Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Security warning: your computer may be infected...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Security warning: your computer may be infected...

Unread postby dmoney » November 1st, 2007, 5:14 pm

one word spyware. i havent been able to use my computer properly for 2 days now everything is slow.
dmoney
Active Member
 
Posts: 14
Joined: November 1st, 2007, 5:11 pm
Advertisement
Register to Remove

Unread postby dmoney » November 1st, 2007, 5:15 pm

guess i can't edit (wanted to add my hjt log) anyways here it is
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:15:05 PM, on 11/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Whizzo\SpyJacker\SpyFound.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\pyzdrqmh.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [f87b2656] rundll32.exe "C:\WINDOWS\system32\mkvsgckp.dll",b
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stag ... taller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan ... asinst.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: SpyJacker (_Service_SpyJacker) - CompanyName - C:\Program Files\Whizzo\SpyJacker\SpyFound.exe

--
End of file - 5822 bytes
dmoney
Active Member
 
Posts: 14
Joined: November 1st, 2007, 5:11 pm

Unread postby Shaba » November 3rd, 2007, 5:38 am

Hi dmoney

Rename HijackThis.exe to dmoney.exe and post back a fresh HijackThis log, please :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby dmoney » November 3rd, 2007, 8:02 am

dunno what you mean by rename but i renamed the icon that was on desktop to dmoney.exe



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:39 AM, on 11/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Whizzo\SpyJacker\SpyFound.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\twtvxtrd.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [f87b2656] rundll32.exe "C:\WINDOWS\system32\cproyidp.dll",b
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stag ... taller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan ... asinst.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: SpyJacker (_Service_SpyJacker) - CompanyName - C:\Program Files\Whizzo\SpyJacker\SpyFound.exe

--
End of file - 5784 bytes
dmoney
Active Member
 
Posts: 14
Joined: November 1st, 2007, 5:11 pm

Unread postby Shaba » November 3rd, 2007, 8:06 am

Hi

Rename HijackThis.exe to dmoney.exe by doing the following;

  • Navigate here using Windows Explorer (windows button + E) or My Computer -> Local Disk C: -> C:\Program Files\Trend Micro\HijackThis
  • Right-click on the HijackThis.exe
  • Choose from the pull-down menu; "Rename"
  • And now Rename HijackThis.exe to dmoney.exe
  • When you've renamed HijackThis, open HijackThis again.
  • Take a fresh HijackThis log (click Do a system scan and save a log file)
  • Post the fresh HijackThis log here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby dmoney » November 3rd, 2007, 8:16 am

ok got it here it is , by the way thanks for replying so far

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:15:51 AM, on 11/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Whizzo\SpyJacker\SpyFound.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\dmoney.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Faxfgqar\skpejvzn.dll
O2 - BHO: {ef401621-a02b-07f9-41d4-14460edebc44} - {44cbede0-6441-4d14-9f70-b20a126104fe} - C:\WINDOWS\system32\orhqbldt.dll
O2 - BHO: (no name) - {50666B8E-6CBD-4471-9E85-96B41D9BBCD3} - C:\WINDOWS\system32\wvuvuus.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8248EA61-FBC6-446D-A63F-971D1F6D156B} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\twtvxtrd.dll
O2 - BHO: (no name) - {DFFA30F4-7A69-4129-9FEC-87C0306B3358} - C:\WINDOWS\system32\jkkji.dll
O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\twtvxtrd.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [f87b2656] rundll32.exe "C:\WINDOWS\system32\cproyidp.dll",b
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stag ... taller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: twtvxtrd - C:\WINDOWS\SYSTEM32\twtvxtrd.dll
O20 - Winlogon Notify: wvuvuus - C:\WINDOWS\SYSTEM32\wvuvuus.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: SpyJacker (_Service_SpyJacker) - CompanyName - C:\Program Files\Whizzo\SpyJacker\SpyFound.exe

--
End of file - 7212 bytes
dmoney
Active Member
 
Posts: 14
Joined: November 1st, 2007, 5:11 pm

Unread postby Shaba » November 3rd, 2007, 8:46 am

Hi

1. Download combofix from one of these links and save it to Desktop:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Program Files\Whizzo\SpyJacker\SpyFound.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Post:

- a fresh HijackThis log
- combofix report
- jotti/virustotal results
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby dmoney » November 3rd, 2007, 9:22 am

combfix log

ComboFix 07-11-01.1 - Darlington Omeni 2007-11-03 9:05:49.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.517 [GMT -4:00]
Running from: C:\Documents and Settings\Darlington Omeni\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ALLUSE~1\STARTM~1\Live Safety Center.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.lnk
C:\DOCUME~1\DARLIN~1\Desktop\Live Safety Center.lnk
C:\DOCUME~1\DARLIN~1\Desktop\Online Security Guide.lnk
C:\DOCUME~1\DARLIN~1\FAVORI~1\Online Security Guide.lnk
C:\Documents and Settings\Darlington Omeni\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Darlington Omeni\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Darlington Omeni\Favorites\Online Security Guide.lnk
C:\WINDOWS\system32\ijkkj.bak1
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\twtvxtrd.dllbox

.
((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))
.

2007-11-02 22:15 82,496 --a------ C:\WINDOWS\system32\orhqbldt.dll
2007-11-02 22:12 340,032 --a------ C:\WINDOWS\system32\twtvxtrd.dll
2007-11-02 22:12 340,032 --a------ C:\WINDOWS\system32\prcoqxgm.dll
2007-11-02 22:06 86,080 --a------ C:\WINDOWS\system32\cproyidp.dll
2007-11-01 11:32 <DIR> d-------- C:\WINDOWS\SpyMonitor
2007-11-01 11:32 1,246,720 --a------ C:\WINDOWS\system32\ModalCreateFileWarning.dll
2007-11-01 11:32 1,238,016 --a------ C:\WINDOWS\system32\ModalRegistryWarning.dll
2007-11-01 11:22 <DIR> d-------- C:\Program Files\Whizzo
2007-10-31 18:46 11,254 --a------ C:\WINDOWS\system32\locate.com
2007-10-31 17:47 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-10-31 14:01 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-31 12:31 <DIR> d-------- C:\Documents and Settings\Darlington Omeni\Application Data\Grisoft
2007-10-31 12:31 <DIR> d-------- C:\DOCUME~1\DARLIN~1\APPLIC~1\Grisoft
2007-10-31 12:31 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-31 11:47 <DIR> d-------- C:\Program Files\Faxfgqar
2007-10-31 06:49 <DIR> d-------- C:\Program Files\Xlazjrnb
2007-10-30 20:57 <DIR> d-------- C:\Program Files\Mxrqqohc
2007-10-30 06:53 <DIR> d-------- C:\Program Files\Zkrcdsrj
2007-10-30 06:41 <DIR> d-------- C:\ShowNew
2007-10-30 06:41 <DIR> d-------- C:\GetRunKey
2007-10-29 22:33 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-29 17:44 17,408 --a------ C:\psapi.dll
2007-10-29 06:49 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-10-28 21:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-10-28 20:19 33,280 --a------ C:\WINDOWS\system32\wvuvuus.dll
2007-10-28 20:18 <DIR> d-------- C:\Program Files\spihyxqn
2007-10-28 08:15 <DIR> d-------- C:\VundoFix Backups
2007-10-28 00:55 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-10-28 00:54 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-10-28 00:26 <DIR> d-------- C:\Documents and Settings\Darlington Omeni\Application Data\True Sword
2007-10-28 00:26 <DIR> d-------- C:\DOCUME~1\DARLIN~1\APPLIC~1\True Sword
2007-10-28 00:25 <DIR> d-------- C:\Program Files\True Sword 4
2007-10-27 23:28 <DIR> d-------- C:\Program Files\Iqpwprej
2007-10-27 22:09 <DIR> d-------- C:\Documents and Settings\Darlington Omeni\Application Data\systemerrorfixer
2007-10-27 22:09 <DIR> d-------- C:\DOCUME~1\DARLIN~1\APPLIC~1\systemerrorfixer
2007-10-27 22:04 <DIR> d-------- C:\Program Files\Common Files\SystemErrorFixer
2007-10-27 22:04 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\systemerrorfixer
2007-10-27 17:13 48 --a------ C:\Documents and Settings\Darlington Omeni\readme.bat
2007-10-27 17:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Agnitum
2007-10-27 17:11 <DIR> d-------- C:\Program Files\lmxqtyrm
2007-10-25 10:26 53,248 --a------ C:\WINDOWS\bdoscandel.exe
2007-10-16 14:46 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-10-16 14:42 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-10-16 14:22 <DIR> d-------- C:\Documents and Settings\Darlington Omeni\Application Data\dvdcss
2007-10-16 14:22 <DIR> d-------- C:\DOCUME~1\DARLIN~1\APPLIC~1\dvdcss
2007-10-15 16:59 <DIR> d-------- C:\Program Files\PCSecureDeleteTrial
2007-10-10 04:18 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 23:36 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-10-08 23:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-03 11:43 --------- d-----w C:\Program Files\eMule
2007-11-03 02:42 --------- d-----w C:\Documents and Settings\Darlington Omeni\Application Data\Azureus
2007-11-03 02:42 --------- d-----w C:\DOCUME~1\DARLIN~1\APPLIC~1\Azureus
2007-10-31 18:38 --------- d-----w C:\Program Files\WinAce
2007-10-30 02:19 --------- d-----w C:\Program Files\Trend Micro
2007-10-29 00:16 --------- d-----w C:\Program Files\DivX
2007-10-28 12:54 5,258 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-10-26 03:06 --------- d-----w C:\Program Files\Trillian
2007-10-24 16:34 --------- d-----w C:\Program Files\HP
2007-10-05 06:15 --------- d-----w C:\Program Files\Azureus
2007-10-01 16:26 --------- d-----w C:\Program Files\DVD Shrink
2007-10-01 16:26 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-09-30 15:20 --------- d-----w C:\Program Files\Common Files\xing shared
2007-09-30 15:20 --------- d-----w C:\Program Files\Common Files\Real
2007-09-30 15:19 --------- d-----w C:\Program Files\Real
2007-09-30 15:10 --------- d-----w C:\Documents and Settings\Darlington Omeni\Application Data\Apple Computer
2007-09-30 15:10 --------- d-----w C:\DOCUME~1\DARLIN~1\APPLIC~1\Apple Computer
2007-09-30 15:04 --------- d-----w C:\Program Files\Apple Software Update
2007-09-30 15:03 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-09-30 14:04 --------- d-----w C:\Program Files\AllToAVI
2007-09-30 03:13 47,360 ----a-w C:\Documents and Settings\Darlington Omeni\Application Data\pcouffin.sys
2007-09-30 03:13 47,360 ----a-w C:\DOCUME~1\DARLIN~1\APPLIC~1\pcouffin.sys
2007-09-30 03:13 --------- d-----w C:\Documents and Settings\Darlington Omeni\Application Data\Vso
2007-09-30 03:13 --------- d-----w C:\DOCUME~1\DARLIN~1\APPLIC~1\Vso
2007-09-29 17:38 --------- d-----w C:\Program Files\WinAVI Video Converter
2007-09-29 03:29 3,082 ----a-w C:\WINDOWS\system32\affv208325p1now.sys
2007-09-29 03:09 --------- d-----w C:\Documents and Settings\Darlington Omeni\Application Data\DVD Flick
2007-09-29 03:09 --------- d-----w C:\DOCUME~1\DARLIN~1\APPLIC~1\DVD Flick
2007-09-28 21:20 --------- d-----w C:\Program Files\Common Files\AVSMedia
2007-09-28 21:18 --------- d-----w C:\Documents and Settings\Darlington Omeni\Application Data\AVSMedia
2007-09-28 21:18 --------- d-----w C:\DOCUME~1\DARLIN~1\APPLIC~1\AVSMedia
2007-09-28 21:18 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
2007-09-28 21:17 --------- d-----w C:\Program Files\Common Files\Download Manager
2007-09-28 21:12 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G5
