free Chess Toolbar


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
03/20/2008 10:25 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE4F4014-3BF4-4CEB-B46C-3730A2340C4E}]
03/01/2008 02:05 PM 798720 --a------ C:\Program Files\100% Free Chess Toolbar\v3.2.0.0\100%_Free_Chess_Toolbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6F4F95AF-1647-4B72-A632-055405455423}"= C:\Program Files\100% Free Chess Toolbar\v3.2.0.0\100%_Free_Chess_Toolbar.dll [03/01/2008 02:05 PM 798720]

[-HKEY_CLASSES_ROOT\CLSID\{6F4F95AF-1647-4B72-A632-055405455423}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [11/02/2005 07:25 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2005 07:22 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [11/02/2005 07:26 PM]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [11/22/2005 03:55 PM C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"@"="" []
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe" [10/20/2005 10:15 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/11/2005 03:04 AM]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [11/16/2005 12:30 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 03:41 AM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [12/12/2005 03:39 PM]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [12/07/2005 02:56 PM]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [05/18/2005 02:29 PM]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 02:23 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 05:03 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 10:36 AM]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [04/22/2005 09:45 AM]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [11/09/2004 06:41 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/25/2008 05:47 PM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [02/06/2008 10:49 PM]
"{A4C928E8-0ABA-4fd3-83DF-23BE54ADF9A4}"="C:\WINDOWS\sxnwhbvrzc.exe" [04/29/2008 09:43 PM]
"{78B578D7-BCE1-4d83-9CD4-195BC34D8CB3}"="C:\WINDOWS\sxjecknqhu.exe" [04/29/2008 09:43 PM]
"1234klsjdc uiar924c af"="C:\WINDOWS\sxgnsvuxct.exe" [04/29/2008 09:43 PM]
"{F758F78B-0885-490e-AA3C-4A38D28B0240}"="C:\WINDOWS\sxpjbwvahn.exe" [04/29/2008 09:44 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [12/8/2007 1:22:39 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 5:21:22 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [9/24/2005 5:39:30 AM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [6/2/2006 5:29:26 AM]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 3:12:08 PM]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [6/21/2007 7:13:17 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80861173-ff81-11dc-a250-0016363e81a2}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e59b247a-b716-11db-a1b5-0016363e81a2}]
AutoRun\command- F:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-05-01 14:36:46 ------------

BC AdBot (Login to Remove)

 


#2 phidelt583

phidelt583
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 01 May 2008 - 02:18 PM

I will be going out of the country next weeks so if this post isn't responded to before may 12th please do not close it out. I will be here for the weekend and back next week. Thanks

#3 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 05 May 2008 - 07:19 PM

Welcoming to Bleeping Computer, please be sure you have read and followed the
Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
All advice given is taken at your own risk.

This is a new one on me, that may be why some tools are not recognizing it. I see it removed at MR by an expert I know. Since you are away from your computer and infections change quickly I would like to look at a fresh HJT log. Post that log if you still need help, when you return about 5/12/2008 and we will see what we can do.

Thanks...Phil
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#4 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 12 May 2008 - 06:38 AM

There has been no response to this topic in a week
This topic is closed

Thanks...pskelley
BleepingComputer
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#5 phidelt583

phidelt583
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 13 May 2008 - 09:13 AM

Ok guys here is my new log. I will be on every night starting now to check up on it.



Deckard's System Scanner v20071014.68
Run by Whitney on 2008-05-13 10:10:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Whitney.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:01 AM, on 5/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Whitney\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Whitney.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: 100% Free Chess Toolbar Helper - {AE4F4014-3BF4-4CEB-B46C-3730A2340C4E} - C:\Program Files\100% Free Chess Toolbar\v3.2.0.0\100%_Free_Chess_Toolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: 100% Free Chess Toolbar - {6F4F95AF-1647-4B72-A632-055405455423} - C:\Program Files\100% Free Chess Toolbar\v3.2.0.0\100%_Free_Chess_Toolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8757 bytes

-- Files created between 2008-04-13 and 2008-05-13 -----------------------------

2008-04-30 21:32:12 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-30 21:29:29 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-30 21:29:29 0 d-------- C:\Documents and Settings\Whitney\Application Data\SUPERAntiSpyware.com
2008-04-30 19:48:06 0 d-------- C:\Documents and Settings\Whitney\Application Data\Malwarebytes
2008-04-30 19:48:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-30 19:48:00 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-30 19:47:44 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-30 16:57:04 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-30 16:57:04 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-30 16:57:04 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-30 16:57:04 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-30 16:57:04 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-30 16:57:04 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-30 16:57:04 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-30 16:57:04 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-30 16:57:04 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-30 16:57:04 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-30 16:57:04 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-30 16:57:04 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-30 16:57:04 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-30 16:57:04 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-30 16:57:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-04-30 16:57:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-30 16:57:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-30 16:54:31 4596 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-30 16:54:06 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-30 16:54:06 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-30 16:54:06 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-30 16:54:05 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-30 16:54:05 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-30 16:54:05 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-30 16:54:05 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-30 16:54:05 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-29 21:44:00 1409 --a------ C:\WINDOWS\zeqbhjcrau.exe
2008-04-29 21:44:00 3072 --a------ C:\WINDOWS\zefckuxgdh.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-29 21:44:00 0 --a------ C:\WINDOWS\sxpgknrwva.exe


-- Find3M Report ---------------------------------------------------------------

2008-05-01 14:35:20 0 d-------- C:\Program Files\Trend Micro
2008-04-30 21:29:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 19:47:44 0 d-------- C:\Program Files\Common Files
2008-04-30 13:42:44 0 d-------- C:\Program Files\Windows NT
2008-04-29 23:38:15 0 d-------- C:\Program Files\Yahoo!
2008-04-28 10:51:32 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-21 15:13:49 0 d-------- C:\Documents and Settings\Whitney\Application Data\U3
2008-03-20 22:26:50 0 d-------- C:\Program Files\Norton AntiVirus
2008-03-20 22:24:36 0 d-------- C:\Program Files\Symantec
2008-03-20 22:24:06 0 d-------- C:\Program Files\Windows Sidebar
2008-03-01 14:05:38 233575 --a------ C:\WINDOWS\100%_Free_Chess_Toolbar_Uninstaller_4015.exe <Not Verified; DreamQuest; 100% Free Chess>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
03/20/2008 10:25 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE4F4014-3BF4-4CEB-B46C-3730A2340C4E}]
03/01/2008 02:05 PM 798720 --a------ C:\Program Files\100% Free Chess Toolbar\v3.2.0.0\100%_Free_Chess_Toolbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6F4F95AF-1647-4B72-A632-055405455423}"= C:\Program Files\100% Free Chess Toolbar\v3.2.0.0\100%_Free_Chess_Toolbar.dll [03/01/2008 02:05 PM 798720]

[-HKEY_CLASSES_ROOT\CLSID\{6F4F95AF-1647-4B72-A632-055405455423}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [11/02/2005 07:25 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2005 07:22 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [11/02/2005 07:26 PM]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [11/22/2005 03:55 PM C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"@"="" []
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe" [10/20/2005 10:15 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/11/2005 03:04 AM]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [11/16/2005 12:30 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 03:41 AM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [12/12/2005 03:39 PM]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [12/07/2005 02:56 PM]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [05/18/2005 02:29 PM]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 02:23 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 05:03 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 10:36 AM]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [04/22/2005 09:45 AM]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [11/09/2004 06:41 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/25/2008 05:47 PM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [02/06/2008 10:49 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [12/8/2007 1:22:39 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 5:21:22 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [9/24/2005 5:39:30 AM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [6/2/2006 5:29:26 AM]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 3:12:08 PM]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [6/21/2007 7:13:17 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80861173-ff81-11dc-a250-0016363e81a2}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e59b247a-b716-11db-a1b5-0016363e81a2}]
AutoRun\command- F:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-05-13 10:11:45 ------------

#6 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 17 May 2008 - 07:19 PM

I apologize :thumbsup: I was not notified when you posted. If you post and do not hear from me for twelve (12) hours, please send me a PM and make me aware:
http://www.bleepingcomputer.com/forums/ind...E=4&MID=724

Before you start see this:
C:\Program Files\Viewpoint\Common\ViewpointService.exe
For your information, Viewpoint is installed by aol probably without your knowledge. I suggest you uninstall this resource waster in Add Remove programs.
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/arch...4.php#viewpoint
http://www.clickz.com/news/article.php/3561546

C:\Program Files\Java\jre1.5.0_06\ <<< Java is out of date, see this:
http://forums.spybot.info/showpost.php?p=1...amp;postcount=2

See this: http://www.castlecops.com/clsid-34277.html

SUPERAntiSpyware <<< good progam but uses resources and will slow your computer. If it is a trial you may want to uninstall it.

If you are saying that you already completed these instructions:
http://www.bleepingcomputer.com/forums/t/131457/how-to-remove-spyburner-removal-instructions/

1) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

2) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: 100% Free Chess Toolbar Helper - {AE4F4014-3BF4-4CEB-B46C-3730A2340C4E} - C:\Program Files\100% Free Chess Toolbar\v3.2.0.0\100%_Free_Chess_Toolbar.dll
O3 - Toolbar: 100% Free Chess Toolbar - {6F4F95AF-1647-4B72-A632-055405455423} - C:\Program Files\100% Free Chess Toolbar\v3.2.0.0\100%_Free_Chess_Toolbar.dll

Close all programs but HJT and all browser windows, then click on "Fix Checked"

3) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart and post a new HJT log and tell me how the computer is running.

Thanks
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#7 phidelt583

phidelt583
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 18 May 2008 - 07:19 PM

OK pskelley, thanks for your help.

I misunderstood and deleted the %100 free chess thing before I did the hijack this log. So I couldn't click those in the scan and fix. But here is my new log.


Deckard's System Scanner v20071014.68
Run by Whitney on 2008-05-18 20:09:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Whitney.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:40 PM, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Whitney\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Whitney.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe

--
End of file - 7472 bytes

-- Files created between 2008-04-18 and 2008-05-18 -----------------------------

2008-04-30 21:32:12 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-30 21:29:29 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-30 21:29:29 0 d-------- C:\Documents and Settings\Whitney\Application Data\SUPERAntiSpyware.com
2008-04-30 19:48:06 0 d-------- C:\Documents and Settings\Whitney\Application Data\Malwarebytes
2008-04-30 19:48:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-30 19:48:00 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-30 19:47:44 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-30 16:57:04 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-30 16:57:04 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-30 16:57:04 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-30 16:57:04 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-30 16:57:04 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-30 16:57:04 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-30 16:57:04 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-30 16:57:04 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-30 16:57:04 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-30 16:57:04 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-30 16:57:04 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-30 16:57:04 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-30 16:57:04 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-30 16:57:04 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-30 16:57:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-04-30 16:57:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-30 16:57:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-30 16:54:31 4596 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-30 16:54:06 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-30 16:54:06 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-30 16:54:06 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-30 16:54:05 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-30 16:54:05 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-30 16:54:05 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-30 16:54:05 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-30 16:54:05 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-29 21:44:00 1409 --a------ C:\WINDOWS\zeqbhjcrau.exe
2008-04-29 21:44:00 3072 --a------ C:\WINDOWS\zefckuxgdh.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-05-18 19:21:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-01 14:35:20 0 d-------- C:\Program Files\Trend Micro
2008-04-30 19:47:44 0 d-------- C:\Program Files\Common Files
2008-04-30 13:42:44 0 d-------- C:\Program Files\Windows NT
2008-04-29 23:38:15 0 d-------- C:\Program Files\Yahoo!
2008-04-28 10:51:32 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-21 15:13:49 0 d-------- C:\Documents and Settings\Whitney\Application Data\U3
2008-03-20 22:26:50 0 d-------- C:\Program Files\Norton AntiVirus
2008-03-20 22:24:36 0 d-------- C:\Program Files\Symantec
2008-03-20 22:24:06 0 d-------- C:\Program Files\Windows Sidebar


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
03/20/2008 10:25 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [11/02/2005 07:25 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2005 07:22 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [11/02/2005 07:26 PM]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [11/22/2005 03:55 PM C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"@"="" []
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe" [10/20/2005 10:15 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/11/2005 03:04 AM]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [11/16/2005 12:30 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 03:41 AM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [12/12/2005 03:39 PM]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [12/07/2005 02:56 PM]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [05/18/2005 02:29 PM]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 02:23 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 10:36 AM]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [04/22/2005 09:45 AM]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [11/09/2004 06:41 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/25/2008 05:47 PM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [02/06/2008 10:49 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [12/8/2007 1:22:39 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 5:21:22 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [9/24/2005 5:39:30 AM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [6/2/2006 5:29:26 AM]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 3:12:08 PM]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [6/21/2007 7:13:17 PM]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80861173-ff81-11dc-a250-0016363e81a2}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e59b247a-b716-11db-a1b5-0016363e81a2}]
AutoRun\command- F:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-05-18 20:10:08 ------------

#8 phidelt583

phidelt583
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 18 May 2008 - 07:33 PM

Also this is kinda dumb but I have somehow deleted my windows paint program and games. So could you help me get those back? I use paint to minimize pictures all the time so I kinda need it.

#9 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 19 May 2008 - 05:22 AM

Thanks for the log, that's a Deckard's System Scan not a HijackThis log, you have both installed. The HijackThis look looks clean of malware, how is the computer running.

What do you mean by this?

I have somehow deleted my windows paint program and games

where did you remove the programs from?

Try using Search Companion...search for the executable, for instance
Paint.exe on my computer is in the C:\Windows\System32\ folder (other places also)
Open that folder and locate Paint.exe and point your mouse, then right click and choose "Send To" then Desktop (create shortcut)
There is a way to return it to the All Programs list but I can not remember offhand. Perhaps another helper will see the issue you are having and post in with it.

Hope that helps, you might find a forum you can ask the question here: http://www.bleepingcomputer.com/forums/

Some good information for you:
http://users.telenet.be/bluepatchy/miekiem...owcomputer.html
http://www.microsoft.com/windowsxp/using/h...ps/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiem...prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
BleepingComputer
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#10 phidelt583

phidelt583
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 19 May 2008 - 07:34 PM

Yeah so far the computer seems to be up and running nicely. Thanks for all of your help. I guess we can close this thread now. And thanks again!!!

#11 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 19 May 2008 - 07:52 PM

Thanks much for the feedback :thumbsup:
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users