Tech Support banner

Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
3 Posts
Discussion Starter #1
Ok, This problem has been haunting me for two months now and I've tried about everything other than FDISKing the system to get rid of it. I just ran Ad-Aware Personal, Super Anti-Spyware FREE and then NoLop in Safe mode. I then went back to normal mode and download and ran hijackthis The following is the Log any help would be greatly appreciated. I also attached a copy of the NoLop Log to the Post.

Thanks,
Sylven

Logfile of HijackThis v1.99.1
Scan saved at 9:29:08 AM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Google\Google Desktop Search\gcdtmp124\GoogleDesktopSetupHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ZipGenius 6\zipgenius.exe
C:\DOCUME~1\BEBLEV~1\LOCALS~1\Temp\ZGTemp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {78d50198-6128-4858-a4ee-84b823c6280a} - C:\WINDOWS\system32\mmhtclsg.dll (file missing)
O2 - BHO: (no name) - {925e4763-8330-43fd-adf6-ac89806f4bf8} - C:\WINDOWS\system32\mmhtclsg.dll (file missing)
O2 - BHO: (no name) - {b411f142-36cf-40a4-9d29-729ca4f6d61e} - C:\WINDOWS\system32\mmhtclsg.dll (file missing)
O2 - BHO: (no name) - {b8a1c738-526d-4f19-ac8a-d1dac06f4625} - C:\WINDOWS\system32\mmhtclsg.dll (file missing)
O2 - BHO: (no name) - {bbb52898-4ddb-410f-950f-5f5a77960236} - C:\WINDOWS\system32\mmhtclsg.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Part browse safe hold] C:\Documents and Settings\All Users\Application Data\Audio 4 part browse\info bows.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiSpyware2006FreeInstall.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkklm - C:\WINDOWS\system32\jkklm.dll (file missing)
O20 - Winlogon Notify: svcihiee - svcihiee.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
 

Attachments

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Hello Sylven and welcome to TSF,

You certainly do have a bit going on here. We prefer a more comprehensive set of logs to assist in detecting the extent of the malware that may be present. As noted in our sticky topic (Updated!) IMPORTANT - Read This Before Posting A Log, download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review.
  • DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.
Please include the following in your next reply:

main.txt
an attached extra.txt
 

·
Registered
Joined
·
3 Posts
Discussion Starter #4
Thanks for your help all things done and posted as you requested.

Sylven

main.txt
an attached extra.txt

Deckard's System Scanner v20071014.68
Run by jablevins on 2007-11-14 11:22:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
61: 2007-11-14 16:25:05 UTC - RP790 - Deckard's System Scanner Restore Point
60: 2007-11-14 13:46:41 UTC - RP789 - Installed SUPERAntiSpyware Free Edition
59: 2007-11-14 08:00:29 UTC - RP788 - Software Distribution Service 3.0
58: 2007-11-13 20:25:59 UTC - RP787 - System Checkpoint
57: 2007-11-12 19:56:36 UTC - RP786 - System Checkpoint


-- First Restore Point --
1: 2007-09-20 12:48:01 UTC - RP730 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-14 11:27:58
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Google\Google Desktop Search\gcdtmp126\GoogleDesktopSetupHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jablevins\Desktop\dss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {78d50198-6128-4858-a4ee-84b823c6280a} - C:\WINDOWS\system32\mmhtclsg.dll (file missing)
O2 - BHO: (no name) - {925e4763-8330-43fd-adf6-ac89806f4bf8} - C:\WINDOWS\system32\mmhtclsg.dll (file missing)
O2 - BHO: (no name) - {b411f142-36cf-40a4-9d29-729ca4f6d61e} - C:\WINDOWS\system32\mmhtclsg.dll (file missing)
O2 - BHO: (no name) - {b8a1c738-526d-4f19-ac8a-d1dac06f4625} - C:\WINDOWS\system32\mmhtclsg.dll (file missing)
O2 - BHO: (no name) - {bbb52898-4ddb-410f-950f-5f5a77960236} - C:\WINDOWS\system32\mmhtclsg.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Part browse safe hold] C:\Documents and Settings\All Users\Application Data\Audio 4 part browse\Joy Itch.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [view poke] C:\DOCUME~1\JABLEV~1\APPLIC~1\THIRDS~1\DELETE RDR CAKE.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SmartUI.lnk = C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} () - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiSpyware2006FreeInstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Filter: text/html - - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkklm - C:\WINDOWS\system32\jkklm.dll (file missing)
O20 - Winlogon Notify: svcihiee - C:\WINDOWS\system32\svcihiee.dll (file missing)
O22 - SharedTaskScheduler: fagging - {94524218-9af3-4643-9687-cbc2880e54da} - C:\WINDOWS\SYSTEM32\NUQJICI.DLL (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 7817 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 ApiMon - c:\windows\system32\drivers\apimon.sys (file missing)
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: USB Device
Device ID: USB\VID_04F9&PID_014B&MI_01\6&6B8E8CB&0&0001
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_04F9&PID_014B&MI_01\6&6B8E8CB&0&0001
Service:

Class GUID:
Description: USB Device
Device ID: USB\VID_04F9&PID_014B&MI_02\6&6B8E8CB&0&0002
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_04F9&PID_014B&MI_02\6&6B8E8CB&0&0002
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Westell WireSpeed Dual Connect Modem
Device ID: USB\VID_06A9&PID_000B\05B410986558
Manufacturer: Westell, Inc.
Name: Westell WireSpeed Dual Connect Modem
PNP Device ID: USB\VID_06A9&PID_000B\05B410986558
Service: USB_RNDIS_XP


-- Scheduled Tasks -------------------------------------------------------------

2007-11-09 10:19:58 386 --a------ C:\WINDOWS\Tasks\rpc.job
2007-11-07 23:26:31 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-08-17 17:11:44 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job


-- Files created between 2007-10-14 and 2007-11-14 -----------------------------

2007-11-14 11:27:09 0 d-------- C:\Program Files\ThirdSectDead
2007-11-14 09:06:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-11-14 08:54:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-11-14 08:53:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-11-14 08:46:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-14 08:46:43 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-14 08:46:43 0 d-------- C:\Documents and Settings\beblevins\Application Data\SUPERAntiSpyware.com
2007-11-14 08:46:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-13 01:02:55 0 d-------- C:\Program Files\Hidden Expedition Titanic
2007-11-13 01:02:55 0 d-------- C:\Program Files\BFG
2007-11-07 17:41:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Winferno
2007-11-06 22:09:32 297984 --a------ C:\WINDOWS\system32\midas.dll <Not Verified; Borland Software Corporation; Midas support DLL>
2007-11-06 22:09:06 0 d-------- C:\Program Files\Critical Seeker
2007-11-06 19:42:14 274205 --a------ C:\WINDOWS\PC Image Editor Uninstaller.exe
2007-11-06 19:42:12 0 d-------- C:\Program Files\PC Image Editor
2007-11-03 09:46:03 0 d-------- C:\gonefish
2007-11-02 17:35:23 0 d-------- C:\Program Files\Freeze.com Toolbar
2007-11-02 17:31:56 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2007-11-02 17:30:18 0 d-------- C:\Program Files\The Weather Channel FW
2007-11-02 17:30:09 495616 --a------ C:\WINDOWS\system32\WINUTIL5.DLL <Not Verified; Capital Intellect Inc; WINUTIL5>
2007-11-02 17:30:09 393216 --a------ C:\WINDOWS\system32\WINLCTL5.DLL <Not Verified; Capital Intellect Inc; WINLCTL5>
2007-11-02 17:30:08 0 d-------- C:\Program Files\Winferno
2007-11-02 17:29:51 0 d-------- C:\Program Files\My Downloaded Games
2007-11-02 17:29:51 0 d-------- C:\Program Files\BoontyGames
2007-11-02 17:29:17 0 d-------- C:\Program Files\Free Offers from Freeze.com
2007-10-31 11:28:18 0 d-------- C:\Program Files\Microsoft Games
2007-10-31 00:36:38 0 d-------- C:\Sword
2007-10-31 00:32:31 0 d-------- C:\Program Files\Dealio
2007-10-31 00:31:11 44544 --a------ C:\WINDOWS\system32\GIF89.DLL <Not Verified; ; Gif89 Module>
2007-10-30 23:54:33 403968 --a------ C:\WINDOWS\system32\WMAFile.dll <Not Verified; Online Media Technologies Ltd.; NCTWMAFile2 ActiveX DLL>
2007-10-30 23:54:33 966144 --a------ C:\WINDOWS\system32\AudioInfos.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioInformation2 ActiveX DLL>
2007-10-30 23:54:33 877568 --a------ C:\WINDOWS\system32\AudFile.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2007-10-30 23:54:32 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic pour Windows>
2007-10-30 23:54:32 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2007-10-30 23:54:32 40960 --a------ C:\WINDOWS\system32\SSubTmr6.dll <Not Verified; vbAccelerator; SSubTmr6>
2007-10-30 23:54:32 141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2007-10-30 23:54:32 15360 --a------ C:\WINDOWS\system32\inetfr.DLL <Not Verified; Microsoft Corporation; DLL du contrôle Microsoft Internet Transfer>
2007-10-30 23:54:32 32768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
2007-10-30 23:54:31 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2007-10-30 23:54:30 0 d-------- C:\Program Files\Free Easy Burner
2007-10-30 02:09:19 0 d-------- C:\Documents and Settings\beblevins\Application Data\ZipGenius
2007-10-30 02:09:09 0 d-------- C:\Program Files\ZipGenius 6
2007-10-26 11:50:40 0 d-------- C:\Program Files\Freelancer Mod Manager
2007-10-24 19:34:56 0 d-------- C:\Program Files\BarSim
2007-10-22 19:29:23 0 d-------- C:\Documents and Settings\beblevins\Saved Games
2007-10-21 23:21:35 0 d-------- C:\Documents and Settings\beblevins\Application Data\PlayFirst
2007-10-21 23:21:35 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-21 23:17:25 4096 --a------ C:\WINDOWS\d3dx.dat
2007-10-21 23:17:10 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-20 07:02:50 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-20 06:55:07 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-20 06:53:41 0 d-------- C:\Program Files\AIM6
2007-10-19 11:12:26 0 d--hs---- C:\WINDOWS\ftpcache
2007-10-18 21:46:54 0 d-------- C:\Program Files\DAEMON Tools SearchBar
2007-10-18 21:46:45 0 d-------- C:\Program Files\AdVantage
2007-10-18 21:43:38 0 d-------- C:\Program Files\DAEMON Tools
2007-10-18 21:40:36 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-10-18 21:27:08 0 d-------- C:\winmount
2007-10-18 21:16:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-10-18 21:11:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-18 19:59:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2007-10-18 19:59:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-10-18 19:59:44 0 d--h----- C:\Documents and Settings\Administrator\Templates <TEMPLA~1>
2007-10-18 19:59:44 0 dr------- C:\Documents and Settings\Administrator\Start Menu <STARTM~1>
2007-10-18 19:59:44 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-10-18 19:59:44 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-10-18 19:59:44 0 d--h----- C:\Documents and Settings\Administrator\PrintHood <PRINTH~1>
2007-10-18 19:59:44 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-10-18 19:59:44 0 dr------- C:\Documents and Settings\Administrator\My Documents <MYDOCU~1>
2007-10-18 19:59:44 0 d--h----- C:\Documents and Settings\Administrator\Local Settings <LOCALS~1>
2007-10-18 19:59:44 0 dr------- C:\Documents and Settings\Administrator\Favorites <FAVORI~1>
2007-10-18 19:59:44 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-10-18 19:59:44 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-10-18 19:59:44 0 dr-h----- C:\Documents and Settings\Administrator\Application Data <APPLIC~1>
2007-10-18 19:59:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-10-18 19:59:44 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-10-18 19:59:43 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-10-18 10:02:42 0 d--h----- C:\WINDOWS\PIF
2007-10-17 00:19:57 0 d-------- C:\Documents and Settings\jablevins\Application Data\AVG7
2007-10-16 18:58:48 0 d-------- C:\dosgames
2007-10-16 18:52:12 0 d-------- C:\Program Files\DOSBox-0.72


-- Find3M Report ---------------------------------------------------------------

2007-11-14 11:27:52 0 d-------- C:\Documents and Settings\jablevins\Application Data\ThirdSectDead
2007-11-14 08:46:17 0 d-------- C:\Program Files\Common Files
2007-11-13 00:58:02 0 d-------- C:\Program Files\Oberon Media
2007-11-11 02:56:51 2516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-11 02:55:53 56 -r-hs---- C:\WINDOWS\system32\D7AD381DBE.sys
2007-11-09 05:14:53 0 d-------- C:\Program Files\Heroes2
2007-11-07 23:45:56 0 d-------- C:\Program Files\Common Files\Real
2007-10-31 10:32:11 5801 --a------ C:\Program Files\install.log
2007-10-25 22:01:38 0 d-------- C:\Program Files\BitTorrent
2007-10-22 12:48:40 0 d-------- C:\Program Files\PokerStars.NET
2007-10-20 06:57:07 0 d-------- C:\Program Files\Viewpoint
2007-10-20 06:53:59 0 d-------- C:\Program Files\Common Files\AOL
2007-10-09 10:07:57 3087 --a------ C:\WINDOWS\mozver.dat
2007-10-08 01:05:30 0 d-------- C:\Program Files\5 Spots
2007-10-08 00:09:57 0 d-------- C:\Program Files\ReflexiveArcade
2007-09-25 10:35:31 0 d-------- C:\Program Files\SpywareBlaster
2007-09-23 08:16:03 0 d-------- C:\Program Files\QuickTime
2007-09-23 08:14:55 0 d-------- C:\Program Files\Apple Software Update
2007-09-23 06:51:02 0 d-------- C:\Program Files\Fox
2007-09-22 09:44:09 0 d-------- C:\Program Files\MyWebSearch
2007-09-19 08:08:17 0 d-------- C:\Program Files\Java
2007-09-19 07:47:28 0 d-------- C:\Program Files\WrathGames
2007-09-19 06:43:33 0 d-------- C:\Documents and Settings\jablevins\Application Data\Lavasoft
2007-09-14 21:54:21 0 d-------- C:\Program Files\3DO


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78d50198-6128-4858-a4ee-84b823c6280a}]
C:\WINDOWS\system32\mmhtclsg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{925e4763-8330-43fd-adf6-ac89806f4bf8}]
C:\WINDOWS\system32\mmhtclsg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b411f142-36cf-40a4-9d29-729ca4f6d61e}]
C:\WINDOWS\system32\mmhtclsg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8a1c738-526d-4f19-ac8a-d1dac06f4625}]
C:\WINDOWS\system32\mmhtclsg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bbb52898-4ddb-410f-950f-5f5a77960236}]
C:\WINDOWS\system32\mmhtclsg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 07:42 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/23/2005 04:36 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/23/2005 04:31 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [09/19/2007 08:08 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 05:24 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 01:05 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]
"POINTER"="point32.exe" []
"PaperPort PTD"="C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [08/12/2002 09:33 AM]
"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [08/12/2002 10:07 AM]
"SemanticInsight"="C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe" []
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/03/2007 04:09 PM]
"Part browse safe hold"="C:\Documents and Settings\All Users\Application Data\Audio 4 part browse\Joy Itch.exe" [11/14/2007 11:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11/30/2006 09:49 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"view poke"="C:\DOCUME~1\JABLEV~1\APPLIC~1\THIRDS~1\DELETE RDR CAKE.exe" [11/14/2007 11:26 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/14/2005 11:18:19 AM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [11/11/2004 11:59:36 AM]
SmartUI.lnk - C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2/3/2003 11:29:12 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{94524218-9af3-4643-9687-cbc2880e54da}"= C:\WINDOWS\SYSTEM32\NUQJICI.DLL [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkklm]
C:\WINDOWS\system32\jkklm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\svcihiee]
svcihiee.dll




-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

60 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-11-14 11:30:14 ------------
 

Attachments

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Thanks. :smile:

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

***************************************************

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs)

CiD Help
Need2Find Bar
Winferno Registry Power Cleaner



--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

O2 - BHO: (no name) - {78d50198-6128-4858-a4ee-84b823c6280a} - C:\WINDOWS\system32\mmhtclsg.dll (file missing)
O2 - BHO: (no name) - {925e4763-8330-43fd-adf6-ac89806f4bf8} - C:\WINDOWS\system32\mmhtclsg.dll (file missing)
O2 - BHO: (no name) - {b411f142-36cf-40a4-9d29-729ca4f6d61e} - C:\WINDOWS\system32\mmhtclsg.dll (file missing)
O2 - BHO: (no name) - {b8a1c738-526d-4f19-ac8a-d1dac06f4625} - C:\WINDOWS\system32\mmhtclsg.dll (file missing)
O2 - BHO: (no name) - {bbb52898-4ddb-410f-950f-5f5a77960236} - C:\WINDOWS\system32\mmhtclsg.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Part browse safe hold] C:\Documents and Settings\All Users\Application Data\Audio 4 part browse\Joy Itch.exe
O4 - HKCU\..\Run: [view poke] C:\DOCUME~1\JABLEV~1\APPLIC~1\THIRDS~1\DELETE RDR CAKE.exe
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} () - http://download.cdn.winsoftware.com/...reeInstall.cab
O18 - Filter: text/html - - (no file)
O20 - Winlogon Notify: jkklm - C:\WINDOWS\system32\jkklm.dll (file missing)
O20 - Winlogon Notify: svcihiee - C:\WINDOWS\system32\svcihiee.dll (file missing)


Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Code:
Folder::
C:\Program Files\ThirdSectDead
C:\Documents and Settings\All Users\Application Data\Winferno
C:\Program Files\Winferno
C:\Program Files\Free Offers from Freeze.com
C:\Program Files\AdVantage
C:\Documents and Settings\jablevins\Application Data\ThirdSectDead
Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on
    located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on
    then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


--------------------------------------------------------------------

Download fl.zip
  • Extract the contents of the fl.zip to a new folder on Desktop.
  • Within the folder, locate & double-click fl.bat.
  • It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply
----------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
Panda results
c:\findlop.txt
New HijackThis log
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top