2007-09-28 21:02 36,734 ----a-w C:\WINDOWS\system32\OggDSuninst.exe
2007-09-28 21:02 --------- d-----w C:\Documents and Settings\Darlington Omeni\Application Data\River Past G5
2007-09-28 21:02 --------- d-----w C:\DOCUME~1\DARLIN~1\APPLIC~1\River Past G5
2007-09-28 04:19 --------- d-----w C:\Program Files\AC3Filter
2007-09-28 01:02 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-09-28 01:00 --------- d-----w C:\Documents and Settings\Darlington Omeni\Application Data\DivX
2007-09-28 01:00 --------- d-----w C:\DOCUME~1\DARLIN~1\APPLIC~1\DivX
2007-09-28 00:59 --------- d-----w C:\Program Files\Movkit
2007-09-26 01:19 --------- d-----w C:\Program Files\Smart Projects
2007-09-26 00:24 --------- d-----w C:\Program Files\Custom Technology
2007-09-25 23:26 --------- d-----w C:\Program Files\AVIcodec
2007-09-25 23:04 --------- d-----w C:\Program Files\MediaInfo
2007-09-25 16:55 --------- d-----w C:\Documents and Settings\Darlington Omeni\Application Data\CCEFront
2007-09-25 16:55 --------- d-----w C:\DOCUME~1\DARLIN~1\APPLIC~1\CCEFront
2007-09-25 12:02 --------- d-----w C:\Program Files\OpenVideoConverter
2007-09-22 14:58 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-09-22 00:11 --------- d-----w C:\Documents and Settings\Darlington Omeni\Application Data\Sunbelt Software
2007-09-22 00:11 --------- d-----w C:\DOCUME~1\DARLIN~1\APPLIC~1\Sunbelt Software
2007-09-20 01:47 --------- d-----w C:\Documents and Settings\Darlington Omeni\Application Data\Comodo
2007-09-20 01:47 --------- d-----w C:\DOCUME~1\DARLIN~1\APPLIC~1\Comodo
2007-09-20 01:47 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-09-18 02:59 --------- d-----w C:\Program Files\Nero
2007-09-18 00:54 --------- d-----w C:\Documents and Settings\Darlington Omeni\Application Data\Ahead
2007-09-18 00:54 --------- d-----w C:\DOCUME~1\DARLIN~1\APPLIC~1\Ahead
2007-09-17 18:40 35,856 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-09-17 18:40 202,768 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-17 18:31 1,126,072 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2007-09-16 18:46 --------- d-----w C:\Program Files\MTV Networks
2007-09-16 18:44 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-15 01:09 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-09-15 01:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-12 11:02 --------- d-----w C:\Program Files\The Eagle
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-10 01:19 --------- d-----w C:\Documents and Settings\Darlington Omeni\Application Data\The Eagle
2007-09-10 01:19 --------- d-----w C:\DOCUME~1\DARLIN~1\APPLIC~1\The Eagle
2007-09-08 20:17 --------- d-----w C:\Program Files\TVUPlayer
2007-09-05 23:41 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
2007-09-05 23:38 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Channel4
2007-09-05 01:21 --------- d-----w C:\Program Files\Common Files\HP
2007-08-22 12:55 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 12:55 665,600 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 12:55 617,984 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 12:55 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 12:55 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 12:55 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 12:55 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 12:55 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 12:55 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 12:55 3,064,832 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 12:55 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 12:55 205,824 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 12:55 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 12:55 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 12:55 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 12:55 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 12:55 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 12:55 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:19 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-15 22:33 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-08-15 22:33 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-08-15 22:33 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
2007-10-31 11:47 94208 --a------ C:\Program Files\Faxfgqar\skpejvzn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44cbede0-6441-4d14-9f70-b20a126104fe}]
2007-11-02 22:15 82496 --a------ C:\WINDOWS\system32\orhqbldt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50666B8E-6CBD-4471-9E85-96B41D9BBCD3}]
2007-10-28 20:19 33280 --a------ C:\WINDOWS\system32\wvuvuus.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8248EA61-FBC6-446D-A63F-971D1F6D156B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-02 22:12 340032 --a------ C:\WINDOWS\system32\twtvxtrd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\twtvxtrd.dll [2007-11-02 22:12 340032]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 15:02]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 11:20 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 08:15]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-21 17:50]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"f87b2656"="C:\WINDOWS\system32\cproyidp.dll" [2007-11-02 22:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 17:15]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{50666B8E-6CBD-4471-9E85-96B41D9BBCD3}"= C:\WINDOWS\system32\wvuvuus.dll [2007-10-28 20:19 33280]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\twtvxtrd]
twtvxtrd.dll 2007-11-02 22:12 340032 C:\WINDOWS\system32\twtvxtrd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvuus]
wvuvuus.dll 2007-10-28 20:19 33280 C:\WINDOWS\system32\wvuvuus.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkji.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

R2 _Service_SpyJacker;SpyJacker;C:\Program Files\Whizzo\SpyJacker\SpyFound.exe

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-03 09:15:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\twtvxtrd.dllbox 20640 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2007-11-03 9:19:05 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-02 22:26
C:\ComboFix3.txt ... 2007-10-29 22:43
.
--- E O F ---
dmoney
Active Member
 
Posts: 14
Joined: November 1st, 2007, 5:11 pm

Unread postby dmoney » November 3rd, 2007, 9:23 am

hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:08 AM, on 11/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Whizzo\SpyJacker\SpyFound.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\dmoney.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tsc.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Faxfgqar\skpejvzn.dll
O2 - BHO: (no name) - {16B726F6-E736-4BB1-9AFA-A16BAC12BBBA} - C:\WINDOWS\system32\vtsqn.dll
O2 - BHO: {ef401621-a02b-07f9-41d4-14460edebc44} - {44cbede0-6441-4d14-9f70-b20a126104fe} - C:\WINDOWS\system32\orhqbldt.dll
O2 - BHO: (no name) - {50666B8E-6CBD-4471-9E85-96B41D9BBCD3} - C:\WINDOWS\system32\wvuvuus.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8248EA61-FBC6-446D-A63F-971D1F6D156B} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\twtvxtrd.dll
O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\twtvxtrd.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [f87b2656] rundll32.exe "C:\WINDOWS\system32\cproyidp.dll",b
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stag ... taller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: twtvxtrd - C:\WINDOWS\SYSTEM32\twtvxtrd.dll
O20 - Winlogon Notify: wvuvuus - C:\WINDOWS\SYSTEM32\wvuvuus.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: SpyJacker (_Service_SpyJacker) - CompanyName - C:\Program Files\Whizzo\SpyJacker\SpyFound.exe

--
End of file - 7351 bytes
dmoney
Active Member
 
Posts: 14
Joined: November 1st, 2007, 5:11 pm

Unread postby dmoney » November 3rd, 2007, 9:31 am

virus total results

Antivirus Version Last Update Result
AhnLab-V3 2007.11.3.0 2007.11.02 -
AntiVir 7.6.0.30 2007.11.02 -
Authentium 4.93.8 2007.11.02 -
Avast 4.7.1074.0 2007.11.03 -
AVG 7.5.0.503 2007.11.03 -
BitDefender 7.2 2007.11.03 -
CAT-QuickHeal 9.00 2007.11.03 -
ClamAV 0.91.2 2007.11.03 -
DrWeb 4.44.0.09170 2007.11.03 -
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5264 2007.11.02 -
Ewido 4.0 2007.11.03 -
FileAdvisor 1 2007.11.03 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.02 -
F-Secure 6.70.13030.0 2007.11.02 -
Ikarus T3.1.1.12 2007.11.03 -
Kaspersky 7.0.0.125 2007.11.03 -
McAfee 5155 2007.11.02 -
Microsoft 1.2908 2007.11.03 -
NOD32v2 2636 2007.11.03 -
Norman 5.80.02 2007.11.02 -
Panda 9.0.0.4 2007.11.03 -
Prevx1 V2 2007.11.03 Heuristic: Suspicious File With Mass Email Capabilities
Rising 20.16.52.00 2007.11.03 -
Sophos 4.23.0 2007.11.03 -
Sunbelt 2.2.907.0 2007.11.02 -
Symantec 10 2007.11.03 -
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.11.03 -
VirusBuster 4.3.26:9 2007.11.02 -
Webwasher-Gateway 6.6.1 2007.11.02 -
Additional information
File size: 852992 bytes
MD5: e13c230f63d34441b0d490eae08aa788
SHA1: 6b9661638c4d989a29a070045d3ba9ebb3249010
Prevx info: http://fileinfo.prevx.com/fileinfo.asp? ... 00E89A5955
dmoney
Active Member
 
Posts: 14
Joined: November 1st, 2007, 5:11 pm

Unread postby Shaba » November 4th, 2007, 5:49 am

Hi

Do you recognize this program?

C:\Program Files\Whizzo\SpyJacker\SpyFound.exe
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby dmoney » November 4th, 2007, 8:17 am

yeah i just erased it last night it ... its supposed to be some program that erases spyware and stuff got it from here...http://www.teamwhizzo.com/products.php came with the cleansuite
dmoney
Active Member
 
Posts: 14
Joined: November 1st, 2007, 5:11 pm

Unread postby Shaba » November 4th, 2007, 8:31 am

Hi

Ok, then we leave it alone.

Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
Rootkit::
C:\WINDOWS\system32\twtvxtrd.dllbox

File::
C:\WINDOWS\system32\orhqbldt.dll
C:\WINDOWS\system32\twtvxtrd.dll
C:\WINDOWS\system32\prcoqxgm.dll
C:\WINDOWS\system32\cproyidp.dll 
C:\WINDOWS\system32\wvuvuus.dll 

Folder::
C:\Program Files\Faxfgqar
C:\Program Files\Xlazjrnb
C:\Program Files\Mxrqqohc
C:\Program Files\Zkrcdsrj 
C:\Program Files\lmxqtyrm 
C:\Program Files\spihyxqn 
C:\Program Files\Iqpwprej 
C:\Documents and Settings\Darlington Omeni\Application Data\systemerrorfixer
C:\DOCUME~1\DARLIN~1\APPLIC~1\systemerrorfixer
C:\Program Files\Common Files\SystemErrorFixer
C:\DOCUME~1\ALLUSE~1\APPLIC~1\systemerrorfixer 

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44cbede0-6441-4d14-9f70-b20a126104fe}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50666B8E-6CBD-4471-9E85-96B41D9BBCD3}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8248EA61-FBC6-446D-A63F-971D1F6D156B}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-

[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f87b2656"=- 

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\twtvxtrd]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvuus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe," 


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby dmoney » November 4th, 2007, 10:25 am

heres the combofix log with the HJT log

ComboFix 07-11-01.1 - Darlington Omeni 2007-11-04 9:08:01.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.334 [GMT -5:00]
Running from: C:\Documents and Settings\Darlington Omeni\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Darlington Omeni\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\cproyidp.dll
C:\WINDOWS\system32\orhqbldt.dll
C:\WINDOWS\system32\prcoqxgm.dll
C:\WINDOWS\system32\twtvxtrd.dll
C:\WINDOWS\system32\wvuvuus.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ALLUSE~1\APPLIC~1\systemerrorfixer
C:\DOCUME~1\ALLUSE~1\APPLIC~1\systemerrorfixer\Data\ac
C:\DOCUME~1\ALLUSE~1\APPLIC~1\systemerrorfixer\Data\em
C:\DOCUME~1\ALLUSE~1\APPLIC~1\systemerrorfixer\Data\oid
C:\DOCUME~1\ALLUSE~1\APPLIC~1\systemerrorfixer\Data\user
C:\DOCUME~1\ALLUSE~1\STARTM~1\Live Safety Center.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.lnk
C:\DOCUME~1\DARLIN~1\APPLIC~1\systemerrorfixer
C:\DOCUME~1\DARLIN~1\APPLIC~1\systemerrorfixer\Logs\update.log
C:\DOCUME~1\DARLIN~1\Desktop\Live Safety Center.lnk
C:\DOCUME~1\DARLIN~1\Desktop\Online Security Guide.lnk
C:\DOCUME~1\DARLIN~1\FAVORI~1\Online Security Guide.lnk
C:\Documents and Settings\Darlington Omeni\Application Data\systemerrorfixer\Logs\update.log
C:\Documents and Settings\Darlington Omeni\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Darlington Omeni\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Darlington Omeni\Favorites\Online Security Guide.lnk
C:\Program Files\Common Files\SystemErrorFixer
C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe
C:\Program Files\Faxfgqar
C:\Program Files\Iqpwprej
C:\Program Files\lmxqtyrm
C:\Program Files\Mxrqqohc
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\abadd.ini
C:\WINDOWS\system32\cproyidp.dll
C:\WINDOWS\system32\cwvhswti.dllbox
C:\WINDOWS\system32\ddaba.dll
C:\WINDOWS\system32\nqstv.ini2
C:\WINDOWS\system32\nqstv.tmp
C:\WINDOWS\system32\prcoqxgm.dll
C:\WINDOWS\system32\twtvxtrd.dllbox
C:\WINDOWS\system32\wvuvuus.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-04 to 2007-11-04 )))))))))))))))))))))))))))))))
.

2007-11-04 01:32 86,080 --a------ C:\WINDOWS\system32\kyihlyen.dll
2007-11-04 01:32 78,912 --a------ C:\WINDOWS\system32\bjvnravy.dll
2007-11-04 01:23 340,032 --a------ C:\WINDOWS\system32\bmyhhykd.dll
2007-11-03 12:00 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-03 12:00 <DIR> d-------- C:\Documents and Settings\Darlington Omeni\Application Data\SUPERAntiSpyware.com
2007-11-03 12:00 <DIR> d-------- C:\DOCUME~1\DARLIN~1\APPLIC~1\SUPERAntiSpyware.com
2007-11-03 12:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-11-01 10:32 <DIR> d-------- C:\WINDOWS\SpyMonitor
2007-11-01 10:32 1,246,720 --a------ C:\WINDOWS\system32\ModalCreateFileWarning.dll
2007-11-01 10:32 1,238,016 --a------ C:\WINDOWS\system32\ModalRegistryWarning.dll
2007-10-31 17:46 11,254 --a------ C:\WINDOWS\system32\locate.com
2007-10-31 16:47 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-10-31 11:31 <DIR> d-------- C:\Documents and Settings\Darlington Omeni\Application Data\Grisoft
2007-10-31 11:31 <DIR> d-------- C:\DOCUME~1\DARLIN~1\APPLIC~1\Grisoft
2007-10-31 11:31 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-30 05:41 <DIR> d-------- C:\ShowNew
2007-10-30 05:41 <DIR> d-------- C:\GetRunKey
2007-10-29 21:33 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-29 16:44 17,408 --a------ C:\psapi.dll
2007-10-29 05:49 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-10-28 20:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-10-28 07:15 <DIR> d-------- C:\VundoFix Backups
2007-10-27 23:55 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-10-27 23:54 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-10-27 23:26 <DIR> d-------- C:\Documents and Settings\Darlington Omeni\Application Data\True Sword
2007-10-27 23:26 <DIR> d-------- C:\DOCUME~1\DARLIN~1\APPLIC~1\True Sword
2007-10-27 23:25 <DIR> d-------- C:\Program Files\True Sword 4
2007-10-27 16:13 48 --a------ C:\Documents and Settings\Darlington Omeni\readme.bat
2007-10-27 16:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Agnitum
2007-10-25 09:26 53,248 --a------ C:\WINDOWS\bdoscandel.exe
2007-10-16 13:46 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-10-16 13:42 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-10-16 13:22 <DIR> d-------- C:\Documents and Settings\Darlington Omeni\Application Data\dvdcss
2007-10-16 13:22 <DIR> d-------- C:\DOCUME~1\DARLIN~1\APPLIC~1\dvdcss
2007-10-15 15:59 <DIR> d-------- C:\Program Files\PCSecureDeleteTrial
2007-10-10 03:18 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 22:36 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-10-08 22:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-04 03:24 --------- d-----w C:\Program Files\eMule
2007-11-04 02:01 --------- d-----w C:\Documents and Settings\Darlington Omeni\Application Data\Azureus
2007-11-04 02:01 --------- d-----w C:\DOCUME~1\DARLIN~1\APPLIC~1\Azureus
2007-10-31 18:38 --------- d-----w C:\Program Files\WinAce
2007-10-30 02:19 --------- d-----w C:\Program Files\Trend Micro
2007-10-29 00:16 --------- d-----w C:\Program Files\DivX
2007-10-28 12:54 5,258 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-10-26 03:06 --------- d-----w C:\Program Files\Trillian
2007-10-24 16:34 --------- d-----w C:\Program Files\HP
2007-10-05 06:15 --------- d-----w C:\Program Files\Azureus
2007-10-01 16:26 --------- d-----w C:\Program Files\DVD Shrink
2007-10-01 16:26 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-09-30 15:20 --------- d-----w C:\Program Files\Common Files\xing shared
2007-09-30 15:20 --------- d-----w C:\Program Files\Common Files\Real
2007-09-30 15:19 --------- d-----w C:\Program Files\Real
2007-09-30 15:10 --------- d-----w C:\Documents and Settings\Darlington Omeni\Application Data\Apple Computer
2007-09-30 15:10 --------- d-----w C:\DOCUME~1\DARLIN~1\APPLIC~1\Apple Computer
2007-09-30 15:04 --------- d-----w C:\Program Files\Apple Software Update
2007-09-30 15:03 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-09-30 14:04 --------- d-----w C:\Program Files\AllToAVI
2007-09-30 03:13 47,360 ----a-w C:\Documents and Settings\Darlington Omeni\Application Data\pcouffin.sys
2007-09-30 03:13 47,360 ----a-w C:\DOCUME~1\DARLIN~1\APPLIC~1\pcouffin.sys
2007-09-30 03:13 --------- d-----w C:\Documents and Settings\Darlington Omeni\Application Data\Vso
2007-09-30 03:13 --------- d-----w C:\DOCUME~1\DARLIN~1\APPLIC~1\Vso
2007-09-29 17:38 --------- d-----w C:\Program Files\WinAVI Video Converter
2007-09-29 03:29 3,082 ----a-w C:\WINDOWS\system32\affv208325p1now.sys
2007-09-29 03:09 --------- d-----w C:\Documents and Settings\Darlington Omeni\Application Data\DVD Flick
2007-09-29 03:09 --------- d-----w C:\DOCUME~1\DARLIN~1\APPLIC~1\DVD Flick
2007-09-28 21:20 --------- d-----w C:\Program Files\Common Files\AVSMedia
2007-09-28 21:18 --------- d-----w C:\Documents and Settings\Darlington Omeni\Application Data\AVSMedia
2007-09-28 21:18 --------- d-----w C:\DOCUME~1\DARLIN~1\APPLIC~1\AVSMedia
2007-09-28 21:18 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
2007-09-28 21:17 --------- d-----w C:\Program Files\Common Files\Download Manager
2007-09-28 21:12 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G5
2007-09-28 21:02 36,734 ----a-w C:\WINDOWS\system32\OggDSuninst.exe
2007-09-28 21:02 --------- d-----w C:\Documents and Settings\Darlington Omeni\Application Data\River Past G5
2007-09-28 21:02 --------- d-----w C:\DOCUME~1\DARLIN~1\APPLIC~1\River Past G5
2007-09-28 04:19 --------- d-----w C:\Program Files\AC3Filter
2007-09-28 01:02 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-09-28 01:00 --------- d-----w C:\Documents and Settings\Darlington Omeni\Application Data\DivX
2007-09-28 01:00 --------- d-----w C:\DOCUME~1\DARLIN~1\APPLIC~1\DivX
2007-09-28 00:59 --------- d-----w C:\Program Files\Movkit
2007-09-26 01:19 --------- d-----w C:\Program Files\Smart Projects
2007-09-26 00:24 --------- d-----w C:\Program Files\Custom Technology
2007-09-25 23:26 --------- d-----w C:\Program Files\AVIcodec
2007-09-25 23:04 --------- d-----w C:\Program Files\MediaInfo
2007-09-25 16:55 --------- d-----w C:\Documents and Settings\Darlington Omeni\Application Data\CCEFront
2007-09-25 16:55 --------- d-----w C:\DOCUME~1\DARLIN~1\APPLIC~1\CCEFront
2007-09-25 12:02 --------- d-----w C:\Program Files\OpenVideoConverter
2007-09-22 14:58 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-09-22 00:11 --------- d-----w C:\Documents and Settings\Darlington Omeni\Application Data\Sunbelt Software
2007-09-22 00:11 --------- d-----w C:\DOCUME~1\DARLIN~1\APPLIC~1\Sunbelt Software
2007-09-20 01:47 --------- d-----w C:\Documents and Settings\Darlington Omeni\Application Data\Comodo
2007-09-20 01:47 --------- d-----w C:\DOCUME~1\DARLIN~1\APPLIC~1\Comodo
2007-09-20 01:47 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-09-18 02:59 --------- d-----w C:\Program Files\Nero
2007-09-18 00:54 --------- d-----w C:\Documents and Settings\Darlington Omeni\Application Data\Ahead
2007-09-18 00:54 --------- d-----w C:\DOCUME~1\DARLIN~1\APPLIC~1\Ahead
2007-09-17 18:40 35,856 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-09-17 18:40 202,768 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-17 18:31 1,126,072 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2007-09-16 18:46 --------- d-----w C:\Program Files\MTV Networks
2007-09-16 18:44 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-15 01:09 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-09-15 01:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-12 11:02 --------- d-----w C:\Program Files\The Eagle
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-10 01:19 --------- d-----w C:\Documents and Settings\Darlington Omeni\Application Data\The Eagle
2007-09-10 01:19 --------- d-----w C:\DOCUME~1\DARLIN~1\APPLIC~1\The Eagle
2007-09-08 20:17 --------- d-----w C:\Program Files\TVUPlayer
2007-09-05 23:41 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
2007-09-05 23:38 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Channel4
2007-09-05 01:21 --------- d-----w C:\Program Files\Common Files\HP
2007-08-22 12:55 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 12:55 665,600 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 12:55 617,984 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 12:55 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 12:55 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 12:55 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 12:55 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 12:55 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 12:55 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 12:55 3,064,832 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 12:55 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 12:55 205,824 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 12:55 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 12:55 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 12:55 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 12:55 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 12:55 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 12:55 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:19 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-15 22:33 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-08-15 22:33 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-08-15 22:33 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
.

((((((((((((((((((((((((((((( snapshot@2007-11-02_22.24.09.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-29 22:56:19 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-10-29 23:56:19 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-11-03 17:00:10 34,304 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
+ 2007-11-03 17:00:10 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
- 2007-10-28 03:43:47 63,860 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-04 14:18:41 63,860 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-28 03:43:47 405,310 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-04 14:18:41 405,310 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-07-22 22:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-07-22 23:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 14:02]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 10:20 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-21 16:50]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 16:15]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cwvhswti]
cwvhswti.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background


.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-04 09:17:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-04 9:22:45 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-03 08:19
C:\ComboFix3.txt ... 2007-11-02 21:26
.
--- E O F ---


heres the HJT log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:11 AM, on 11/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tsc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\dmoney.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stag ... taller.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: cwvhswti - cwvhswti.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 4553 bytes
dmoney
Active Member
 
Posts: 14
Joined: November 1st, 2007, 5:11 pm

Unread postby Shaba » November 4th, 2007, 10:34 am

Hi

Open HijackThis, click do a system scan only and checkmark these:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank <-- if you haven't set it by yourself
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)
O20 - Winlogon Notify: cwvhswti - cwvhswti.dll (file missing)


Close all windows including browser and press fix checked.

Reboot.

Delete these:

C:\WINDOWS\system32\kyihlyen.dll
C:\WINDOWS\system32\bjvnravy.dll
C:\WINDOWS\system32\bmyhhykd.dll

Empty Recycle Bin

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware