Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scans Clean But Still Unable To Download Or Surf With Ease


  • This topic is locked This topic is locked
2 replies to this topic

#1 Idiot that clicked

Idiot that clicked

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 19 June 2008 - 07:08 PM

Was mislead by a misleading application I thought it was microsoft. Im an idiot that clicked. Three days later Norton caught a Trojan Vundo i deleted right away. Next day got three more. Tried many types of removal tools nothing would keep it away. Ended up getting a norton special norton vundo tool. Ran it many times it finally caught it. Never had a repeat of Vundo since. Internet was really bad from intial infection to today. I reformated and did recovery from scratch. Well internet problem did not go away. So i tried more removal tools CCleaner/ Smitfix (i am sure i spelled it wrong) / adaware 2008 / spybot search and destroy and a few others. Adaware caught a fizzelbar (toolsbesttoolstoolbar etc...) I was pissed and quaranteed. Then went into registry and deleted every line that had this fizzelbar in it. Restarted had a few erros but ran better. I then reformatted and recovered again. Internet still bad. I posted on this site in "Am i infected". Ran some tools as directed no bugs found. I have No idea what is causing it. I am in your hands thanks in advance. Starting to wonder if i should just buy a new harddrive, but with my luck it would get infected again and start the process over. Enclosed is my highjack log thanks, in advance :thumbsup:


Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-21 11:52:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:35 AM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1213681629\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 6757 bytes

-- Files created between 2008-05-21 and 2008-06-21 -----------------------------

2008-06-20 21:11:04 0 d-------- C:\WINDOWS\Sun
2008-06-20 18:42:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun
2008-06-20 05:41:50 0 d-------- C:\Program Files\Guild Wars
2008-06-19 20:59:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-06-19 20:47:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-19 20:47:35 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-19 20:47:35 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-06-19 20:46:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-18 21:30:37 0 d-------- C:\WINDOWS\network diagnostic
2008-06-18 20:56:29 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-18 20:56:27 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-18 20:56:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 22:07:56 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-06-17 21:57:47 0 d-------- C:\Program Files\MSXML 4.0
2008-06-17 21:44:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-06-17 21:42:24 0 d-------- C:\Program Files\Windows Sidebar
2008-06-17 21:41:31 0 d-------- C:\Program Files\Norton Internet Security
2008-06-17 21:39:41 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-17 21:23:48 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-17 01:17:50 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-17 01:08:28 0 d-------- C:\Documents and Settings\Owner\WINDOWS
2008-06-17 01:08:28 0 d--h----- C:\Documents and Settings\Owner\Templates
2008-06-17 01:08:28 0 dr------- C:\Documents and Settings\Owner\Start Menu
2008-06-17 01:08:28 0 dr-h----- C:\Documents and Settings\Owner\SendTo
2008-06-17 01:08:28 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-06-17 01:08:28 0 d--h----- C:\Documents and Settings\Owner\PrintHood
2008-06-17 01:08:28 1310720 --ah----- C:\Documents and Settings\Owner\NTUSER.DAT
2008-06-17 01:08:28 0 d--h----- C:\Documents and Settings\Owner\NetHood
2008-06-17 01:08:28 0 dr------- C:\Documents and Settings\Owner\My Documents
2008-06-17 01:08:28 0 d--h----- C:\Documents and Settings\Owner\Local Settings
2008-06-17 01:08:28 0 dr------- C:\Documents and Settings\Owner\Favorites
2008-06-17 01:08:28 0 d-------- C:\Documents and Settings\Owner\Desktop
2008-06-17 01:08:28 0 d--hs---- C:\Documents and Settings\Owner\Cookies
2008-06-17 01:08:28 0 dr-h----- C:\Documents and Settings\Owner\Application Data
2008-06-17 01:08:28 0 d-------- C:\Documents and Settings\Owner\Application Data\You've Got Pictures Screensaver
2008-06-17 01:08:28 0 d-------- C:\Documents and Settings\Owner\Application Data\SampleView
2008-06-17 01:08:28 0 d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-06-17 01:08:28 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities
2008-06-17 01:07:49 0 d-------- C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver
2008-06-17 01:07:49 0 d-------- C:\Documents and Settings\Default User\Application Data\SampleView
2008-06-17 01:07:49 0 d-------- C:\Documents and Settings\Default User\Application Data\McAfee
2008-06-17 01:05:23 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-17 00:52:59 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-17 00:50:55 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-17 00:50:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\McAfee
2008-06-17 00:50:47 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-06-17 00:50:30 0 d-------- C:\WINDOWS\RegisteredPackages
2008-06-17 00:50:23 67072 --a------ C:\WINDOWS\POWERCFG.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-17 00:50:08 0 d-------- C:\Program Files\CyberLink
2008-06-17 00:49:52 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-17 00:49:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-17 00:49:28 0 d-------- C:\Program Files\MSN Encarta Plus
2008-06-17 00:48:45 0 d-------- C:\Program Files\Microsoft Money 2005
2008-06-17 00:48:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-06-17 00:48:31 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-06-17 00:48:18 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2008-06-17 00:48:13 0 d-------- C:\WINDOWS\system32\QuickTime
2008-06-17 00:48:13 0 d-------- C:\Program Files\QuickTime
2008-06-17 00:48:13 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-06-17 00:48:08 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2008-06-17 00:48:08 0 d-------- C:\My Music
2008-06-17 00:48:03 0 d-------- C:\Program Files\Real
2008-06-17 00:48:02 0 d-------- C:\Program Files\Common Files\Real
2008-06-17 00:47:53 102400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll <Not Verified; 4Developers LLC; SimpleRegistry Control>
2008-06-17 00:47:53 10752 --a------ C:\WINDOWS\system32\aamd532.dll <Not Verified; Almeida & Andrade Ltda; MD5 Maker DLL>
2008-06-17 00:47:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-17 00:47:48 0 d-------- C:\Program Files\Viewpoint
2008-06-17 00:47:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-06-17 00:47:44 0 d-------- C:\Program Files\Pure Networks
2008-06-17 00:47:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-06-17 00:47:07 0 d-------- C:\Program Files\Common Files\aolshare
2008-06-17 00:47:07 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-06-17 00:47:00 335 --a------ C:\WINDOWS\nsreg.dat
2008-06-17 00:47:00 0 d-------- C:\Program Files\Common Files\AOL
2008-06-17 00:46:13 40960 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-06-17 00:46:11 294912 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2008-06-17 00:46:11 200704 --a------ C:\WINDOWS\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing driver Tool>
2008-06-17 00:46:08 192512 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-06-17 00:46:00 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-06-17 00:45:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Napster
2008-06-17 00:45:46 0 d-------- C:\Program Files\Napster
2008-06-17 00:45:42 20480 --a------ C:\WINDOWS\system32\Marker32.exe <Not Verified; Gateway; Marker32>
2008-06-17 00:45:32 543232 --a------ C:\WINDOWS\zHotkey.exe <Not Verified; ; Multimedia Keyboard Driver>
2008-06-17 00:45:32 532544 --a------ C:\WINDOWS\PIC.dll
2008-06-17 00:45:32 3927 --a------ C:\WINDOWS\mHotkey.reg
2008-06-17 00:45:32 24576 --a------ C:\WINDOWS\HKNTDLL.dll
2008-06-17 00:44:36 0 d-------- C:\Program Files\Java
2008-06-17 00:44:36 0 d-------- C:\Program Files\Common Files\Java
2008-06-17 00:44:15 471300 --a------ C:\WINDOWS\wallpe.exe <Not Verified; ; wallpe>
2008-06-17 00:42:15 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2008-06-17 00:42:10 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-06-17 00:41:41 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-17 00:41:28 0 d-------- C:\WINDOWS\SHELLNEW
2008-06-17 00:41:10 0 d-------- C:\Program Files\Microsoft.NET
2008-06-17 00:40:48 0 dr-h----- C:\MSOCache
2008-06-17 00:40:32 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-06-17 00:40:23 0 d-------- C:\Program Files\ATI Technologies
2008-06-17 00:34:36 0 d-------- C:\Program Files\Google
2008-06-17 00:34:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-17 00:34:24 0 d-------- C:\Program Files\Symantec
2008-06-17 00:34:07 18000 --a------ C:\WINDOWS\BigFixClientOverride.dll <Not Verified; BigFix, Inc.; BigFix>
2008-06-17 00:34:07 0 d-------- C:\Program Files\BigFix
2008-06-17 00:33:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-17 00:33:09 0 d-------- C:\Program Files\Digital Media Reader
2008-06-17 00:33:05 0 d-------- C:\WINDOWS\Downloaded Installations
2008-06-17 00:33:04 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-17 00:32:56 76288 -ra------ C:\WINDOWS\system32\PUBOLE32.DLL <Not Verified; Microsoft Corporation; Microsoft Publisher for Windows>
2008-06-17 00:32:56 212480 -ra------ C:\WINDOWS\system32\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-06-17 00:32:56 37888 -ra------ C:\WINDOWS\system32\ochlp30e.dll <Not Verified; Microsoft Corporation; Microsoft Multimedia Controls>
2008-06-17 00:32:56 82432 --a------ C:\WINDOWS\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-06-17 00:32:56 91136 -ra------ C:\WINDOWS\system32\msls2.dll <Not Verified; Microsoft Corporation; Microsoft® Line Services>
2008-06-17 00:32:55 31744 -ra------ C:\WINDOWS\system32\hlp95en.dll <Not Verified; Microsoft Corporation; Microsoft Office>
2008-06-17 00:32:31 0 d-------- C:\Program Files\Microsoft Works
2008-06-17 00:30:20 2658304 -----n--- C:\WINDOWS\UNNeroBurnRights.exe <Not Verified; Nero AG; Nero WebEngine>
2008-06-17 00:30:20 90184 --a------ C:\WINDOWS\system32\NeroCo.dll <Not Verified; Ahead Software AG
im Stoeckmaedle 18
76307 Karlsbad, Germany
Fax: ++49-7248-911-888
e-mail: info@nero.com; Nero Burning Rom>
2008-06-17 00:29:55 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-06-17 00:29:52 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-06-17 00:29:52 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-06-17 00:29:52 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-06-17 00:29:52 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-06-17 00:29:51 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-17 00:29:51 0 d-------- C:\Program Files\Ahead
2008-06-17 00:25:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Prism Deploy
2008-06-17 00:25:43 0 d-------- C:\Program Files\Common Files\New Boundary
2008-06-17 00:23:06 0 d-------- C:\WINDOWS\system32\URTTemp
2008-06-17 00:23:00 2 -r-hs---- C:\USER
2008-06-17 00:20:30 0 d-------- C:\Program Files\CONEXANT
2008-06-17 00:18:04 0 d--hs---- C:\System Volume Information
2008-06-17 00:16:26 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT
2008-06-17 00:16:21 0 d-------- C:\WINDOWS\creator
2008-06-17 00:14:52 0 d-------- C:\WINDOWS\SMINST
2008-06-17 00:14:49 0 d-------- C:\WINDOWS\I386


-- Find3M Report ---------------------------------------------------------------

2008-06-19 20:46:35 0 d-------- C:\Program Files\Common Files
2008-06-17 22:04:34 0 d-------- C:\Program Files\Messenger
2008-06-17 00:14:49 0 d-------- C:\Program Files\Windows NT
2008-06-17 00:14:45 0 d-------- C:\Program Files\Movie Maker
2008-06-17 00:10:52 0 d-------- C:\Program Files\Windows Plus
2008-06-17 00:10:52 0 d-------- C:\Program Files\Online Services
2008-06-17 00:10:52 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-17 00:10:52 0 d-------- C:\Program Files\microsoft frontpage
2008-06-17 00:10:52 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-17 00:10:52 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-17 00:10:52 0 d-------- C:\Program Files\Common Files\MSSoap


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
02/06/2008 11:05 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
06/17/2008 09:42 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [02/06/2008 11:05 PM 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/10/2004 01:04 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 01:50 PM]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [11/15/2004 05:04 PM]
"@"="" []
"CHotkey"="zHotkey.exe" [05/03/2005 04:02 PM C:\WINDOWS\zHotkey.exe]
"SoundMan"="SOUNDMAN.EXE" [04/15/2005 11:01 AM C:\WINDOWS\SOUNDMAN.EXE]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1213681629\EE\AOLHostManager.exe" [11/03/2004 04:03 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 10:24 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/25/2008 08:47 PM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [02/07/2008 01:49 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 02:00 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 6:44:06 AM]
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [6/17/2008 12:34:07 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-06-21 11:56:12 ------------


Was directed by Your forum to install hijack This finally was installed could not download originally here is the up to date log Kasersky (my computer and Crit scan came back clean)

Sorry can not seem to find the bug Help

Edited by Idiot that clicked, 20 June 2008 - 04:10 PM.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:00 PM

Posted 13 July 2008 - 10:06 PM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new Deckard's System Scanner which includes the HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:00 PM

Posted 21 July 2008 - 08:10 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users