Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

HELP!!! I can't take it any more

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

HELP!!! I can't take it any more

Unread postby ivl2 » November 1st, 2008, 2:12 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:02 PM, on 11/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by IADT Chicago
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/cecybrary/su ... aryRdr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1284952780
O20 - AppInit_DLLs: cerrjk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Iap - Dell Inc. - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 7129 bytes
ivl2
Active Member
 
Posts: 2
Joined: November 1st, 2008, 1:58 pm
Top
Advertisement
Register to Remove

Re: HELP!!! I can't take it any more

Unread postby km2357 » November 1st, 2008, 4:58 pm

Hello and welcome to Malware Removal.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

I will be back as soon as possible with your first instructions!
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3205
Joined: January 30th, 2007, 2:48 pm
Location: California
Top

Re: HELP!!! I can't take it any more

Unread postby km2357 » November 1st, 2008, 5:13 pm

Step # 1 Download CCleaner

Download CCleaner from here to clean temp files from your computer.
  • Double click on the ccsetup.exe file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location.
  • Under Install Options, choose all the default settings except I would recommend that you unclick/untick install the Yahoo! Toolbar, unless you want it. You can also Uncheck the 'Automatically check for updates' box.
  • Click Install then finish to complete installation.


Step # 2 Retrieve the Installed Programs List from CCleaner

Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.


Step # 3: Download and Run ComboFix

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the CCleaner Install List, C:\ComboFix.txt and a fresh HiJackThis Log in your next reply.

Use multiple posts if you can't fit everything into one post.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3205
Joined: January 30th, 2007, 2:48 pm
Location: California
Top

Re: HELP!!! I can't take it any more

Unread postby ivl2 » November 2nd, 2008, 9:57 pm

ComboFix 08-11-02.04 - Administrator 2008-11-02 20:36:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.469 [GMT -6:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\Facegame
C:\Documents and Settings\Administrator\Start Menu\Programs\AntiSpywareXP2009
C:\Documents and Settings\Administrator\Start Menu\Programs\AntiSpywareXP2009\AntiSpywareXP2009.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\AntiSpywareXP2009\Uninstall.lnk
C:\Program Files\AntiSpywareXP2009
C:\Program Files\AntiSpywareXP2009\AVEngn.dll
C:\Program Files\AntiSpywareXP2009\data\daily.cvd
C:\Program Files\AntiSpywareXP2009\htmlayout.dll
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcm80.dll
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcp80.dll
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcr80.dll
C:\Program Files\AntiSpywareXP2009\pthreadVC2.dll
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system32\cerrjk.dll
C:\WINDOWS\system32\DelSelf.bat
C:\WINDOWS\system32\ebmnhjjp.dll
C:\WINDOWS\system32\eMTtCfhk.ini
C:\WINDOWS\system32\eMTtCfhk.ini2
C:\WINDOWS\system32\fbseveot.dll
C:\WINDOWS\system32\fffsmj.dll
C:\WINDOWS\system32\giasmfso.ini
C:\WINDOWS\system32\hqqsjh.dll
C:\WINDOWS\system32\keedxjre.dll
C:\WINDOWS\system32\khfCtTMe.dll
C:\WINDOWS\system32\lfcjutgn.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msansspc.dll
C:\WINDOWS\system32\mugymp.dll
C:\WINDOWS\system32\oatvvnvo.dll
C:\WINDOWS\system32\pmnlkjii.dll
C:\WINDOWS\system32\qrfgxsev.dll
C:\WINDOWS\system32\rqRklmkI.dll
C:\WINDOWS\system32\toevesbf.ini
C:\WINDOWS\system32\ubmxrbfu.ini
C:\WINDOWS\system32\wqkfktwl.dll
C:\WINDOWS\wiaserviv.log

Infected copy of C:\WINDOWS\system32\drivers\beep.sys was found and disinfected
Restored copy from - C:\System Volume Information\_restore{F43D0D8C-6682-4CAC-B2D8-50904A3CBFC2}\RP19\A0001840.sys

.
((((((((((((((((((((((((( Files Created from 2008-10-03 to 2008-11-03 )))))))))))))))))))))))))))))))
.

2008-11-02 20:41 . 2008-11-02 20:41 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-11-02 20:40 . 2006-02-28 06:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys
2008-11-02 20:40 . 2006-02-28 06:00 4,224 --a--c--- C:\WINDOWS\system32\dllcache\beep.sys
2008-11-02 20:28 . 2008-11-02 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-11-02 20:22 . 2008-11-02 20:22 <DIR> d-------- C:\Program Files\Yahoo!
2008-11-02 20:22 . 2008-11-02 20:23 <DIR> d-------- C:\Program Files\CCleaner
2008-11-01 14:39 . 2008-11-01 14:39 <DIR> d-------- C:\Program Files\Veoh Networks
2008-11-01 14:38 . 2008-11-01 14:38 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-11-01 14:38 . 2008-11-01 14:38 21,440,208 --a------ C:\Program Files\VeohSetup-3.9.8.1082.exe
2008-11-01 12:44 . 2008-11-01 12:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-30 02:31 . 2008-10-30 08:23 7 --a------ C:\WINDOWS\sbacknt.bin
2008-10-30 02:30 . 2008-10-30 08:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\vghd
2008-10-30 02:30 . 2008-10-30 02:30 152,904 --a------ C:\WINDOWS\system32\vghd.scr
2008-10-30 00:34 . 2008-10-30 00:34 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-10-30 00:34 . 2005-10-20 19:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-10-30 00:34 . 2005-10-20 19:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-10-30 00:01 . 2008-10-30 00:01 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-30 00:01 . 2008-10-30 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-29 23:32 . 2008-10-29 23:32 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-10-29 23:31 . 2008-10-30 00:17 <DIR> d-------- C:\Program Files\Norton 360
2008-10-29 23:29 . 2008-11-02 09:50 <DIR> d-------- C:\Program Files\Symantec
2008-10-29 23:29 . 2008-11-02 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-29 23:29 . 2008-11-02 09:50 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-29 23:29 . 2008-11-02 09:50 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-29 23:29 . 2008-11-02 09:50 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-29 23:29 . 2008-11-02 09:50 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-29 23:26 . 2008-10-29 23:27 46,640 --a------ C:\WINDOWS\system32\msln.exe
2008-10-29 23:19 . 2008-11-02 20:46 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-10-29 23:17 . 2008-10-30 02:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-10-29 23:07 . 2008-10-29 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-29 18:17 . 2008-10-29 18:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-10-29 18:17 . 2008-10-31 10:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-29 18:17 . 2008-10-29 18:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-28 22:10 . 2008-10-28 22:13 <DIR> d-------- C:\Program Files\Microsoft Small Business
2008-10-28 22:08 . 2008-10-28 22:08 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-10-28 22:07 . 2008-10-28 22:10 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-10-28 21:59 . 2008-10-28 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2008-10-28 21:57 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-10-28 21:57 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-10-28 21:57 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-10-28 21:57 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-10-28 21:55 . 2008-10-28 21:55 <DIR> d-------- C:\WINDOWS\system32\Color
2008-10-28 21:55 . 2008-10-28 21:55 <DIR> d-------- C:\Program Files\NewSoft
2008-10-28 21:55 . 2008-10-28 21:55 <DIR> d-------- C:\Program Files\Common Files\PDFView
2008-10-28 21:55 . 2008-10-28 21:55 <DIR> d-------- C:\Program Files\Common Files\NewSoft
2008-10-28 21:55 . 1997-10-14 05:19 11,776 --a------ C:\WINDOWS\system32\pmsbfn32.dll
2008-10-28 21:55 . 2005-06-01 00:28 9,606 --a------ C:\WINDOWS\system32\NEWSOFT
2008-10-28 21:55 . 2008-10-28 21:55 264 --a------ C:\WINDOWS\setup.iss
2008-10-28 21:48 . 2008-10-28 21:48 <DIR> d-------- C:\Program Files\ScanSoft
2008-10-28 21:48 . 2008-10-28 21:48 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-10-28 21:48 . 2008-10-28 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-10-28 21:48 . 2008-10-28 21:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ScanSoft
2008-10-28 21:48 . 2008-10-28 21:48 412 --a------ C:\WINDOWS\MAXLINK.INI
2008-10-28 21:40 . 2008-10-28 21:40 <DIR> d-------- C:\Program Files\Common Files\CANON
2008-10-28 21:37 . 2008-10-28 21:37 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-10-28 21:37 . 2008-10-28 21:37 <DIR> d--h----- C:\Program Files\CanonBJ
2008-10-28 21:37 . 2008-10-28 21:37 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-10-28 21:37 . 2007-03-23 10:30 1,400,832 --a------ C:\WINDOWS\system32\CNC310C.DLL
2008-10-28 21:37 . 2007-04-15 23:00 215,040 --a------ C:\WINDOWS\system32\CNMLM8Z.DLL
2008-10-28 21:37 . 2007-03-19 04:39 200,704 --a------ C:\WINDOWS\system32\CNC310L.DLL
2008-10-28 21:37 . 2007-03-15 08:12 188,416 --a------ C:\WINDOWS\system32\CNC310O.DLL
2008-10-28 21:37 . 2007-04-25 13:09 151,552 --a------ C:\WINDOWS\system32\CNCF2Ld.DLL
2008-10-28 21:37 . 2007-04-25 13:02 106,496 --a------ C:\WINDOWS\system32\CNCFMSd.EXE
2008-10-28 21:37 . 2007-03-23 10:29 98,304 --a------ C:\WINDOWS\system32\CNC310I.DLL
2008-10-28 21:37 . 2007-04-25 13:06 3,584 --a------ C:\WINDOWS\system32\CNCFLdUS.DLL
2008-10-28 21:37 . 2007-04-25 13:06 3,072 --a------ C:\WINDOWS\system32\CNCFLdJP.DLL
2008-10-28 21:36 . 2008-10-28 21:59 <DIR> d-------- C:\Program Files\Canon
2008-10-28 16:15 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-10-28 16:15 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-10-28 16:15 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-10-28 16:11 . 2008-10-28 22:08 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-10-28 16:11 . 2008-10-28 16:11 <DIR> d-------- C:\Program Files\Microsoft Works
2008-10-28 16:09 . 2008-10-28 16:11 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-10-28 16:08 . 2008-10-28 16:08 <DIR> dr-h----- C:\MSOCache
2008-10-28 16:08 . 2008-10-30 08:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-28 15:08 . 2008-10-28 22:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
2008-10-28 14:37 . 2008-10-28 14:38 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-10-22 20:30 . 2008-10-22 20:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-10-22 20:23 . 2008-10-22 20:23 2,422 --a------ C:\WINDOWS\system32\wpa.bak
2008-10-20 20:17 . 2006-02-28 06:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-10-20 20:16 . 2006-02-28 06:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-10-20 20:15 . 2006-02-28 06:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-10-20 20:14 . 2006-02-28 06:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-10-20 20:14 . 2008-10-20 20:14 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-10-20 20:14 . 2008-10-20 20:14 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-10-20 20:14 . 2008-10-20 20:14 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-10-20 20:14 . 2008-10-20 20:14 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-10-20 20:14 . 2008-10-20 20:14 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-10-20 20:14 . 2008-10-20 20:14 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-13 16:01 . 2008-10-17 13:01 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-10-13 15:54 . 2008-10-13 15:54 0 --a------ C:\WINDOWS\ativpsrm.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-03 02:25 --------- d-----w C:\Program Files\Common Files\Adobe
2008-11-01 20:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-28 20:48 --------- d-----w C:\Program Files\Java
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 02:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 02:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 02:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-09-26 3660848]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 114688]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 282624]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Home"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=fffsmj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 97432]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S0 GhMon;GhostMountMonitor - Boot Phase Driver;C:\WINDOWS\system32\Drivers\ghmon.sys [ ]
S0 GhPostConfig;GhostPostConfig - Boot Phase Driver;C:\WINDOWS\system32\Drivers\ghpcw2k.sys [ ]
S2 GhPostConfig_Auto;GhostPostConfig - Auto Phase Driver;C:\WINDOWS\system32\Drivers\ghpcw2k.sys [ ]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

*Newly Created Service* - BEEP
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-11-03 C:\WINDOWS\Tasks\User_Feed_Synchronization-{25C605F0-6779-4758-83AE-E974CD9A53B3}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 10:58]
.
- - - - ORPHANS REMOVED - - - -

BHO-{017EC74A-03CE-4BA5-9883-A2027F25E383} - C:\WINDOWS\system32\qrfgxsev.dll
BHO-{05FB1D29-03CE-4BA5-9883-A2027F25E383} - C:\WINDOWS\system32\qrfgxsev.dll
BHO-{17EC74A4-03CE-4BA5-9883-A2027F25E383} - C:\WINDOWS\system32\qrfgxsev.dll
BHO-{479a15ee-a5f6-45a7-b3df-069da093789e} - C:\WINDOWS\system32\fffsmj.dll
BHO-{B227E72C-797B-442A-87D3-11543543C89B} - C:\WINDOWS\system32\khfCtTMe.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 20:45:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-11-02 20:49:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-03 02:49:22

Pre-Run: 65,536,434,176 bytes free
Post-Run: 65,672,364,032 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

292 --- E O F --- 2008-10-29 09:00:24
ivl2
Active Member
 
Posts: 2
Joined: November 1st, 2008, 1:58 pm
Top

Re: HELP!!! I can't take it any more

Unread postby km2357 » November 3rd, 2008, 1:25 am

Thanks for the ComboFix Log, I'm currently looking over it. In the meantime, can you post the CCleaner Install List and a fresh HiJackThis Log in your next post.

Thanks. :)
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3205
Joined: January 30th, 2007, 2:48 pm
Location: California
Top

Re: HELP!!! I can't take it any more

Unread postby km2357 » November 6th, 2008, 3:40 pm

ivl2? Do you still need help?
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3205
Joined: January 30th, 2007, 2:48 pm
Location: California
Top

Re: HELP!!! I can't take it any more

Unread postby NonSuch » November 8th, 2008, 5:39 pm

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Advertisement
Register to Remove
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 120 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index