Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My "HijackThis" log file

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My "HijackThis" log file

Unread postby osugrad85 » July 31st, 2008, 10:27 pm

I was infected with Antivirus XP 2008 over the weekend. I think I got it all, but my computer seems really slow now. Please check this log for anything that I should "fix." Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:34 PM, on 07/31/08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\qoeapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signonsandiego.com/
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe
O4 - Global Startup: HOTSYNC.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: SoftStuff Wallpaper Changer.lnk = C:\Program Files\softstuff\softstrt.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/d ... gctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://vapwfa.ops.placeware.com/etc/pla ... silver.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us ... eaming.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02b.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0339741375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5705867625
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcophotocenter.com/CostcoUpload.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4056/ ... oupons.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/downlo ... ctxcab.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061011 ... 101001.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{1CC8C8E6-BC06-482B-89A0-2E796EEC7133}: NameServer = 192.168.0.1,4.2.2.2
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 11195 bytes
osugrad85
Active Member
 
Posts: 7
Joined: July 31st, 2008, 10:23 pm
Advertisement
Register to Remove

Re: My "HijackThis" log file

Unread postby Katana » August 6th, 2008, 1:57 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe


----------------------------------------------------------------------------------------


If you still require help please post a fresh HJT log along with the following


Installed Programs

Please could you give me a list of the programs that are installed.
  • Start HijackThis
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My "HijackThis" log file

Unread postby osugrad85 » August 9th, 2008, 1:46 am

Here's my "Installed Programs" list (followed by my latest Hijackthis log):

ABBYY FineReader 5.0 Sprint
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
ArcSoft Camera Suite
BCM V.92 56K Modem
Belarc Advisor 6.1
BurnPlugin for Audible
CA Internet Security Suite
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
CheckIt Diagnostics
Classic PhoneTools
Creative Mass Storage Drivers
Creative MediaSource
DAO
Dell AIO Printer A940
Dell Digital Jukebox Driver
Dell Modem-On-Hold
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Documents To Go
DVDSentry
Easy CD Creator 5 Basic
FreeAgent Pro Tools
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
IE New Window Maximizer 2.4
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Memory Key Boot Utility
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Interactive Training
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft MSN MoneyCentral Stock Quotes Add-In for Excel
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Meeting
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Sounds
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft Office XP Web Components
Microsoft Outlook Personal Folders Backup
Microsoft Outlook Web Access S/MIME
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Modem Helper
Modem User Guide
Move Networks Player for Internet Explorer
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Napster
Napster 3.5 MP3 Encoder
Napster Burn Engine
NCUA Call Report
NetObjects Fusion 7
Network Magic
NVIDIA Windows 2000/XP Display Drivers
Office XP Extended Alerts
OLAP CubeCellValue Excel AddIn
Paint Shop Pro 7
Palm
PC Coach
PC Coach Light
Picasa 2
Pocket Tunes 3.1.8
PowerDVD
powerOne v1.1
QuickTime
Read in Microsoft Reader Add-in for Microsoft Word
RealPlayer
Rhapsody
Rhapsody Player Engine
RoadRunner
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Shockwave
Sierra On-Line Games (Remove only)
SoftStuff Screen Saver and Wallpaper
SoundMAX
SpywareBlaster 4.1
The Ultimate Troubleshooter
VIRTUA SQUAD Native
Winamp (remove only)
Windows Backup Utility
Windows Defender
Windows Driver Package - Pure Networks, Inc. Network Magic Device Discovery Driver (08/22/2007 4.2.7234.0)
Windows Driver Package - Pure Networks, Inc. Network Magic Wireless Driver (08/22/2007 4.2.7234.0)
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer Clean Up
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
WinZip Self-Extractor



Here's my latest Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:20 PM, on 08/08/08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signonsandiego.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://vapwfa.ops.placeware.com/etc/pla ... silver.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02b.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0339741375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5705867625
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061011 ... 101001.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{1CC8C8E6-BC06-482B-89A0-2E796EEC7133}: NameServer = 192.168.0.1,4.2.2.2
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 8182 bytes


Thanks in advance for the help!
osugrad85
Active Member
 
Posts: 7
Joined: July 31st, 2008, 10:23 pm

Re: My "HijackThis" log file

Unread postby Katana » August 9th, 2008, 5:03 am

Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available.
  • Please go to this link Adobe Acrobat Reader Download Link
  • Click Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts


Remove Programs

Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) . If any of the following programs are listed there,
click on the program to highlight it, and click on remove.
  • J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    Java 2 Runtime Environment, SE v1.4.2
    Java(TM) SE Runtime Environment 6 Update 1
Now close the Control Panel.



Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My "HijackThis" log file

Unread postby osugrad85 » August 12th, 2008, 9:36 am

I followed your directions regarding updating Adobe Acrobat Reader and removing the J2SE and Java programs. Here's the log file following the Malwarebytes Anti-Malware scan:

Malwarebytes' Anti-Malware 1.24
Database version: 1043
Windows 5.1.2600 Service Pack 3

6:32:45 AM 08/12/08
mbam-log-8-12-2008 (06-32-45).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 128074
Time elapsed: 3 hour(s), 49 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\rhcc7ej0e999 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.

Again, thanks for the help. Any further instructions?
osugrad85
Active Member
 
Posts: 7
Joined: July 31st, 2008, 10:23 pm

Re: My "HijackThis" log file

Unread postby Katana » August 12th, 2008, 11:36 am

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper




Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)

NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My "HijackThis" log file

Unread postby osugrad85 » August 12th, 2008, 11:22 pm

Here's my log from Combofix (followed by my latest Hijackthis log and my Kaspersky online scan report):

ComboFix 08-08-12.01 - Our Home Computer 2008-08-12 16:53:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.139 [GMT -7:00]
Running from: C:\Documents and Settings\Our Home Computer\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Our Home Computer\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system\oeminfo.ini
C:\WINDOWS\system32\eWebControl.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{DEF85C80-216A-43AB-AF70-1665EDBE2780}


((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.

2008-08-11 18:26 . 2008-08-11 18:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-11 18:26 . 2008-08-11 18:26 <DIR> d-------- C:\Documents and Settings\Our Home Computer\Application Data\Malwarebytes
2008-08-11 18:26 . 2008-08-11 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-11 18:26 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-08-11 18:26 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-08-08 20:50 . 2008-08-08 20:50 <DIR> d-------- C:\Program Files\Windows Defender
2008-08-01 19:03 . 2008-08-01 19:03 <DIR> d-------- C:\Program Files\AnswersThatWork
2008-08-01 19:03 . 2007-06-08 13:53 1,753,088 --a------ C:\WINDOWS\SYSTEM32\ExGrid.dll
2008-08-01 19:03 . 2007-04-03 16:51 614,400 --a------ C:\WINDOWS\SYSTEM32\ExButton.dll
2008-08-01 19:03 . 2007-06-05 10:20 602,112 --a------ C:\WINDOWS\SYSTEM32\ExMenu.dll
2008-08-01 19:03 . 2007-06-05 10:19 516,096 --a------ C:\WINDOWS\SYSTEM32\ExTab.dll
2008-08-01 19:03 . 2005-10-11 14:40 356,352 --a------ C:\WINDOWS\SYSTEM32\eSellerateEngine.dll
2008-08-01 19:03 . 2007-04-03 16:51 307,200 --a------ C:\WINDOWS\SYSTEM32\ExPMenu.dll
2008-08-01 19:03 . 2004-03-09 01:00 124,688 --a------ C:\WINDOWS\SYSTEM32\MSWinSck.ocx
2008-07-31 09:49 . 2008-08-12 17:18 72,706 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kmxcfg.u2k0
2008-07-31 09:49 . 2008-08-12 17:18 64 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kmxcfg.u2k7
2008-07-31 09:49 . 2008-08-12 17:18 64 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kmxcfg.u2k6
2008-07-31 09:49 . 2008-08-12 17:18 64 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kmxcfg.u2k5
2008-07-31 09:49 . 2008-08-12 17:18 64 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kmxcfg.u2k4
2008-07-31 09:49 . 2008-08-12 17:18 64 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kmxcfg.u2k3
2008-07-31 09:49 . 2008-08-12 17:18 64 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kmxcfg.u2k2
2008-07-31 09:49 . 2008-08-12 17:18 64 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kmxcfg.u2k1
2008-07-30 10:08 . 2008-08-12 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-30 09:22 . 2008-07-31 08:57 <DIR> d-------- C:\Program Files\IE New Window Maximizer
2008-07-30 09:06 . 2008-07-30 09:06 <DIR> d-------- C:\WINDOWS\SYSTEM32\GroupPolicy
2008-07-30 09:06 . 2008-07-30 09:06 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-07-27 17:43 . 2008-04-13 17:12 116,224 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwiadr.dll
2008-07-27 17:43 . 2002-09-03 10:14 28,288 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\xjis.nls
2008-07-27 17:43 . 2008-04-13 17:12 18,944 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\xrxscnui.dll
2008-07-27 17:43 . 2008-04-13 17:12 8,192 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\wshirda.dll
2008-07-27 17:42 . 2001-08-17 13:28 113,762 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\usrpda.sys
2008-07-27 17:42 . 2008-04-13 11:45 31,744 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\wceusbsh.sys
2008-07-27 17:42 . 2008-04-13 11:36 8,832 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\wmiacpi.sys
2008-07-27 17:41 . 2008-04-13 17:12 82,944 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\tp4mon.exe
2008-07-27 17:41 . 2008-04-13 11:45 60,032 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\usbaudio.sys
2008-07-27 17:41 . 2008-04-13 11:45 26,112 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\usbser.sys
2008-07-27 17:41 . 2008-04-13 11:45 17,152 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\usbohci.sys
2008-07-27 17:40 . 2008-04-13 11:40 149,376 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\tffsport.sys
2008-07-27 17:40 . 2008-04-13 11:40 7,552 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\sonyait.sys
2008-07-27 17:39 . 2004-08-03 22:31 32,768 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\sisnic.sys
2008-07-27 17:39 . 2008-04-13 11:36 16,000 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\smbbatt.sys
2008-07-27 17:39 . 2008-04-13 11:36 6,912 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\smbclass.sys
2008-07-27 17:38 . 2008-04-13 11:40 79,104 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\rocket.sys
2008-07-27 17:38 . 2008-04-13 11:40 43,904 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\sbp2port.sys
2008-07-27 17:38 . 2008-04-13 17:12 29,696 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\rw450ext.dll
2008-07-27 17:38 . 2008-04-13 17:12 27,648 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\rw430ext.dll
2008-07-27 17:38 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\rtl8139.sys
2008-07-27 17:38 . 2008-04-13 11:45 11,520 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\scsiscan.sys
2008-07-27 17:37 . 2008-04-13 17:10 259,328 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\perm3dd.dll
2008-07-27 17:37 . 2008-04-13 17:12 159,232 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ptpusd.dll
2008-07-27 17:37 . 2002-09-03 09:52 83,748 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\prcp.nls
2008-07-27 17:37 . 2002-09-03 09:52 83,748 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\prc.nls
2008-07-27 17:37 . 2008-04-13 11:44 28,032 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\perm3.sys
2008-07-27 17:37 . 2008-04-13 11:41 17,664 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ppa3.sys
2008-07-27 17:37 . 2008-04-13 11:40 8,832 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\powerfil.sys
2008-07-27 17:37 . 2008-04-13 11:40 6,016 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\qic157.sys
2008-07-27 17:36 . 2008-04-13 11:31 2,065,792 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2008-07-27 17:36 . 2008-04-13 17:10 211,584 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\perm2dll.dll
2008-07-27 17:36 . 2008-04-13 11:46 61,696 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ohci1394.sys
2008-07-27 17:36 . 2004-08-03 22:31 29,502 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\pca200e.sys
2008-07-27 17:36 . 2008-04-13 11:54 28,672 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\nscirda.sys
2008-07-27 17:36 . 2008-04-13 11:44 27,904 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\perm2.sys
2008-07-27 17:35 . 2008-04-13 11:46 49,024 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\mstape.sys
2008-07-27 17:35 . 2008-04-13 11:54 22,016 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msircomm.sys
2008-07-27 17:34 . 2008-04-13 11:41 26,112 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\memstpci.sys
2008-07-27 17:33 . 2004-08-03 22:41 606,684 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ltmdmnt.sys
2008-07-27 17:33 . 2008-04-13 17:11 253,952 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\kdsusd.dll
2008-07-27 17:33 . 2008-04-13 17:11 48,640 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\kdsui.dll
2008-07-27 17:33 . 2002-09-03 09:39 47,066 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ksc.nls
2008-07-27 17:33 . 2008-04-13 11:40 34,688 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\lbrtfdc.sys
2008-07-27 17:33 . 2008-04-13 11:39 14,592 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\kbdhid.sys
2008-07-27 17:33 . 2008-04-13 11:40 7,040 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ltotape.sys
2008-07-27 17:32 . 2008-04-13 17:12 151,552 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\irftp.exe
2008-07-27 17:32 . 2008-04-13 11:54 88,192 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\irda.sys
2008-07-27 17:32 . 2008-04-13 17:11 28,160 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\irmon.dll
2008-07-27 17:30 . 2008-04-13 11:45 59,136 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\gckernel.sys
2008-07-27 17:30 . 2008-04-13 11:40 28,288 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\grserial.sys
2008-07-27 17:30 . 2008-04-13 17:11 21,504 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hidserv.dll
2008-07-27 17:30 . 2008-04-13 11:36 20,352 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hidbatt.sys
2008-07-27 17:30 . 2008-04-13 11:45 10,624 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\gameenum.sys
2008-07-27 17:29 . 2004-08-03 22:31 34,173 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\forehe.sys
2008-07-27 17:28 . 2008-04-13 11:39 206,976 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\dot4.sys
2008-07-27 17:28 . 2008-04-13 17:12 20,992 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\dshowext.ax
2008-07-27 17:28 . 2008-04-13 11:40 8,320 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\dlttape.sys
2008-07-27 17:27 . 2008-04-13 17:11 249,856 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ctmasetp.dll
2008-07-27 17:27 . 2004-08-03 22:32 48,640 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\cwrwdm.sys
2008-07-27 17:26 . 2008-04-13 11:36 13,952 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\cmbatt.sys
2008-07-27 17:26 . 2008-04-13 11:36 10,240 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\compbatt.sys
2008-07-27 17:26 . 2008-04-13 11:40 8,192 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\changer.sys
2008-07-27 17:24 . 2002-09-03 09:28 82,172 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\bopomofo.nls
2008-07-27 17:24 . 2002-09-03 09:27 66,728 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\big5.nls
2008-07-27 17:24 . 2008-04-13 11:46 38,912 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\avc.sys
2008-07-27 17:24 . 2008-04-13 11:36 14,208 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\battc.sys
2008-07-27 17:24 . 2008-04-13 11:46 13,696 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\avcstrm.sys
2008-07-27 17:22 . 2008-04-13 12:27 2,188,928 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe
2008-07-27 17:22 . 2001-08-17 22:36 462,848 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\a3dapi.dll
2008-07-27 17:22 . 2008-04-13 11:46 53,376 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\1394bus.sys
2008-07-27 17:22 . 2008-04-13 11:46 48,128 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\61883.sys
2008-07-27 17:22 . 2008-04-13 11:40 12,288 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\4mmdat.sys
2008-07-27 09:27 . 2008-07-27 09:27 <DIR> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 02:11 --------- d-----w C:\Program Files\Dell
2008-08-12 01:15 --------- d-----w C:\Program Files\Java
2008-08-02 03:53 --------- d-----w C:\Program Files\QuickTime
2008-08-02 02:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-02 02:03 --------- d-----w C:\Program Files\Common Files\eSellerate
2008-08-01 00:25 --------- d-----w C:\Program Files\NCUA Call Report
2008-07-31 19:11 --------- d-----w C:\Program Files\Google
2008-07-31 18:19 --------- d-----w C:\Program Files\Palm
2008-07-30 18:10 --------- d-----w C:\Program Files\Picasa2
2008-07-30 16:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-30 16:06 --------- d-----w C:\Program Files\SpywareBlaster
2008-07-27 17:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-04 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-07-04 23:25 --------- d-----w C:\Documents and Settings\Our Home Computer\Application Data\ZoomBrowser EX
2008-06-26 00:23 --------- d-----w C:\Program Files\Napster
2008-06-26 00:22 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-06-26 00:22 --------- d-----w C:\Program Files\Common Files\Napster Shared
2008-06-25 02:10 256,528 ----a-w C:\WINDOWS\SYSTEM32\UmxSbxw.dll
2008-06-25 02:10 117,264 ----a-w C:\WINDOWS\SYSTEM32\UmxSbxExw.dll
2008-06-25 02:08 93,712 ----a-w C:\WINDOWS\system32\drivers\KmxStart.sys
2008-06-25 02:08 88,816 ----a-w C:\WINDOWS\system32\drivers\KmxCfg.sys
2008-06-25 02:08 66,576 ----a-w C:\WINDOWS\system32\drivers\KmxSbx.sys
2008-06-25 02:08 63,504 ----a-w C:\WINDOWS\system32\drivers\KmxAgent.sys
2008-06-25 02:08 45,584 ----a-w C:\WINDOWS\system32\drivers\KmxFile.sys
2008-06-25 02:08 134,648 ----a-w C:\WINDOWS\system32\drivers\KmxCF.sys
2008-06-25 02:08 115,216 ----a-w C:\WINDOWS\system32\drivers\KmxFw.sys
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-13 01:53 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
2008-05-13 01:53 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
2008-05-13 01:53 129,784 ------w C:\WINDOWS\SYSTEM32\pxafs.dll
2008-05-13 01:51 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2008-05-13 01:49 161,096 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2008-05-13 01:49 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2008-07-29 06:41 1213680]
"IE New Window Maximizer"="C:\Program Files\IE New Window Maximizer\iemaximizer.exe" [2005-02-08 23:06 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2007-08-20 13:36 230664]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 22:25 177416]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 17:57 1193200]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 17:57 173296]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 17:57 259312]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-07-31 19:00 14088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-11-03 14:46 49152]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 18:23 443968]

C:\Documents and Settings\Our Home Computer\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - C:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe [2008-01-14 12:48:32 95456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoAutoTrayNotify"= 1 (0x1)
"NoBandCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 13:30 79368 C:\WINDOWS\SYSTEM32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNC.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNC.lnk
backup=C:\WINDOWS\pss\HOTSYNC.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SoftStuff Wallpaper Changer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SoftStuff Wallpaper Changer.lnk
backup=C:\WINDOWS\pss\SoftStuff Wallpaper Changer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"medic"="C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2008-06-24 19:08]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2008-06-24 19:08]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2008-06-24 19:08]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2008-06-24 19:08]
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 18:09]
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2008-06-24 19:08]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2008-06-24 19:08]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 18:09]
R2 UmxAgent;HIPS Event Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 10:24]
R2 UmxCfg;HIPS Configuration Interpreter;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 10:24]
R2 UmxPol;HIPS Policy Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 19:10]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2008-06-24 19:08]
R3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-16 21:10]
S3 Bulk503;Chameleon Mega Digital Camera;C:\WINDOWS\system32\Drivers\Bulk503.sys []
S3 ISO503;Chameleon Mega Video Camera;C:\WINDOWS\system32\Drivers\ISO503.SYS []
S3 VisorUsb;Handspring USB;C:\WINDOWS\system32\DRIVERS\VisorUsb.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-08-12 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Our Home Computer at 7 00 AM.job
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-16 21:10]

2008-08-13 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-08-12 C:\WINDOWS\Tasks\PPv5Scan_Daily as Our Home Computer at 6 30 PM.job
- C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\ppv5consumercl.exe []
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKCU-Main,Start Page = hxxp://www.signonsandiego.com/
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} - hxxp://vapwfa.ops.placeware.com/etc/pla ... silver.cab
C:\WINDOWS\Downloaded Program Files\Quicksilver.inf

O16 -: {640B39C1-D713-464F-92C3-75BD972B95EE} - hxxp://www.sidestep.com/get/k42037/sb02b.cab
C:\WINDOWS\Downloaded Program Files\SbCIe02b.inf
C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
C:\WINDOWS\Downloaded Program Files\SbCIe02b.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 17:24:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\vetmsg.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe
.
**************************************************************************
.
Completion time: 2008-08-12 17:36:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-13 00:35:06

Pre-Run: 16,205,668,352 bytes free
Post-Run: 16,100,691,968 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

294 --- E O F --- 2008-07-09 03:51:29


Here's my latest Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:25 PM, on 08/12/08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Our Home Computer\Local Settings\Temp\jkos-Our Home Computer\binaries\ScanningProcess.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signonsandiego.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://vapwfa.ops.placeware.com/etc/pla ... silver.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02b.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0339741375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5705867625
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061011 ... 101001.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{1CC8C8E6-BC06-482B-89A0-2E796EEC7133}: NameServer = 192.168.0.1,4.2.2.2
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 8772 bytes

Here's my Kaspersky online scan report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, August 12, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, August 13, 2008 01:55:02
Records in database: 1087424
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 94104
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:16:48

No malware has been detected. The scan area is clean.

The selected area was scanned.


Again, thanks!
osugrad85
Active Member
 
Posts: 7
Joined: July 31st, 2008, 10:23 pm

Re: My "HijackThis" log file

Unread postby Katana » August 13th, 2008, 1:10 am

Well, the only thing showing now is an optional fix.

----------------------------------------------------------- ----------------------------------------------------------- -----------------------------------------------------------
SideStep was considered spyware, but is now borderline. I you want to remove it please do the following

Fix With HJT

Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02b.cab

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis



OTMoveIt
Please download OTMoveIt2 by OldTimer and save it to your desktop
  • Double-click OTMoveIt2.exe to run it.
  • Copy the lines in the codebox below.
Code: Select all
C:\WINDOWS\Downloaded Program Files\SbCIe02b.inf
C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
C:\WINDOWS\Downloaded Program Files\SbCIe02b.dll

  • Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



----------------------------------------------------------- ----------------------------------------------------------- -----------------------------------------------------------


How are things running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My "HijackThis" log file

Unread postby osugrad85 » August 13th, 2008, 10:45 pm

Ok, removed Sidestep line from Hijackthis results using fix it option, then followed your instructions regarding OTMoveIT. Here's everything that was in the results window:

File/Folder C:\WINDOWS\Downloaded Program Files\SbCIe02b.inf not found.
File/Folder C:\WINDOWS\Downloaded Program Files\SbCIe028.dll not found.
File/Folder C:\WINDOWS\Downloaded Program Files\SbCIe02b.dll not found.
File/Folder not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08132008_194133

For grins, here is my latest Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:18 PM, on 08/13/08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signonsandiego.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://vapwfa.ops.placeware.com/etc/pla ... silver.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0339741375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5705867625
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061011 ... 101001.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{1CC8C8E6-BC06-482B-89A0-2E796EEC7133}: NameServer = 192.168.0.1,4.2.2.2
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 8524 bytes

As for how thing are running now, no more crashes, so that is a great improvement.
osugrad85
Active Member
 
Posts: 7
Joined: July 31st, 2008, 10:23 pm

Re: My "HijackThis" log file

Unread postby Katana » August 14th, 2008, 6:05 am

Congratulations your logs look clean :D

Let's see if I can help you keep it that way

First lets tidy up :D


  • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    • Image
You can also delete any logs we have produced, and empty your Recycle bin.


Open OTMoveIt Click Cleanup,
it will now connect to the internet and get a list of files to delete.
When a box pops up click YES.



The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partne ... bscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware
    AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • MalwareBytes Anti-malware <<< A New and effective program
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner

Prevention
    These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 4.0
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers
    Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
    Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My "HijackThis" log file

Unread postby osugrad85 » August 14th, 2008, 3:28 pm

Thanks for your help and advice (my Internet Explorer 7 security settings were already set at your recommended settings). Although my computer seems slower now that it was prior to the infestation, it isn't crashing anymore and I didn't lose any data (lucky).

Here's a list of security type programs/utilities I was running at the time of the infestation:

For realtime and on demand antivirus: CA Security Center's Antivirus (CA Security Center security suite is provided free of charge by my Internet service provider)
For realtime and on demand antispyware: CA Security Center's Antispyware and Antispam
For additional realtime antispyware: Spywareblaster
For firewall: Windows XP Firewall

Here's what I am running now following the infestation:

For realtime and on demand antivirus: CA Security Center's Antivirus
For realtime and on demand antispyware: CA Security Center's Antispyware and Antispam
For additional realtime antispyware: Spywareblaster
For additional realtime antispyware/antimalware: Windows Defender
For firewall: CA Security Center's Firewall

I have been and will continue to use CCleaner and Spywareblaster and run Ad-aware's antispyware program on a regular basis.

I have always tried to keep these programs, along with Internet Explorer 7, up-to-date. But, obviously something slipped through (Antivirus XP 2008 to name one).

Do you see any problem with my running CA Security Center's Antispyware and Windows Defender together? And, what is the Antimalware communities thoughts/opinion/position on Windows Defender?
osugrad85
Active Member
 
Posts: 7
Joined: July 31st, 2008, 10:23 pm

Re: My "HijackThis" log file

Unread postby Katana » August 14th, 2008, 3:51 pm

As far as I am aware, Defender shouldn't interfere with CA Security Center's Antispyware.

My personal opinion of Defender is quite low, from the logs I see where it is running it seems to do a minimal job at best.
I recommend that you keep MalwareBytes installed, and use it on a regular basis.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My "HijackThis" log file

Unread postby osugrad85 » August 20th, 2008, 1:08 pm

Well, everything seems to be working fine. Thank you very much for all of your help and advice!
osugrad85
Active Member
 
Posts: 7
Joined: July 31st, 2008, 10:23 pm

Re: My "HijackThis" log file

Unread postby NonSuch » August 21st, 2008, 3:03 pm

As this issue is resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 281 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware