Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

lsass.exe (object could not be found), browser hijacked, etc

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

lsass.exe (object could not be found), browser hijacked, etc

Unread postby JRHT » May 23rd, 2009, 6:53 pm

This is a log from my girlfriend's family's computer. In addition to the issues highlighted in the subject line, there are often delays where the system hangs when booting up and iTunes would automatically shut down immediately following launch even after disbaling the anti-virus software. I only get out to their place on weekends, so I may not be able to enact any suggestions for a few days at a time.

[EDIT]
Subsequent to my first posting, I have removed some software (Limewire, Yahoo & Google Toolbars) and also ran a virus scan that was throwing up a vast array of errors regarding C:\Windows\System32\dimap32.dll. I used HijackThis to remove the reference to the dll in startup and also renamed the .dll to .old as the file would not quarantine and I naively thought that this might hinder the spread of the virus/trojan.

All logs have been updated since these actions and are posted below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:07:49 PM, on 31/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Startup: ChkDisk.lnk = ?
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1693032792
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2278025734
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{581B2494-5D7B-4E06-9A3B-930C680A2761}: Domain = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C1A5F04-245E-489F-88AF-FD32C1ECD149}: Domain = vic.bigpond.net.au
O20 - AppInit_DLLs: C:\WINDOWS\System32\dimap32.dll
O20 - Winlogon Notify: 320d180e573 - C:\WINDOWS\System32\dimap32.dll (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 8265 bytes

Many thanks for any assistance given.
Last edited by JRHT on May 31st, 2009, 3:19 am, edited 1 time in total.
JRHT
Active Member
 
Posts: 12
Joined: May 23rd, 2009, 3:22 am
Advertisement
Register to Remove

Re: lsass.exe (object could not be found), browser hijacked, etc

Unread postby jmw3 » May 25th, 2009, 10:18 pm

Hello & Welcome to Malware Removal

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this ensure Notify me when a reply is postedis ticked on the POST A REPLY page.

In the meantime please note the following:
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Gmer
Download gmer.zip from Gmer here & save it to your desktop.
  • Right click on gmer.zip, select Extract All... & extract the contents to your desktop
  • Double click the Gmer.exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: lsass.exe (object could not be found), browser hijacked, etc

Unread postby JRHT » May 25th, 2009, 11:38 pm

Thank you for your reply. When I am next in front of the offending computer, I will follow your instructions and post the required information.

Cheers!
JRHT
Active Member
 
Posts: 12
Joined: May 23rd, 2009, 3:22 am

Re: lsass.exe (object could not be found), browser hijacked, etc

Unread postby jmw3 » May 26th, 2009, 2:05 am

OK... no worries.
If your going to be any longer than five days between posts please let me know before hand as it's possible the thread may be closed.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: lsass.exe (object could not be found), browser hijacked, etc

Unread postby JRHT » May 28th, 2009, 6:47 pm

Just a heads up - if I don't make it to the offending computer this weekend, my girlfriend's sister will hopefully send the info to me to post.
JRHT
Active Member
 
Posts: 12
Joined: May 23rd, 2009, 3:22 am

Re: lsass.exe (object could not be found), browser hijacked, etc

Unread postby jmw3 » May 28th, 2009, 11:34 pm

OK.. thanks :thumbleft:
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: lsass.exe (object could not be found), browser hijacked, etc

Unread postby JRHT » May 31st, 2009, 1:58 am

As requested:

DDS.txt:


DDS (Ver_09-05-14.01) - FAT32x86
Run by Allison at 17:08:24.59 on Sun 31/05/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.590 [GMT 10:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Temp\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mail.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
{7e853d72-626a-48ec-a868-ba8d5e23e045}
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [LXBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBTtime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SMSTray] c:\program files\samsung\samsung media studio 5\SMSTray.exe
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [Lexmark 5200 series] "c:\program files\lexmark 5200 series\lxbtbmgr.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
StartupFolder: c:\docume~1\allison\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdat ... /opuc3.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 1693032792
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 2278025734
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v45/wof/wof.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
Notify: 320d180e573 - c:\windows\system32\dimap32.dll
AppInit_DLLs: c:\windows\system32\dimap32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\markany\conten~1\MACSMA~1.DLL
LSA: Notification Packages = scecli muipms.dll

============= SERVICES / DRIVERS ===============

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-4-19 50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-4-19 497008]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-4-19 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-4-19 677128]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-4-19 335376]

=============== Created Last 30 ================

2009-05-31 15:38 359,883 a------- c:\temp\dds.scr
2009-05-30 22:55 <DIR> --dsh--- c:\windows\system32\SystemService32
2009-05-23 15:16 <DIR> --dsh--- C:\FOUND.007
2009-05-23 15:09 <DIR> --dsh--- C:\FOUND.006
2009-05-12 15:53 1,764 a--sh--- c:\windows\system32\GroupPolicy000.dat
2009-05-10 19:14 812,344 a------- c:\temp\HJTInstall.exe
2009-05-10 18:55 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-01 17:58 5,836 a--sh--- c:\windows\system32\9.tmp

==================== Find3M ====================

2009-04-19 16:31 1,195,512 a------- c:\windows\system32\drivers\vsapint.sys
2009-04-19 16:31 335,376 a------- c:\windows\system32\drivers\TM_CFW.sys
2009-04-19 16:31 205,328 a------- c:\windows\system32\drivers\tmxpflt.sys
2009-04-19 16:31 80,400 a------- c:\windows\system32\drivers\tmtdi.sys
2009-04-19 16:31 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys
2009-04-03 09:08 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2009-04-03 09:08 50,192 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-04-03 09:08 153,104 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-22 00:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-07 00:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-07 00:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-03 10:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-03 10:18 826,368 -------- c:\windows\system32\dllcache\wininet.dll
2008-09-05 14:05 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090520080906\index.dat

============= FINISH: 17:09:17.98 ===============

Attach.txt:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 19/07/2005 2:06:31 PM
System Uptime: 31/05/2009 4:58:58 PM (1 hours ago)
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Socket 478 | 2800/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (FAT32) - 75 GiB total, 41.543 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP511: 19/02/2009 6:35:18 PM - System Checkpoint
RP512: 21/02/2009 9:02:08 PM - System Checkpoint
RP513: 23/02/2009 8:46:19 PM - System Checkpoint
RP514: 26/02/2009 11:14:36 AM - Software Distribution Service 3.0
RP515: 27/02/2009 11:46:21 AM - System Checkpoint
RP516: 5/03/2009 12:39:04 PM - Software Distribution Service 3.0
RP517: 6/03/2009 6:41:36 PM - System Checkpoint
RP518: 7/03/2009 9:43:55 PM - System Checkpoint
RP519: 11/03/2009 1:36:51 PM - Software Distribution Service 3.0
RP520: 17/03/2009 9:21:53 PM - Software Distribution Service 3.0
RP521: 24/03/2009 7:41:30 PM - Software Distribution Service 3.0
RP522: 1/04/2009 4:45:39 PM - System Checkpoint
RP523: 6/04/2009 2:14:30 PM - System Checkpoint
RP524: 8/04/2009 11:14:58 PM - System Checkpoint
RP525: 13/04/2009 3:19:53 PM - System Checkpoint
RP526: 18/04/2009 10:15:39 PM - Software Distribution Service 3.0
RP527: 19/04/2009 3:39:56 PM - Installed iTunes
RP528: 19/04/2009 4:35:00 PM - Installed Trend Micro Internet Security
RP529: 19/04/2009 5:18:45 PM - Removed iTunes
RP530: 19/04/2009 5:47:45 PM - Installed iTunes
RP531: 21/04/2009 6:20:07 PM - System Checkpoint
RP532: 25/04/2009 4:30:13 PM - Removed iTunes
RP533: 25/04/2009 4:55:54 PM - Installed iTunes
RP534: 26/04/2009 7:59:10 PM - System Checkpoint
RP535: 27/04/2009 7:35:35 PM - Software Distribution Service 3.0
RP536: 29/04/2009 12:10:12 PM - Software Distribution Service 3.0
RP537: 30/04/2009 1:48:08 PM - System Checkpoint
RP538: 1/05/2009 2:06:22 PM - System Checkpoint
RP539: 3/05/2009 8:20:21 PM - System Checkpoint
RP540: 7/05/2009 12:52:31 PM - System Checkpoint
RP541: 8/05/2009 11:19:18 PM - Removed iTunes
RP542: 8/05/2009 11:35:33 PM - Installed iTunes
RP543: 10/05/2009 6:44:23 PM - System Checkpoint
RP544: 10/05/2009 6:54:48 PM - Installed Java(TM) 6 Update 13
RP545: 14/05/2009 3:15:20 PM - Software Distribution Service 3.0
RP546: 15/05/2009 3:52:53 PM - System Checkpoint
RP547: 17/05/2009 11:37:17 AM - System Checkpoint
RP548: 18/05/2009 4:06:41 PM - System Checkpoint
RP549: 23/05/2009 4:58:57 PM - Removed iTunes
RP550: 23/05/2009 5:00:21 PM - Removed Bonjour
RP551: 23/05/2009 5:01:13 PM - Removed Apple Software Update
RP552: 23/05/2009 5:02:19 PM - Removed Apple Mobile Device Support

==== Installed Programs ======================


ABBYY FineReader 5.0 Sprint Plus
Ad-Aware
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.1.0
BigPond Broadband ADSL FAQ
C-Media WDM Audio Driver
Creative Jukebox Driver
Creative MediaSource
Creative Removable Disk Manager
Creative System Information
Creative Zen
Critical Update for Windows Media Player 11 (KB959772)
Digimax A40/Cyber400
Digimax Master
Form Fill (Windows Live Toolbar)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Lame ACM MP3 Codec
Lexmark 5200 Series
Lexmark Fax Solutions
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MyFreeCodec
NTI Backup NOW! 3
NTI CD & DVD-Maker
NTI CD & DVD-Maker Gold
OGA Notifier 1.7.0105.35.0
OneCare Advisor (Windows Live Toolbar)
PokerStars
Popup Blocker (Windows Live Toolbar)
QuickTime
Realtek AC'97 Audio
Safari
Samsung Media Studio
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SiS VGA Utilities
SiSAGP driver
Smart Menus (Windows Live Toolbar)
Spybot - Search & Destroy
Trend Micro Internet Security
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB Video/Audio Device Driver
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
XviD MPEG-4 Video Codec

==== Event Viewer Messages From Past Week ========

31/05/2009 3:27:43 PM, error: SRService [104] - The System Restore initialization process failed.
31/05/2009 3:27:43 PM, error: Distributed Link Tracking Client [12502] - Service failed to start. Error = 80070862
31/05/2009 3:27:43 PM, error: Distributed Link Tracking Client [12500] - An internal error occured in Distributed Link Tracking. The error code was 80070862.
28/05/2009 9:17:54 PM, error: W32Time [46] - The time service encountered an error and was forced to shut down. The error was: 0x800706BA

==== End Of File ===========================

Gmer.txt:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-31 17:15:03
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT 866E5C40 ZwCreateKey
SSDT 866E5140 ZwCreateProcess
SSDT 866E5400 ZwCreateProcessEx
SSDT 866E6AA0 ZwCreateThread
SSDT 866E61C0 ZwDeleteKey
SSDT 866E6480 ZwDeleteValueKey
SSDT 866E6C40 ZwLoadDriver
SSDT 866E56C0 ZwOpenProcess
SSDT 866E5F00 ZwSetValueKey
SSDT 866E5980 ZwTerminateProcess
SSDT 866E6900 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library C:\WINDOWS\System32\dimap32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [228] 0x10000000
Library C:\WINDOWS\System32\dimap32.dll (*** hidden *** ) @ C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [260] 0x10000000
Library C:\WINDOWS\System32\dimap32.dll (*** hidden *** ) @ C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [384] 0x10000000
Library C:\WINDOWS\System32\dimap32.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [752] 0x10000000
Library C:\WINDOWS\System32\dimap32.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [804] 0x10000000
Library C:\WINDOWS\System32\dimap32.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [816] 0x10000000
Library C:\WINDOWS\System32\dimap32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1020] 0x10000000
Library C:\WINDOWS\System32\dimap32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1072] 0x10000000
Library C:\WINDOWS\System32\dimap32.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1172] 0x10000000
Library C:\WINDOWS\System32\dimap32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1224] 0x10000000
Library C:\WINDOWS\System32\dimap32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1292] 0x10000000
Library C:\WINDOWS\System32\dimap32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1416] 0x10000000
Library C:\WINDOWS\System32\dimap32.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1592] 0x10000000
Library C:\WINDOWS\System32\dimap32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1672] 0x10000000
Library C:\WINDOWS\System32\dimap32.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jqs.exe [1788] 0x10000000

---- EOF - GMER 1.0.15 ----
JRHT
Active Member
 
Posts: 12
Joined: May 23rd, 2009, 3:22 am

Re: lsass.exe (object could not be found), browser hijacked, etc

Unread postby jmw3 » May 31st, 2009, 4:30 am

Hi

MRU P2P Policy
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire 5.1.2

I'd like you to read the MRU policy for P2P Programs.
Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) & any other P2P programs.

While in Add or Remove Programs you should also remove the following outdated Java versions as they are open to exploitation:
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
Java(TM) 6 Update 5


This program MyFreeCodec... did you install it yourself? Couldn't find much information on it... looks dodgy.

Combofix
Download ComboFix from one of these locations:
Link 1
Link 2
Link 3

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
Combofix log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: lsass.exe (object could not be found), browser hijacked, etc

Unread postby JRHT » May 31st, 2009, 5:48 am

Hi,

With respect to Limewire, prior to posting the DDS and Gmer logs, I read the MR Forum's policy re P2P software and have removed Limewire. The logs currently in this thread should be post-removal.

I will have my gf's sister remove the obsolete Java versions and unless there are extenuating circumstances, MyFreeCodec as well. I will post the Combofix log as soon as possible.
JRHT
Active Member
 
Posts: 12
Joined: May 23rd, 2009, 3:22 am

Re: lsass.exe (object could not be found), browser hijacked, etc

Unread postby JRHT » June 3rd, 2009, 1:25 am

The five offending programs have been removed. I will keep posting to advise when Combofix will be applied.
JRHT
Active Member
 
Posts: 12
Joined: May 23rd, 2009, 3:22 am

Re: lsass.exe (object could not be found), browser hijacked, etc

Unread postby jmw3 » June 3rd, 2009, 2:27 am

Ok.. Thanks for keeping me updated :)
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: lsass.exe (object could not be found), browser hijacked, etc

Unread postby JRHT » June 8th, 2009, 11:31 pm

Didn't get to the offending computer this weekend. Will try and do so next weekend.
JRHT
Active Member
 
Posts: 12
Joined: May 23rd, 2009, 3:22 am

Re: lsass.exe (object could not be found), browser hijacked, etc

Unread postby jmw3 » June 9th, 2009, 12:28 am

Hello JRHT
Thanks for keeping me informed. If I could make a suggestion - it would probably be quicker under the circumstances to reformat & re-install the Operating System here. Malware has the tendency to change dramatically if left unattended, so trying to fix this over weeks instead of a few days could prove problematic. Any fix I provide may not be relevant a week or two from now & may even cause more damage, where as reformat & re-install could be accomplished in a matter of hours & the problem is fixed.

Let me know what you decide.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: lsass.exe (object could not be found), browser hijacked, etc

Unread postby JRHT » June 11th, 2009, 6:45 pm

Could we get around the nature of the evolving malware if I post updated logs for ALL programs requested everytime I update this thread?

I'm just loathe to try and re-format and start again.
JRHT
Active Member
 
Posts: 12
Joined: May 23rd, 2009, 3:22 am

Re: lsass.exe (object could not be found), browser hijacked, etc

Unread postby jmw3 » June 11th, 2009, 11:40 pm

Ok... let's see what the computer is like after ComboFix. So if you can get to the machine to at least run that & we'll take it from there.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 64 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware