Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

sgoblxtm removal help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

sgoblxtm removal help

Unread postby roundaboutrc » April 20th, 2008, 10:11 am

I have gotten infected by a trojen that I have treid for several days to remove. I have tried to unregister the dll's and runnning several spyware and antivirus programs to try and get it off. I know that the name of the toolbar that got installed it sgoblxtm, I keep getting popups about "Windows Secuitry alerts to clean your computer click "Yes"", everytime I boot up a secuirty infection desktop get loaded on my desktop, I try to do a restore and I get you don't have administrative privledges,and on and on. I am posting the HijackThis log to see what I I nne to remove. I know that I need to remove several lines, but I want someone else to take alook to see if I might have missed anything.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:23 AM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Documents and Settings\All Users\Application Data\ixgdevwn\ibsbwpen.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wfqjqjeh.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MozyHome\mozystat.exe
C:\WINDOWS\system32\stacsv.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\kdfmgr.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3A1E28F6-2F0F-4BC8-8F76-E95E6AF01BC0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: DVA Storm - {97EBE3CC-10A7-4619-B127-9B5D4FA476A8} - C:\WINDOWS\nslbvxpgtkn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O2 - BHO: (no name) - {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} - C:\WINDOWS\system32\hgggffeB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: sgoblxtm - {57ABA3CE-E927-4C81-BE2E-E20CAEC6645F} - C:\WINDOWS\sgoblxtm.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [08615be0] rundll32.exe "C:\WINDOWS\system32\cskybwmo.dll",b
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [egoxfzet] C:\WINDOWS\system32\wfqjqjeh.exe
O4 - HKLM\..\Policies\Explorer\Run: [ouOlBzLDt3] C:\Documents and Settings\All Users\Application Data\ixgdevwn\ibsbwpen.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.samsung-emp.com
O15 - Trusted Zone: *.samsunggsbn.com
O15 - Trusted Zone: *.samsungwireless.com
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install ... stallX.CAB
O16 - DPF: {E463DD62-1D07-425E-B82A-539FBA2F4162} (GSBN_Updater.UserControl1) - https://samsunggsbn.com/PSI3/Cab/GSBN_Updater.CAB
O20 - Winlogon Notify: hgggffeB - C:\WINDOWS\SYSTEM32\hgggffeB.dll
O21 - SSODL: ogxtsepr - {C002FB43-3CAC-4FA5-9883-FA1EA847ED2E} - C:\WINDOWS\ogxtsepr.dll
O21 - SSODL: dsktbwfe - {95FFEBF7-2526-4221-A5B8-0F77073B5CBD} - C:\WINDOWS\dsktbwfe.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9603 bytes



Thank for the Help
roundaboutrc
Active Member
 
Posts: 6
Joined: April 20th, 2008, 9:58 am
Advertisement
Register to Remove

Re: sgoblxtm removal help

Unread postby dan12 » April 20th, 2008, 10:24 am

Hi, and welcome to malwareremoval forums

I'm dan12, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
If you can do these things, everything should go smoothly.
  • Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

I'm presently looking over your log and hope not to be too long.
Will be back with you as soon as I can.
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: sgoblxtm removal help

Unread postby dan12 » April 20th, 2008, 10:29 am

Download and Install CCleaner
  • Download CCleaner from here . Choose the Slim version.
  • Double click on ccsetupXXX_slim.exe to start the installation of CCleaner. (XXX is the version number)
  • Click OK
  • Click Next
  • Click I agree
  • Click Next
  • Click Install
  • Once the installation has finished, click Finish

-------------------------------

Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
( Do not use the Registry block to clean anything with this program. It is for experts only and it is risky).
  • Select Cleaner Settings.
    Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data.
  • Click on the Options block on the left. Select Advanced.
    Uncheck Only delete files in Windows Temp folders older than 48 hours.
  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
    Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.

----------------------------------

Retrieve the Installed Programs List from CCleaner
Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.

=============================


We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.
plus the uninstall list

dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: sgoblxtm removal help

Unread postby roundaboutrc » April 20th, 2008, 12:17 pm

Dan her is the three log files:

Combo Fix:
ComboFix 08-04-18.3 - Robert 2008-04-20 10:54:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.483 [GMT -5:00]
Running from: C:\Documents and Settings\Robert\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Robert\Desktop\Error Cleaner.url
C:\Documents and Settings\Robert\Desktop\Privacy Protector.url
C:\Documents and Settings\Robert\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Robert\Favorites\Error Cleaner.url
C:\Documents and Settings\Robert\Favorites\Privacy Protector.url
C:\Documents and Settings\Robert\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\cookies.ini
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\hjilVyxx.ini
C:\WINDOWS\system32\hjilVyxx.ini2
C:\WINDOWS\system32\iiffFwwx.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\omwbyksc.ini
C:\WINDOWS\system32\UBIQAJjl.ini
C:\WINDOWS\system32\UBIQAJjl.ini2
C:\WINDOWS\system32\uxorkkad.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))))
.

2008-04-20 11:01 . 2008-04-20 11:01 106,496 --a------ C:\WINDOWS\system32\pmpifivu.exe
2008-04-20 10:17 . 2008-04-20 10:17 <DIR> d-------- C:\Program Files\CCleaner
2008-04-14 17:26 . 2008-04-14 17:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-04-14 17:25 . 2008-04-14 17:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-04-14 17:08 . 2008-04-14 17:08 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-14 17:08 . 2008-04-20 11:00 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-14 16:49 . 2008-04-14 16:49 <DIR> d-------- C:\Program Files\Windows Defender
2008-04-14 16:29 . 2008-04-14 16:31 <DIR> d-------- C:\Program Files\XoftSpySE
2008-04-14 16:23 . 2008-04-20 10:07 10,752 --a------ C:\WINDOWS\DCEBoot.exe
2008-04-14 14:16 . 2008-04-14 14:16 <DIR> d-------- C:\WINDOWS\l2schemas
2008-04-14 14:15 . 2005-04-20 14:21 474,624 -----c--- C:\WINDOWS\system32\dllcache\wzcsvc.dll
2008-04-14 14:15 . 2006-11-01 02:14 69,120 --a------ C:\WINDOWS\system32\wlanapi.dll
2008-04-14 14:15 . 2005-04-20 14:21 52,736 -----c--- C:\WINDOWS\system32\dllcache\wzcsapi.dll
2008-04-14 14:15 . 2005-04-19 18:54 14,592 -----c--- C:\WINDOWS\system32\dllcache\ndisuio.sys
2008-04-14 13:59 . 2008-04-14 13:59 <DIR> d-------- C:\WINDOWS\kdefense
2008-04-14 13:59 . 2008-04-14 13:59 846,336 --a------ C:\WINDOWS\system32\kdfinj.dll
2008-04-14 13:59 . 2008-04-20 10:13 722,472 --a------ C:\WINDOWS\system32\kdfmgr.exe
2008-04-14 13:59 . 2008-04-20 10:13 192,512 --a------ C:\WINDOWS\system32\kdfvmgr.exe
2008-04-14 13:59 . 2008-04-20 10:13 77,824 --a------ C:\WINDOWS\system32\kdfapi.dll
2008-04-14 13:59 . 2008-04-20 10:13 53,248 --a------ C:\WINDOWS\system32\Kdfhok.dll
2008-04-14 13:57 . 2008-04-14 13:57 <DIR> d-------- C:\WINDOWS\LocalSSL
2008-04-14 13:55 . 2008-02-16 01:01 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-14 13:55 . 2008-02-16 01:01 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-04-14 13:55 . 2008-02-16 01:01 52,240 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-04-14 13:53 . 2008-04-14 17:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-04-14 13:52 . 2008-04-20 08:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-14 11:00 . 2008-04-20 09:03 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\TmpRecentIcons
2008-04-14 10:50 . 2008-04-14 13:23 <DIR> d-------- C:\Documents and Settings\Robert\.housecall6.6
2008-04-14 09:36 . 2008-04-14 09:36 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-14 09:06 . 2008-04-14 09:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ixgdevwn
2008-04-14 09:06 . 2008-04-14 01:39 217,088 --a------ C:\WINDOWS\dsktbwfe.dll
2008-04-14 09:06 . 2008-04-14 01:39 212,992 --a------ C:\WINDOWS\nslbvxpgtkn.dll
2008-04-14 09:06 . 2008-04-14 01:39 188,416 --a------ C:\WINDOWS\ogxtsepr.dll
2008-04-14 09:06 . 2008-04-14 01:39 155,648 --a------ C:\WINDOWS\sgoblxtm.dll
2008-04-14 09:06 . 2008-04-14 09:06 106,496 --a------ C:\WINDOWS\system32\wfqjqjeh.exe
2008-04-13 12:17 . 2008-04-20 11:04 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\OpenOffice.org2
2008-04-13 10:43 . 2008-04-13 10:43 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-04-08 23:46 . 2008-04-14 09:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-08 23:46 . 2008-04-08 23:46 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-03 20:37 . 2008-04-03 20:37 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Apple Computer
2008-04-02 21:13 . 2008-04-02 21:13 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\PC Tools
2008-04-02 20:28 . 2008-04-02 20:28 <DIR> d-------- C:\Program Files\QuickTime
2008-04-02 20:28 . 2008-04-03 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-29 09:23 . 2008-03-29 09:23 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-29 09:23 . 2008-03-29 09:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream
2008-04-20 15:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-20 13:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-14 22:27 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-13 15:43 --------- d-----w C:\Program Files\Java
2008-04-08 01:57 --------- d-----w C:\Program Files\Microsoft Money Plus
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 13:29 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-15 17:57 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-03-15 17:57 --------- d-----w C:\Program Files\AutoCAD LT 2008
2008-03-15 17:55 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-15 17:55 --------- d-----w C:\Documents and Settings\Robert\Application Data\Autodesk
2008-03-15 17:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-03-15 17:54 --------- d-----w C:\Program Files\Autodesk
2008-02-25 03:50 --------- d-----w C:\Program Files\SemSim 640-801 CCNA Exams
2008-02-25 03:49 831,488 ------w C:\WINDOWS\Setup1.exe
2008-02-25 03:49 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97EBE3CC-10A7-4619-B127-9B5D4FA476A8}]
2008-04-14 01:39 212992 --a------ C:\WINDOWS\nslbvxpgtkn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{57ABA3CE-E927-4C81-BE2E-E20CAEC6645F}"= "C:\WINDOWS\sgoblxtm.dll" [2008-04-14 01:39 155648]
"{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}"= "C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll" [2008-02-15 06:38 103760]

[HKEY_CLASSES_ROOT\clsid\{57aba3ce-e927-4c81-be2e-e20caec6645f}]
[HKEY_CLASSES_ROOT\sgoblxtm.1]
[HKEY_CLASSES_ROOT\TypeLib\{CBA0A72A-C5B0-47F8-9BD7-307B7708A58D}]
[HKEY_CLASSES_ROOT\sgoblxtm]

[HKEY_CLASSES_ROOT\clsid\{e7620c98-fccc-40e5-92ec-c7685d2e1e40}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@={747E722C-CB46-4A9D-BDFE-192AAD5099B1}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@={EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4A9D-BDFE-192AAD5099B1}]
2008-01-04 18:47 2389296 --a------ C:\Program Files\MozyHome\mozyshell.dll

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}]
2008-01-04 18:47 2389296 --a------ C:\Program Files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-08 23:37 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"egoxfzet"="C:\WINDOWS\system32\wfqjqjeh.exe" [2008-04-14 09:06 106496]
"kkeawnme"="C:\WINDOWS\system32\pmpifivu.exe" [2008-04-20 11:01 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56 64512]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 18:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 18:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 18:45 118784]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 18:30 282624 C:\WINDOWS\stsystra.exe]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [2005-05-18 15:49 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 13:48 761947]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"08615be0"="C:\WINDOWS\system32\cskybwmo.dll" [ ]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-16 00:56 1398024]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

C:\Documents and Settings\Robert\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-08 23:37:51 125624]
MozyHome Status.lnk - C:\Program Files\MozyHome\mozystat.exe [2008-02-09 00:57:36 1877296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ouOlBzLDt3"= C:\Documents and Settings\All Users\Application Data\ixgdevwn\ibsbwpen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgggffeB]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R1 mozyFilter;mozyFilter;C:\WINDOWS\system32\DRIVERS\mozy.sys [2008-01-04 18:47]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-10 01:20:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-20 16:03:37 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-04-04 20:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-04-20 16:00:32 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-04-14 21:30:01 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 11:02:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\MozyHome\mozyshell.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-20 11:10:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-20 16:09:48

Pre-Run: 58,174,812,160 bytes free
Post-Run: 58,106,302,464 bytes free

234 --- E O F --- 2008-04-20 16:09:33

HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:11 AM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\All Users\Application Data\ixgdevwn\ibsbwpen.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DIGStream\digstream.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\pmpifivu.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: DVA Storm - {97EBE3CC-10A7-4619-B127-9B5D4FA476A8} - C:\WINDOWS\nslbvxpgtkn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: sgoblxtm - {57ABA3CE-E927-4C81-BE2E-E20CAEC6645F} - C:\WINDOWS\sgoblxtm.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [08615be0] rundll32.exe "C:\WINDOWS\system32\cskybwmo.dll",b
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [egoxfzet] C:\WINDOWS\system32\wfqjqjeh.exe
O4 - HKCU\..\Run: [kkeawnme] C:\WINDOWS\system32\pmpifivu.exe
O4 - HKLM\..\Policies\Explorer\Run: [ouOlBzLDt3] C:\Documents and Settings\All Users\Application Data\ixgdevwn\ibsbwpen.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.samsung-emp.com
O15 - Trusted Zone: *.samsunggsbn.com
O15 - Trusted Zone: *.samsungwireless.com
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install ... stallX.CAB
O16 - DPF: {E463DD62-1D07-425E-B82A-539FBA2F4162} (GSBN_Updater.UserControl1) - https://samsunggsbn.com/PSI3/Cab/GSBN_Updater.CAB
O20 - Winlogon Notify: hgggffeB - C:\WINDOWS\
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8776 bytes

Intall:
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Apple Software Update
AutoCAD LT 2008 - English
Autodesk DWF Viewer 7
Broadcom 440x 10/100 Integrated Controller
CCleaner (remove only)
Conexant HDA D110 MDC V.92 Modem
Dell ResourceCD
ESPNMotion
GemMaster Mystic
Google Earth
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB918997)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 4
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Money Plus
Microsoft Money Shared Libraries
mIWA
mLogView
mMHouse
Mozilla Firefox (2.0.0.12)
MozyHome 1.8.6.21
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
mXML
mZConfig
Norton Security Scan
OpenOffice.org 2.4
Otto
Picasa 2
QuickTime
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
SemSim 640-801 CCNA Exams
SigmaTel Audio
Sonic Encoders
SpyHunter
Spyware Doctor 5.5
Synaptics Pointing Device Driver
Trend Micro Internet Security
Trend Micro Internet Security Pro
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
Windows Defender
Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)
Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)
Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB839210
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB908250
XoftSpySE

Thanks Roundaboutrc
roundaboutrc
Active Member
 
Posts: 6
Joined: April 20th, 2008, 9:58 am

Re: sgoblxtm removal help

Unread postby dan12 » April 20th, 2008, 12:27 pm

Thanks for returned logs.I have a little work to do on them, so It may be tomorrow when I get back to you now, as I have to work shortly.
dan :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: sgoblxtm removal help

Unread postby dan12 » April 21st, 2008, 7:25 am

Sorry for delay, as you can see a little work had to be done.

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
   File::
C:\WINDOWS\system32\pmpifivu.exe
C:\WINDOWS\DCEBoot.exe
C:\WINDOWS\dsktbwfe.dll
C:\WINDOWS\nslbvxpgtkn.dll
C:\WINDOWS\ogxtsepr.dll
C:\WINDOWS\sgoblxtm.dll
C:\WINDOWS\system32\wfqjqjeh.exe
C:\WINDOWS\nslbvxpgtkn.dll
C:\WINDOWS\sgoblxtm.dll
C:\WINDOWS\system32\wfqjqjeh.exe
C:\WINDOWS\system32\pmpifivu.exe

Folder::
C:\Documents and Settings\Robert\Application Data\TmpRecentIcons
C:\Documents and Settings\All Users\Application Data\ixgdevwn

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97EBE3CC-10A7-4619-B127-9B5D4FA476A8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{57ABA3CE-E927-4C81-BE2E-E20CAEC6645F}"=-

[-HKEY_CLASSES_ROOT\clsid\{57aba3ce-e927-4c81-be2e-e20caec6645f}]
[-HKEY_CLASSES_ROOT\sgoblxtm.1]
[-HKEY_CLASSES_ROOT\TypeLib\{CBA0A72A-C5B0-47F8-9BD7-307B7708A58D}]
[-HKEY_CLASSES_ROOT\sgoblxtm]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egoxfzet"=-
"kkeawnme"=-


    


Save this as CFScript.txt, in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




: Malwarebytes' Anti-Malware :

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\\Documents and Settings\\Username\\Application Data\\Malwarebytes\\Malwarebytes' Anti-Malware\\Logs\\mbam-log-date (time).txt




Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

  1. Check (tick) this box: YES, I accept the Terms of Use.
  2. Click on the Start button next to it.
  3. When prompted to run ActiveX. click Yes.
  4. You will be asked to install an ActiveX. Click Install.
  5. Once installed, the scanner will be initialized.
  6. After the scanner is initialized, click Start.
  7. Uncheck (untick) Remove found threats box.
  8. Check (tick) Scan unwanted applications.
  9. Click on Scan.
  10. It will start scanning. Please be patient.
  11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.


Please include in your next post:
  • Combofix log txt
  • Malwarebytes log
  • Esetscan log
  • New highjackthis log

Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: sgoblxtm removal help

Unread postby roundaboutrc » April 26th, 2008, 6:48 pm

Sorry it has taken so long to get this posted,

ESTES:
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3057 (20080426)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=1a5745e06aabbc4695ead620f6cdc560
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-04-26 06:54:50
# local_time=2008-04-26 01:54:50 (-0600, Central Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=212138
# found=0
# scan_time=2698

Malwarebytes' Anti-Malware 1.11
Database version: 676

Scan type: Full Scan (C:\|)
Objects scanned: 98625
Time elapsed: 51 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{7d4c17e6-b0d7-4de2-a128-67f2fa1d4ff6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0882b175-f982-41b1-91a6-3593ab992df7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4708135c-9d19-4b8a-a47c-7f85ec67b5ee} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{17d4667e-4c4b-4f45-a22b-4087f9e1ff00} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sgoblxtm.bpsb (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\system32\pmpifivu.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DDBAC98-E260-4124-9B95-B3D96D43BB98}\RP83\A0023608.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pclanezi.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


ComboFix 08-04-18.3 - Robert 2008-04-23 19:42:26.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446 [GMT -5:00]
Running from: C:\Documents and Settings\Robert\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Robert\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\WINDOWS\DCEBoot.exe
C:\WINDOWS\dsktbwfe.dll
C:\WINDOWS\nslbvxpgtkn.dll
C:\WINDOWS\ogxtsepr.dll
C:\WINDOWS\sgoblxtm.dll
C:\WINDOWS\system32\pmpifivu.exe
C:\WINDOWS\system32\wfqjqjeh.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\ixgdevwn
C:\Documents and Settings\Robert\Application Data\TmpRecentIcons
C:\Documents and Settings\Robert\Application Data\TmpRecentIcons\HijackThis.lnk
C:\Documents and Settings\Robert\Application Data\TmpRecentIcons\Media Center.lnk
C:\Documents and Settings\Robert\Application Data\TmpRecentIcons\SemSim-CCNA.LNK
C:\Documents and Settings\Robert\Application Data\TmpRecentIcons\Shortcut to Local Area Connection.lnk
C:\Documents and Settings\Robert\Application Data\TmpRecentIcons\XoftSpySE.lnk
C:\WINDOWS\DCEBoot.exe
C:\WINDOWS\dsktbwfe.dll
C:\WINDOWS\ogxtsepr.dll
C:\WINDOWS\sgoblxtm.dll
C:\WINDOWS\system32\pmpifivu.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.

2008-04-22 18:12 . 2008-04-22 18:12 <DIR> d-------- C:\Documents and Settings\Robert\WLANProfiles
2008-04-21 23:35 . 2008-04-21 23:35 <DIR> d--h----- C:\WINDOWS\system32\Settings
2008-04-21 23:35 . 2008-04-21 23:35 0 --a------ C:\Settings.ini
2008-04-20 14:27 . 2008-04-20 14:27 98,304 --a------ C:\WINDOWS\system32\pclanezi.exe
2008-04-20 14:11 . 2008-04-20 14:11 <DIR> d-------- C:\f371fb93eee5177002575550
2008-04-20 10:17 . 2008-04-20 10:17 <DIR> d-------- C:\Program Files\CCleaner
2008-04-14 17:26 . 2008-04-14 17:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-04-14 17:25 . 2008-04-14 17:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-04-14 17:08 . 2008-04-14 17:08 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-14 17:08 . 2008-04-23 19:35 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-14 16:49 . 2008-04-14 16:49 <DIR> d-------- C:\Program Files\Windows Defender
2008-04-14 16:29 . 2008-04-20 21:33 <DIR> d-------- C:\Program Files\XoftSpySE
2008-04-14 14:16 . 2008-04-14 14:16 <DIR> d-------- C:\WINDOWS\l2schemas
2008-04-14 14:15 . 2005-04-20 14:21 474,624 -----c--- C:\WINDOWS\system32\dllcache\wzcsvc.dll
2008-04-14 14:15 . 2006-11-01 02:14 69,120 --a------ C:\WINDOWS\system32\wlanapi.dll
2008-04-14 14:15 . 2005-04-20 14:21 52,736 -----c--- C:\WINDOWS\system32\dllcache\wzcsapi.dll
2008-04-14 14:15 . 2005-04-19 18:54 14,592 -----c--- C:\WINDOWS\system32\dllcache\ndisuio.sys
2008-04-14 13:59 . 2008-04-14 13:59 <DIR> d-------- C:\WINDOWS\kdefense
2008-04-14 13:59 . 2008-04-23 14:25 846,336 --a------ C:\WINDOWS\system32\kdfinj.dll
2008-04-14 13:59 . 2008-04-23 19:37 722,472 --a------ C:\WINDOWS\system32\kdfmgr.exe
2008-04-14 13:59 . 2008-04-23 19:37 192,512 --a------ C:\WINDOWS\system32\kdfvmgr.exe
2008-04-14 13:59 . 2008-04-23 19:37 77,824 --a------ C:\WINDOWS\system32\kdfapi.dll
2008-04-14 13:59 . 2008-04-23 19:37 53,248 --a------ C:\WINDOWS\system32\Kdfhok.dll
2008-04-14 13:57 . 2008-04-14 13:57 <DIR> d-------- C:\WINDOWS\LocalSSL
2008-04-14 13:55 . 2008-02-16 01:01 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-14 13:55 . 2008-02-16 01:01 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-04-14 13:55 . 2008-02-16 01:01 52,240 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-04-14 13:53 . 2008-04-14 17:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-04-14 13:52 . 2008-04-20 08:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-14 10:50 . 2008-04-14 13:23 <DIR> d-------- C:\Documents and Settings\Robert\.housecall6.6
2008-04-14 09:36 . 2008-04-20 21:33 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-13 12:17 . 2008-04-23 19:35 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\OpenOffice.org2
2008-04-13 10:43 . 2008-04-13 10:43 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-04-03 20:37 . 2008-04-03 20:37 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Apple Computer
2008-04-02 21:13 . 2008-04-02 21:13 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\PC Tools
2008-04-02 20:28 . 2008-04-20 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-29 09:23 . 2008-03-29 09:23 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-29 09:23 . 2008-03-29 09:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 00:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream
2008-04-23 21:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-21 02:33 --------- d-----w C:\Program Files\SemSim 640-801 CCNA Exams
2008-04-20 15:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-14 22:27 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-13 15:43 --------- d-----w C:\Program Files\Java
2008-04-08 01:57 --------- d-----w C:\Program Files\Microsoft Money Plus
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 13:29 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-15 17:57 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-03-15 17:57 --------- d-----w C:\Program Files\AutoCAD LT 2008
2008-03-15 17:55 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-15 17:55 --------- d-----w C:\Documents and Settings\Robert\Application Data\Autodesk
2008-03-15 17:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-03-15 17:54 --------- d-----w C:\Program Files\Autodesk
2008-02-25 03:49 831,488 ------w C:\WINDOWS\Setup1.exe
2008-02-25 03:49 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-20_11.08.07.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-10 09:07:05 1,863,680 ----a-w C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\ehcm.dll
+ 2008-04-20 19:26:24 1,863,680 ----a-w C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\ehcm.dll
- 2008-02-10 09:07:05 864,256 ----a-w C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2008-04-20 19:26:24 868,352 ----a-w C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
- 2008-02-09 04:20:12 204,800 ----a-w C:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
+ 2008-04-20 19:26:24 204,800 ----a-w C:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiplay.dll
- 2008-04-20 16:00:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-24 00:35:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2005-08-05 20:01:54 239,104 ------w C:\WINDOWS\Driver Cache\i386\psisdecd.dll
+ 2006-10-09 21:12:14 235,008 ------w C:\WINDOWS\Driver Cache\i386\psisdecd.dll
- 2005-10-11 14:39:38 1,863,680 ----a-w C:\WINDOWS\ehome\ehcm.dll
+ 2006-10-09 21:16:00 1,863,680 ----a-w C:\WINDOWS\ehome\ehcm.dll
- 2005-10-11 14:32:46 864,256 ----a-w C:\WINDOWS\ehome\ehepg.dll
+ 2006-10-09 21:07:44 868,352 ----a-w C:\WINDOWS\ehome\ehepg.dll
- 2005-10-11 14:40:36 332,288 ----a-w C:\WINDOWS\ehome\ehglid.dll
+ 2006-10-09 21:17:04 328,704 ----a-w C:\WINDOWS\ehome\ehglid.dll
- 2004-08-10 10:11:48 178,688 ----a-w C:\WINDOWS\ehome\ehkeyctl.dll
+ 2006-10-09 21:18:32 178,176 ----a-w C:\WINDOWS\ehome\ehkeyctl.dll
- 2005-10-11 14:40:32 237,568 ----a-w C:\WINDOWS\ehome\ehrecvr.exe
+ 2006-10-09 21:16:56 237,568 ----a-w C:\WINDOWS\ehome\ehrecvr.exe
- 2005-10-11 14:43:18 3,219,456 ----a-w C:\WINDOWS\ehome\ehshell.exe
+ 2006-10-09 21:19:14 3,223,552 ----a-w C:\WINDOWS\ehome\ehshell.exe
- 2005-08-05 20:01:58 492,032 ----a-w C:\WINDOWS\ehome\ehui.dll
+ 2006-10-09 21:16:30 558,592 ----a-w C:\WINDOWS\ehome\ehui.dll
- 2005-08-05 19:06:02 105,984 ------w C:\WINDOWS\ehome\mstvcapn.dll
+ 2006-10-09 21:12:52 107,008 ------w C:\WINDOWS\ehome\mstvcapn.dll
- 2005-10-11 14:39:38 1,863,680 -c--a-w C:\WINDOWS\system32\dllcache\ehcm.dll
+ 2006-10-09 21:16:00 1,863,680 -c--a-w C:\WINDOWS\system32\dllcache\ehcm.dll
- 2005-10-11 14:32:46 864,256 -c--a-w C:\WINDOWS\system32\dllcache\ehepg.dll
+ 2006-10-09 21:07:44 868,352 -c--a-w C:\WINDOWS\system32\dllcache\ehepg.dll
- 2004-08-10 10:11:48 269,312 -c--a-w C:\WINDOWS\system32\dllcache\ehglid.dll
+ 2006-10-09 21:17:04 328,704 -c--a-w C:\WINDOWS\system32\dllcache\ehglid.dll
- 2005-10-11 14:43:18 3,219,456 -c--a-w C:\WINDOWS\system32\dllcache\ehshell.exe
+ 2006-10-09 21:19:14 3,223,552 -c--a-w C:\WINDOWS\system32\dllcache\ehshell.exe
- 2005-08-05 20:01:58 492,032 -c--a-w C:\WINDOWS\system32\dllcache\ehui.dll
+ 2006-10-09 21:16:30 558,592 -c--a-w C:\WINDOWS\system32\dllcache\ehui.dll
- 2005-08-05 20:01:54 356,352 -c--a-w C:\WINDOWS\system32\dllcache\encdec.dll
+ 2006-10-09 21:12:44 456,192 -c--a-w C:\WINDOWS\system32\dllcache\encdec.dll
- 2005-10-11 14:39:32 1,669,120 -c--a-w C:\WINDOWS\system32\dllcache\msvidctl.dll
+ 2006-10-09 21:15:52 1,669,632 -c--a-w C:\WINDOWS\system32\dllcache\msvidctl.dll
- 2005-08-05 20:01:54 239,104 -c----w C:\WINDOWS\system32\dllcache\psisdecd.dll
+ 2006-10-09 21:12:14 235,008 -c----w C:\WINDOWS\system32\dllcache\psisdecd.dll
- 2005-08-05 20:01:54 282,112 -c--a-w C:\WINDOWS\system32\dllcache\sbe.dll
+ 2006-10-09 21:12:40 291,840 -c--a-w C:\WINDOWS\system32\dllcache\sbe.dll
- 2005-08-05 20:01:54 356,352 ----a-w C:\WINDOWS\system32\encdec.dll
+ 2006-10-09 21:12:44 456,192 ----a-w C:\WINDOWS\system32\encdec.dll
- 2005-10-11 14:39:32 1,669,120 ----a-w C:\WINDOWS\system32\msvidctl.dll
+ 2006-10-09 21:15:52 1,669,632 ----a-w C:\WINDOWS\system32\msvidctl.dll
- 2008-04-20 15:12:23 63,930 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-23 18:40:19 63,930 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-20 15:12:23 406,896 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-23 18:40:19 406,896 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2005-08-05 20:01:54 239,104 ----a-w C:\WINDOWS\system32\psisdecd.dll
+ 2006-10-09 21:12:14 235,008 ----a-w C:\WINDOWS\system32\psisdecd.dll
- 2005-08-05 20:01:54 282,112 ----a-w C:\WINDOWS\system32\sbe.dll
+ 2006-10-09 21:12:40 291,840 ----a-w C:\WINDOWS\system32\sbe.dll
- 2005-06-28 17:21:32 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2005-10-13 18:22:46 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2005-09-28 19:46:30 1,184,984 ----a-w C:\WINDOWS\system32\wvc1dmod.dll
+ 2008-04-24 00:35:38 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_294.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}"= "C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll" [2008-02-15 06:38 103760]

[HKEY_CLASSES_ROOT\clsid\{e7620c98-fccc-40e5-92ec-c7685d2e1e40}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@={747E722C-CB46-4A9D-BDFE-192AAD5099B1}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@={EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4A9D-BDFE-192AAD5099B1}]
2008-01-04 18:47 2389296 --a------ C:\Program Files\MozyHome\mozyshell.dll

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}]
2008-01-04 18:47 2389296 --a------ C:\Program Files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-08 23:37 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56 64512]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 18:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 18:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 18:45 118784]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 18:30 282624 C:\WINDOWS\stsystra.exe]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [2005-05-18 15:49 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 13:48 761947]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-16 00:56 1398024]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

C:\Documents and Settings\Robert\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-08 23:37:51 125624]
MozyHome Status.lnk - C:\Program Files\MozyHome\mozystat.exe [2008-02-09 00:57:36 1877296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R1 mozyFilter;mozyFilter;C:\WINDOWS\system32\DRIVERS\mozy.sys [2008-01-04 18:47]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-10 01:20:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-24 00:38:54 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 19:46:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-23 19:48:28
ComboFix-quarantined-files.txt 2008-04-24 00:48:19
ComboFix2.txt 2008-04-20 16:10:19

Pre-Run: 58,264,719,360 bytes free
Post-Run: 58,260,451,328 bytes free

237 --- E O F --- 2008-04-22 19:45:12




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:40 PM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\stacsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MozyHome\mozystat.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\kdfmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.samsung-emp.com
O15 - Trusted Zone: *.samsunggsbn.com
O15 - Trusted Zone: *.samsungwireless.com
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install ... stallX.CAB
O16 - DPF: {E463DD62-1D07-425E-B82A-539FBA2F4162} (GSBN_Updater.UserControl1) - https://samsunggsbn.com/PSI3/Cab/GSBN_Updater.CAB
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7922 bytes


Thank for your help
roundaboutrc
Active Member
 
Posts: 6
Joined: April 20th, 2008, 9:58 am

Re: sgoblxtm removal help

Unread postby dan12 » April 27th, 2008, 7:32 am

How are things?

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)

O15 - Trusted Zone: *.samsung-emp.com
O15 - Trusted Zone: *.samsunggsbn.com
O15 - Trusted Zone: *.samsungwireless.com

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit




Update Java Runtime Environment (JRE)

Your JRE is out of date. The current version is Java Runtime Environment (JRE) 6 Update 6.

  1. Click on Start > Control Panel and double click on Add/Remove Programs. Locate J2SE Runtime Environment 5.0 Update 11 and click on Change/Remove to uninstall it.
  2. Repeat for these old versions of JRE:
      J2SE Runtime Environment 5.0 Update 11
      Java(TM) 6 Update 3
      Java(TM) 6 Update 4
  3. Click here to visit Java's website.
  4. Scroll down to Java Runtime Environment (JRE) 6 Update 6. Click on Download.
  5. Select Windows from the drop-down list for Platform.
  6. Select Multi-language from the drop-down list for Language.
  7. Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
  8. Click on jre-6u6-windows-i586-p.exe link to download it and save this to a convenient location.
  9. Run this installation to update your Java.


post a new HJT log
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: sgoblxtm removal help

Unread postby Gary R » May 5th, 2008, 6:57 am

Due to lack of response this topic is now closed.

If you still need help open a new thread in the Malware Removal forum and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Gary R
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 278 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware