Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
I have run the Hijackthis scan, Can you help me identify the Virus??? Please???
   
BullGuard Antivirus Forum > Bullguard zone > BullGuard Customers > I have run the Hijackthis scan, Can you help me identify the Virus??? Please???  
Forum Quick Jump
 
New Topic Post reply to : I have run the Hijackthis scan, Can you help me identify the Virus??? Please??? Printable version of : I have run the Hijackthis scan, Can you help me identify the Virus??? Please???
[ << Previous Thread | Next Thread >> ]

scott s
New Member


Date Joined Feb 2008
Total Posts : 11
  		   Posted 2-11-2008 9:46 (GMT +1)    Quote: I have run the Hijackthis scan, Can you help me identify the Virus??? Please???Alert an admin about: I have run the Hijackthis scan, Can you help me identify the Virus??? Please???
Logfile of HijackThis v1.99.1
Scan saved at 1:18:11 PM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\regsvr32.exe
C:\Program Files\Aeqbbygx\yjtggkhp.exe
C:\WINNT\svchost.exe
C:\WINNT\system32\wbem\csrss.exe
C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\DrvMon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\efax\HotTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINNT\system32\cisvc.exe
C:\Program Files\Common Files\efax\Dllcmd32.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\HPZipm12.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\system32\cidaemon.exe
C:\WINNT\explorer.exe
C:\Program Files\MSN\MSNCoreFiles\MSN.EXE
C:\Program Files\HijackThis 1.99.1\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {5127D8CD-9FF8-084F-790B-0526A08C1C2E} - C:\Program Files\Txyyvmbt\taordqmg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1202682846.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DSL Connection Tool] C:\Program Files\MSN\MSNIA\dslmon.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\SetConfig.exe -c Direct -p LPT1: -pn "" -n 1 -l 1033 -sl 120000
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Console] wkssvc.exe
O4 - HKLM\..\Run: [ibarqnwd] rundll32.exe "C:\Program Files\dsrirgzk\nozirufg.dll",Init
O4 - HKLM\..\Run: [kbshqzaf] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\kbshqzaf.dll"
O4 - HKLM\..\Run: [yjtggkhp] C:\Program Files\Aeqbbygx\yjtggkhp.exe
O4 - HKLM\..\Run: [svchost] C:\WINNT\svchost.exe
O4 - HKLM\..\Run: [csrss] C:\WINNT\system32\wbem\csrss.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ShutterflyStudio] C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINNT\system32\DrvMon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYIJUS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://24.213.19.82/LNetCam.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://chat2.j2.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9C3EFB8A-DC20-484B-B905-5E337A988C5D} (LNCActiveX Control) - http://24.213.19.82/LNetCam.cab
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://66.121.122.195/wg_webeye.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?314
O16 - DPF: {FF452CFC-7056-4A5D-A327-1DFEC8EDC82A} (Upload Class) - http://www.neptune.com/features/upload/ms40upld.ocx
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
 
Back to Top
 

scott s
New Member


Date Joined Feb 2008
Total Posts : 11
  		   Posted 2-11-2008 10:08 (GMT +1)    Quote: I have run the Hijackthis scan, Can you help me identify the Virus??? Please???Alert an admin about: I have run the Hijackthis scan, Can you help me identify the Virus??? Please???
Any help would be appreciated. I had to log out of the infected computer. I am getting hundreds of symantec pop ups stating that my email could not be sent. I appreciate any solution you may have. I am obviously not a tech, just know enough to be dangerous! lol Scott
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13652
  		   Posted 2-12-2008 6:50 (GMT +1)    Quote: I have run the Hijackthis scan, Can you help me identify the Virus??? Please???Alert an admin about: I have run the Hijackthis scan, Can you help me identify the Virus??? Please???
Hello smile
 
 
Please download Combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 
and save to the desktop.
Important-> Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".


Close all other browser windows.
 
 
 
 
 
Go to start --> run and copy/paste in the following:

"%userprofile%\desktop\combofix.exe" /killall

 
 When finished, it will produce a logfile located at C:\ComboFix.txt.

Post the contents of that log in your next reply with a new hijackthis log.

Note:
Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Do NOT post your problem in someone elses thread.

Back to Top
 

scott s
New Member


Date Joined Feb 2008
Total Posts : 11
  		   Posted 2-12-2008 5:12 (GMT +1)    Quote: I have run the Hijackthis scan, Can you help me identify the Virus??? Please???Alert an admin about: I have run the Hijackthis scan, Can you help me identify the Virus??? Please???
Thank you Forum Moderator! I ran the ComboFix program and this is the report generated. I appreciate your help. That is a great program. SS
 
ComboFix 08-02-12.3 - Owner 2008-02-12  8:45:14.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.602 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
 * Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\MyWebSearch\bar\4.bin\F3HTMLMU.DLL
C:\Autorun.inf
C:\Documents and Settings\All Users\Application Data.\kbshqzaf.dll
C:\Documents and Settings\Owner\Local Settings\Application Data\n.ini
C:\Program Files\dsrirgzk
C:\Program Files\dsrirgzk\nozirufg.dll
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\PopSwatr\History\allowed
C:\Program Files\FunWebProducts\PopSwatr\History\notallow
C:\Program Files\FunWebProducts\ScreenSaver\Images\[u]0[/u]6F6C141.urr
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\MyWay
C:\Program Files\MyWay\myBar\1.bin\MYLOGO.GIF
C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS
C:\Program Files\MyWay\myBar\1.bin\PARTNER.DAT
C:\Program Files\MyWay\myBar\Cache\[u]0[/u]000FC90
C:\Program Files\MyWay\myBar\Cache\[u]0[/u]415EC0A.bmp
C:\Program Files\MyWay\myBar\Cache\[u]0[/u]415EED9.bmp
C:\Program Files\MyWay\myBar\Cache\[u]0[/u]415F198.bmp
C:\Program Files\MyWay\myBar\Cache\[u]0[/u]564B5EA
C:\Program Files\MyWay\myBar\History\search
C:\Program Files\MyWebSearch\bar\4.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\4.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\4.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\4.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\4.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\4.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\4.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\4.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\4.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]2B1B0AB
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]2B1B56E
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]8431ACC.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]8431CC0.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]8431DD9.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]8431FBD.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]84326B2
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]8432D79.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]8432F0F.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]8433067.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]84331AF.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]8433355.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]84334BC.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]84335F5.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]843371E.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]AB4D050
C:\Program Files\MyWebSearch\bar\Cache\159ED442.bin
C:\Program Files\MyWebSearch\bar\Cache\159ED740.bin
C:\Program Files\MyWebSearch\bar\Cache\159ED924.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_bfeats.dat
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak
C:\Program Files\MyWebSearch\bar\Settings\settings.htm.bak
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\SSSInst\bin\iebyterange.xml
C:\Program Files\screensavers.com\SSSInst\bin\iebyterange.xml.backup
C:\Program Files\screensavers.com\SSSInst\bin\SSSUninst.exe
C:\Program Files\screensavers.com\Wallpaper\Finishing Touches.jpg
C:\Program Files\screensavers.com\Wallpaper\Hersheys Snowman.jpg
C:\Program Files\screensavers.com\Wallpaper\Private Beach.jpg
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\Program Files\Txyyvmbt
C:\Program Files\Txyyvmbt\taordqmg.dll
C:\setup.exe
C:\WINNT\system32\k.dat
C:\WINNT\system32\n2.ini
C:\Program Files\MyWebSearch
.
(((((((((((((((((((((((((   Files Created from 2008-01-12 to 2008-02-12  )))))))))))))))))))))))))))))))
.
2008-02-11 18:07 . 2008-02-11 18:07 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-02-11 18:07 . 2007-12-10 14:53 218,504 --a------ C:\WINNT\system32\drivers\pctfw2.sys
2008-02-11 18:07 . 2007-12-10 14:53 81,288 --a------ C:\WINNT\system32\drivers\iksyssec.sys
2008-02-11 18:07 . 2007-12-10 14:53 66,952 --a------ C:\WINNT\system32\drivers\iksysflt.sys
2008-02-11 18:07 . 2007-12-10 14:53 41,864 --a------ C:\WINNT\system32\drivers\ikfilesec.sys
2008-02-11 18:07 . 2007-12-10 14:53 29,576 --a------ C:\WINNT\system32\drivers\kcom.sys
2008-02-11 18:06 . 2008-02-12 08:43 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-11 18:06 . 2008-02-11 18:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2008-02-11 18:06 . 2008-02-11 18:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-02-11 13:17 . 2008-02-12 07:44 <DIR> d-------- C:\Program Files\HijackThis 1.99.1
2008-02-11 10:36 . 2008-02-11 10:36 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-02-10 22:22 . 2008-02-10 22:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
2008-02-10 22:22 . 2008-02-10 22:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MSN6
2008-02-10 19:55 . 2003-05-19 11:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-02-10 19:55 . 2003-05-19 11:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-02-10 19:55 . 2007-11-20 11:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-02-10 15:35 . 2008-02-10 15:35 <DIR> d-------- C:\WINNT\phvdvvtm
2008-02-10 15:35 . 2008-02-10 15:35 <DIR> d-------- C:\Program Files\Aeqbbygx
2008-02-10 15:35 . 2008-02-10 15:35 221,184 --a------ C:\WINNT\system32\osqznsmOkZ.dll
2008-02-10 15:34 . 2008-02-10 15:34 1 --a------ C:\WINNT\system32\rc.dat
2008-02-10 15:34 . 2008-02-10 15:34 1 --a------ C:\WINNT\system32\ps1.dat
2008-02-10 15:34 . 2008-02-10 15:34 1 --a------ C:\WINNT\system32\cs.dat
2008-02-10 15:33 . 2008-02-10 15:33 54,764 --a------ C:\WINNT\system32\4fdw.dll
2008-02-10 15:33 . 2008-02-10 15:33 33,280 --a------ C:\momt.exe~
2008-01-21 12:22 . 2008-01-21 12:22 <DIR> d-------- C:\Program Files\YouSendIt
2008-01-21 12:22 . 2008-01-21 12:22 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\YouSendIt
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 15:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-12 15:42 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSN6
2008-02-12 14:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-12 14:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-12 13:10 --------- d-----w C:\Program Files\MSN Messenger
2008-02-12 02:52 --------- d-----w C:\Program Files\Norton AntiVirus
2008-02-11 18:06 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec
2008-01-25 06:15 --------- d-----w C:\Program Files\LimeWire
2008-01-25 05:56 --------- d-----w C:\Program Files\Java
2008-01-21 19:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-15 16:54 10,537 ----a-w C:\WINNT\system32\drivers\COH_Mon.cat
2008-01-15 12:28 706 ----a-w C:\WINNT\system32\drivers\COH_Mon.inf
2008-01-13 01:32 23,904 ----a-w C:\WINNT\system32\drivers\COH_Mon.sys
2008-01-07 04:13 --------- d-----w C:\Program Files\Picasa2
2007-12-21 18:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\Snapfish
2007-10-11 02:29 94,704 -c--a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2005-04-26 03:36 533 ----a-w C:\Program Files\Shortcut (2) to Windows Media Player.lnk
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 17:15 68856]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53 73840]
"DrvMon.exe"="C:\WINNT\system32\DrvMon.exe" [2006-06-14 21:11 53248]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 14:18 443968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-10-03 16:50 684032]
"DSL Connection Tool"="C:\Program Files\MSN\MSNIA\dslmon.exe" [2002-10-26 13:43 110592]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 21:36 50688]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-11-22 14:43 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2005-02-03 18:38 1851392]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53 73840]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45 257088]
"yjtggkhp"="C:\Program Files\Aeqbbygx\yjtggkhp.exe" [2008-02-10 15:35 60928]
"RegistryMechanic"="" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2005-07-06 18:38:19 82026]
eFax.com Tray Menu.lnk - C:\Program Files\Common Files\efax\HotTray.exe [2003-05-31 14:31:00 27136]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]
Live Menu.lnk - C:\Program Files\Common Files\efax\Dllcmd32.exe [2003-05-31 14:30:59 32768]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
R1 pctfw2;pctfw2;C:\WINNT\system32\drivers\pctfw2.sys [2007-12-10 14:53]
R1 RCFOX;SonicWALL IPsec Driver;C:\WINNT\system32\Drivers\RCFOX.sys [2004-07-27 11:50]
R3 rcvpn;SonicWALL VPN Adapter;C:\WINNT\system32\DRIVERS\rcvpn.sys [2003-08-20 14:01]
S2 OlCamudp;OLYMPUS Digital Camera;C:\WINNT\system32\Drivers\olcamudp.sys [2000-02-08 01:55]
S3 PCDRDRV;Pcdr Helper Driver;C:\Atf\Qctest\PCDoc\PCDRDRV.sys []
S3 Symantec RemoteAssist;Symantec RemoteAssist;"C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe" [2008-01-29 16:09]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e07ac897-333a-11dc-987c-006073e49c76}]
\Shell\AutoRun\command - F:\Loaderw.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-02-07 17:39:03 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-12 15:44:01 C:\WINNT\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 08:49:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINNT\system32\wdfmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\HPZipm12.exe
.
**************************************************************************
.
Completion time: 2008-02-12  8:51:30 - machine was rebooted
ComboFix-quarantined-files.txt  2008-02-12 15:51:27
.
2008-01-09 13:40:21 --- E O F --- 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13652
  		   Posted 2-13-2008 9:08 (GMT +1)    Quote: I have run the Hijackthis scan, Can you help me identify the Virus??? Please???Alert an admin about: I have run the Hijackthis scan, Can you help me identify the Virus??? Please???
Open notepad and copy/paste the text in the quote box below into it:
Quote:
-----------------------------------------------------
KILLALL::
 
Snapshot::

File::
C:\WINNT\system32\osqznsmOkZ.dll
C:\momt.exe~
 
Folder::
C:\WINNT\phvdvvtm
C:\Program Files\Aeqbbygx
C:\Program Files\LimeWire
 
 
----------------------------------------------
 
Save this as CFScript.txt
 
http://www.fromsej.saknet.dk/billeder/cfscript.gif
 
Referring to the picture above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system.
It may reboot your system when it finishes. This is normal.
 
 
Post new hijackthis log along with fresh combofix log
 

Do NOT post your problem in someone elses thread.

Back to Top
 

scott s
New Member


Date Joined Feb 2008
Total Posts : 11
  		   Posted 2-13-2008 4:30 (GMT +1)    Quote: I have run the Hijackthis scan, Can you help me identify the Virus??? Please???Alert an admin about: I have run the Hijackthis scan, Can you help me identify the Virus??? Please???
Ok, Again thanks for your help. Here is the fresh Combofix log. Also, it may just be a MSN problem but my internet is very slow. I will keep my eye on it! Scott
 
ComboFix 08-02-12.3 - Owner 2008-02-13  8:04:20.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.637 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
 * Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE
C:\momt.exe~
C:\WINNT\system32\osqznsmOkZ.dll
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\momt.exe~
C:\Program Files\Aeqbbygx
C:\Program Files\Aeqbbygx\yjtggkhp.exe
C:\Program Files\LimeWire
C:\Program Files\LimeWire\COPYING
C:\Program Files\LimeWire\data.ser
C:\Program Files\LimeWire\Green Day.m3u
C:\Program Files\LimeWire\hs_err_pid2988.log
C:\Program Files\LimeWire\inspection.props
C:\Program Files\LimeWire\install.log
C:\Program Files\LimeWire\language.prop
C:\Program Files\LimeWire\lib\aopalliance.jar
C:\Program Files\LimeWire\lib\clink.jar
C:\Program Files\LimeWire\lib\commons-httpclient.jar
C:\Program Files\LimeWire\lib\commons-logging.jar
C:\Program Files\LimeWire\lib\commons-net.jar
C:\Program Files\LimeWire\lib\commons-pool.jar
C:\Program Files\LimeWire\lib\daap.jar
C:\Program Files\LimeWire\lib\forms.jar
C:\Program Files\LimeWire\lib\foxtrot.jar
C:\Program Files\LimeWire\lib\gettext-commons.jar
C:\Program Files\LimeWire\lib\guice-1.0.jar
C:\Program Files\LimeWire\lib\hashes
C:\Program Files\LimeWire\lib\httpcore-nio.jar
C:\Program Files\LimeWire\lib\httpcore.jar
C:\Program Files\LimeWire\lib\icu4j.jar
C:\Program Files\LimeWire\lib\id3v2.jar
C:\Program Files\LimeWire\lib\jcraft.jar
C:\Program Files\LimeWire\lib\jdic.dll
C:\Program Files\LimeWire\lib\jdic.jar
C:\Program Files\LimeWire\lib\jdic_stub.jar
C:\Program Files\LimeWire\lib\jflac.jar
C:\Program Files\LimeWire\lib\jl.jar
C:\Program Files\LimeWire\lib\jmdns.jar
C:\Program Files\LimeWire\lib\jogg.jar
C:\Program Files\LimeWire\lib\jorbis.jar
C:\Program Files\LimeWire\lib\LimeWire.ico
C:\Program Files\LimeWire\lib\LimeWire.jar
C:\Program Files\LimeWire\lib\log4j.jar
C:\Program Files\LimeWire\lib\log4j.properties
C:\Program Files\LimeWire\lib\looks.jar
C:\Program Files\LimeWire\lib\messages.jar
C:\Program Files\LimeWire\lib\mp3spi.jar
C:\Program Files\LimeWire\lib\ProgressTabs.jar
C:\Program Files\LimeWire\lib\swt.jar
C:\Program Files\LimeWire\lib\SystemUtilities.dll
C:\Program Files\LimeWire\lib\SystemUtilitiesA.dll
C:\Program Files\LimeWire\lib\themes.jar
C:\Program Files\LimeWire\lib\tray.dll
C:\Program Files\LimeWire\lib\tritonus.jar
C:\Program Files\LimeWire\lib\vorbisspi.jar
C:\Program Files\LimeWire\LimeWire On Startup.lnk
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\LimeWire\LimeWire.ico
C:\Program Files\LimeWire\pmf.ico
C:\Program Files\LimeWire\root\magnet10\badge.img
C:\Program Files\LimeWire\root\magnet10\canHandle.img
C:\Program Files\LimeWire\root\magnet10\limewire.gif
C:\Program Files\LimeWire\root\magnet10\options.js
C:\Program Files\LimeWire\root\magnet10\silentdetect.js
C:\Program Files\LimeWire\SOURCE
C:\Program Files\LimeWire\spacer.gif
C:\Program Files\LimeWire\Thumbs.db
C:\Program Files\LimeWire\uninstall.exe
C:\WINNT\phvdvvtm
C:\WINNT\phvdvvtm\1.png
C:\WINNT\phvdvvtm\2.png
C:\WINNT\phvdvvtm\3.png
C:\WINNT\phvdvvtm\4.png
C:\WINNT\phvdvvtm\5.png
C:\WINNT\phvdvvtm\6.png
C:\WINNT\phvdvvtm\bottom-rc.gif
C:\WINNT\phvdvvtm\content.png
C:\WINNT\phvdvvtm\download.gif
C:\WINNT\phvdvvtm\frame-bottom-left.gif
C:\WINNT\phvdvvtm\frame-h1bg.gif
C:\WINNT\phvdvvtm\head.png
C:\WINNT\phvdvvtm\indexsc.html
C:\WINNT\phvdvvtm\indexsd.html
C:\WINNT\phvdvvtm\main.css
C:\WINNT\phvdvvtm\net.png
C:\WINNT\phvdvvtm\pc-mag.gif
C:\WINNT\phvdvvtm\pc.gif
C:\WINNT\phvdvvtm\poloska1.png
C:\WINNT\phvdvvtm\poloska2.png
C:\WINNT\phvdvvtm\poloska3.png
C:\WINNT\phvdvvtm\promosc1.html
C:\WINNT\phvdvvtm\promosc2.html
C:\WINNT\phvdvvtm\promosc3.html
C:\WINNT\phvdvvtm\promosc4.html
C:\WINNT\phvdvvtm\promosc5.html
C:\WINNT\phvdvvtm\promosd1.html
C:\WINNT\phvdvvtm\promosd2.html
C:\WINNT\phvdvvtm\promosd3.html
C:\WINNT\phvdvvtm\promosd4.html
C:\WINNT\phvdvvtm\promosd5.html
C:\WINNT\phvdvvtm\reg.png
C:\WINNT\phvdvvtm\repair.png
C:\WINNT\phvdvvtm\scr-1.png
C:\WINNT\phvdvvtm\scr-2.png
C:\WINNT\phvdvvtm\scr-3.png
C:\WINNT\phvdvvtm\scr-4.png
C:\WINNT\phvdvvtm\styles.css
C:\WINNT\phvdvvtm\top-rc.gif
C:\WINNT\phvdvvtm\vline.gif
C:\WINNT\system32\osqznsmOkZ.dll
.
(((((((((((((((((((((((((   Files Created from 2008-01-13 to 2008-02-13  )))))))))))))))))))))))))))))))
.
2008-02-11 18:07 . 2008-02-11 18:07 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-02-11 18:07 . 2007-12-10 14:53 218,504 --a------ C:\WINNT\system32\drivers\pctfw2.sys
2008-02-11 18:07 . 2007-12-10 14:53 81,288 --a------ C:\WINNT\system32\drivers\iksyssec.sys
2008-02-11 18:07 . 2007-12-10 14:53 66,952 --a------ C:\WINNT\system32\drivers\iksysflt.sys
2008-02-11 18:07 . 2007-12-10 14:53 41,864 --a------ C:\WINNT\system32\drivers\ikfilesec.sys
2008-02-11 18:07 . 2007-12-10 14:53 29,576 --a------ C:\WINNT\system32\drivers\kcom.sys
2008-02-11 18:06 . 2008-02-12 13:22 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-11 18:06 . 2008-02-11 18:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2008-02-11 18:06 . 2008-02-11 18:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-02-11 13:17 . 2008-02-13 07:56 <DIR> d-------- C:\Program Files\HijackThis 1.99.1
2008-02-11 10:36 . 2008-02-11 10:36 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-02-10 22:22 . 2008-02-10 22:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
2008-02-10 22:22 . 2008-02-10 22:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MSN6
2008-02-10 19:55 . 2003-05-19 11:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-02-10 19:55 . 2003-05-19 11:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-02-10 19:55 . 2007-11-20 11:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-02-10 15:34 . 2008-02-10 15:34 1 --a------ C:\WINNT\system32\rc.dat
2008-02-10 15:34 . 2008-02-10 15:34 1 --a------ C:\WINNT\system32\ps1.dat
2008-02-10 15:34 . 2008-02-10 15:34 1 --a------ C:\WINNT\system32\cs.dat
2008-02-10 15:33 . 2008-02-10 15:33 54,764 --a------ C:\WINNT\system32\4fdw.dll
2008-01-21 12:22 . 2008-01-21 12:22 <DIR> d-------- C:\Program Files\YouSendIt
2008-01-21 12:22 . 2008-01-21 12:22 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\YouSendIt
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 15:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-12 16:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSN6
2008-02-12 14:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-12 14:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-12 13:10 --------- d-----w C:\Program Files\MSN Messenger
2008-02-12 02:52 --------- d-----w C:\Program Files\Norton AntiVirus
2008-02-11 18:06 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec
2008-01-25 05:56 --------- d-----w C:\Program Files\Java
2008-01-21 19:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-15 16:54 10,537 ----a-w C:\WINNT\system32\drivers\COH_Mon.cat
2008-01-15 12:28 706 ----a-w C:\WINNT\system32\drivers\COH_Mon.inf
2008-01-13 01:32 23,904 ----a-w C:\WINNT\system32\drivers\COH_Mon.sys
2008-01-07 04:13 --------- d-----w C:\Program Files\Picasa2
2007-12-21 18:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\Snapfish
2007-10-11 02:29 94,704 -c--a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2005-04-26 03:36 533 ----a-w C:\Program Files\Shortcut (2) to Windows Media Player.lnk
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 17:15 68856]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53 73840]
"DrvMon.exe"="C:\WINNT\system32\DrvMon.exe" [2006-06-14 21:11 53248]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 14:18 443968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-10-03 16:50 684032]
"DSL Connection Tool"="C:\Program Files\MSN\MSNIA\dslmon.exe" [2002-10-26 13:43 110592]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 21:36 50688]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-11-22 14:43 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2005-02-03 18:38 1851392]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53 73840]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45 257088]
"yjtggkhp"="C:\Program Files\Aeqbbygx\yjtggkhp.exe" [ ]
"RegistryMechanic"="" []
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2005-07-06 18:38:19 82026]
eFax.com Tray Menu.lnk - C:\Program Files\Common Files\efax\HotTray.exe [2003-05-31 14:31:00 27136]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]
Live Menu.lnk - C:\Program Files\Common Files\efax\Dllcmd32.exe [2003-05-31 14:30:59 32768]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
R1 pctfw2;pctfw2;C:\WINNT\system32\drivers\pctfw2.sys [2007-12-10 14:53]
R1 RCFOX;SonicWALL IPsec Driver;C:\WINNT\system32\Drivers\RCFOX.sys [2004-07-27 11:50]
R3 rcvpn;SonicWALL VPN Adapter;C:\WINNT\system32\DRIVERS\rcvpn.sys [2003-08-20 14:01]
S2 OlCamudp;OLYMPUS Digital Camera;C:\WINNT\system32\Drivers\olcamudp.sys [2000-02-08 01:55]
S3 PCDRDRV;Pcdr Helper Driver;C:\Atf\Qctest\PCDoc\PCDRDRV.sys []
S3 Symantec RemoteAssist;Symantec RemoteAssist;"C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe" [2008-01-29 16:09]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e07ac897-333a-11dc-987c-006073e49c76}]
\Shell\AutoRun\command - F:\Loaderw.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-02-07 17:39:03 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-13 14:44:00 C:\WINNT\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 08:10:41
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINNT\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\HPZipm12.exe
.
**************************************************************************
.
Completion time: 2008-02-13  8:14:07 - machine was rebooted
ComboFix-quarantined-files.txt  2008-02-13 15:13:59
ComboFix2.txt  2008-02-12 15:51:30
.
2008-01-09 13:40:21 --- E O F --- 
Back to Top
 

scott s
New Member


Date Joined Feb 2008
Total Posts : 11
  		   Posted 2-13-2008 4:41 (GMT +1)    Quote: I have run the Hijackthis scan, Can you help me identify the Virus??? Please???Alert an admin about: I have run the Hijackthis scan, Can you help me identify the Virus??? Please???
Here is the new Hijackthis logfile. Let me know what you think!! Take care! Scott
 
Logfile of HijackThis v1.99.1
Scan saved at 8:35:48 AM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINNT\system32\DrvMon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\efax\HotTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\efax\Dllcmd32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\HPZipm12.exe
C:\WINNT\System32\alg.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\MSN\MSNCoreFiles\MSN.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HijackThis 1.99.1\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DSL Connection Tool] C:\Program Files\MSN\MSNIA\dslmon.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [yjtggkhp] C:\Program Files\Aeqbbygx\yjtggkhp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINNT\system32\DrvMon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYIJUS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://24.213.19.82/LNetCam.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://chat2.j2.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9C3EFB8A-DC20-484B-B905-5E337A988C5D} (LNCActiveX Control) - http://24.213.19.82/LNetCam.cab
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://66.121.122.195/wg_webeye.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?314
O16 - DPF: {FF452CFC-7056-4A5D-A327-1DFEC8EDC82A} (Upload Class) - http://www.neptune.com/features/upload/ms40upld.ocx
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
 
Back to Top
 

scott s
New Member


Date Joined Feb 2008
Total Posts : 11
  		   Posted 2-13-2008 5:04 (GMT +1)    Quote: I have run the Hijackthis scan, Can you help me identify the Virus??? Please???Alert an admin about: I have run the Hijackthis scan, Can you help me identify the Virus??? Please???
I ran Spyware Doctor again and it listed and removed the following threats:
 
Trojan-PWS.Tanspy
Application.Nircmd
Trojan.Generic
Adware.IEPlugin
 
Scott
Back to Top
 

scott s
New Member


Date Joined Feb 2008
Total Posts : 11
  		   Posted 2-13-2008 5:14 (GMT +1)    Quote: I have run the Hijackthis scan, Can you help me identify the Virus??? Please???Alert an admin about: I have run the Hijackthis scan, Can you help me identify the Virus??? Please???
I also have Registry Mechanic installed. I ran it and it found 64 problems it wanted to fix. I did not change anything at this point.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13652
  		   Posted 2-14-2008 9:57 (GMT +1)    Quote: I have run the Hijackthis scan, Can you help me identify the Virus??? Please???Alert an admin about: I have run the Hijackthis scan, Can you help me identify the Virus??? Please???
Ok. Let´s see if the below scanner find the infections as well -
 
Please download Malwarebytes' Anti-Malware to your desktop.
 
Double-click mbam-setup.exe and follow the prompts to install the program.
                     
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch

Malwarebytes' Anti-Malware, then click Finish.
                     
If an update is found, it will download and install the latest version.
                     
Once the program has loaded, select Perform full scan, then click Scan.
                     
When the scan is complete, click OK, then Show Results to view the results.
 
Be sure that everything is checked, and click Remove Selected.
 
When completed, a log will open in Notepad. Please save it to a convenient location.
 
Copy and Paste that log into your next reply.

Do NOT post your problem in someone elses thread.

Back to Top
 

scott s
New Member


Date Joined Feb 2008
Total Posts : 11
  		   Posted 2-15-2008 3:03 (GMT +1)    Quote: I have run the Hijackthis scan, Can you help me identify the Virus??? Please???Alert an admin about: I have run the Hijackthis scan, Can you help me identify the Virus??? Please???
I ran the Malware program and had 92 infected items. Not all the items could be removed, here is the log. Thanks again. Scott
 
Malwarebytes' Anti-Malware 1.03
Database version: 361
Scan type: Quick Scan
Objects scanned: 37352
Time elapsed: 8 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 92
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.CouponBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.CouponBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.